VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Ondra (administrator) on ONDRA-HP (31-10-2015 20:13:41)
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra (Available Profiles: Ondra & Marketa & kpo_postgres)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Apache Software Foundation) C:\Program Files (x86)\KPO\server\apache\bin\httpd.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Apache Software Foundation) C:\Program Files (x86)\KPO\server\apache\bin\httpd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-19] (IDT, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-03] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [Alcmeter] => C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe [1171592 2015-03-13] (Microsoft Corporation) <===== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7676224 2014-11-26] (OrdinarySoft)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-02] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2015-08-16]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{8C21B61D-2276-4AAF-9251-03B047169399}: [DhcpNameServer] 212.71.150.16 82.209.19.226
Tcpip\..\Interfaces\{DFC0DB60-8F40-4FF7-B397-2F1A905C18AB}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-08] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-02] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-02] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-914903147-3168280860-3041313594-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://10.10.1.30/AVC_AX_742.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\wpav75s5.default-1401447917978
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-05-20] ()
FF Plugin HKU\S-1-5-21-914903147-3168280860-3041313594-1002: hp.com/HPDetect -> C:\Users\Ondra\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Extension: Xmarks - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\wpav75s5.default-1401447917978\Extensions\foxmarks@kei.com [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-02] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-01]
CHR Extension: (YouTube) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-21]
CHR Extension: (Avast SafePrice) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-01]
CHR Extension: (Avast Online Security) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-01]
CHR Extension: (Hangouts) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-09-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]
CHR Extension: (Gmail) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR HKU\S-1-5-21-914903147-3168280860-3041313594-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ondra\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-06-25]
CHR HKU\S-1-5-21-914903147-3168280860-3041313594-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-02] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-19] (Intel Corporation)
R2 KPO_Apache; C:\Program Files (x86)\KPO\server\apache\bin\httpd.exe [12288 2014-04-16] (Apache Software Foundation) [File not signed]
S2 KPO_PostgreSQL; C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\pg_ctl.exe [65536 2014-04-16] (PostgreSQL Global Development Group) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-06-19] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37088 2014-08-05] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-02] (AVAST Software)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [16280 2012-10-24] (SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [15256 2012-10-24] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [24984 2012-10-24] (SMART Technologies ULC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-06-19] (Sunplus)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 IT9135BDA; \SystemRoot\System32\Drivers\IT9135BDA.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 20:13 - 2015-10-31 20:14 - 00022930 _____ C:\Users\Ondra\Desktop\FRST.txt
2015-10-31 20:13 - 2015-10-31 20:13 - 00000000 ____D C:\FRST
2015-10-31 20:11 - 2015-10-31 20:12 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2015-10-31 20:11 - 2015-10-31 20:11 - 02198016 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2015-10-31 20:05 - 2015-10-31 20:05 - 00000000 ___RD C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-31 20:01 - 2015-10-31 20:01 - 00284800 _____ C:\WINDOWS\Minidump\103115-22187-01.dmp
2015-10-31 16:48 - 2015-10-31 16:51 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Opera Software
2015-10-31 16:48 - 2015-10-31 16:51 - 00000000 ____D C:\Users\Ondra\AppData\Local\Opera Software
2015-10-31 16:45 - 2015-10-31 17:23 - 00000000 ____D C:\Program Files\Office 2016 KMS Activator Ultimate v1.0
2015-10-30 12:59 - 2015-10-30 12:59 - 00764600 _____ C:\WINDOWS\Minidump\103015-24859-01.dmp
2015-10-30 11:17 - 2015-10-30 11:17 - 00791168 _____ C:\WINDOWS\Minidump\103015-29484-01.dmp
2015-10-29 22:06 - 2015-10-31 08:46 - 00000000 ____D C:\Users\Ondra\Downloads\COP 2015
2015-10-27 20:33 - 2015-10-27 20:33 - 00216576 _____ C:\Users\Ondra\Desktop\Lasáková_JIHLAVA_nabídka_2015.xls
2015-10-20 11:00 - 2015-10-20 11:00 - 00694184 _____ C:\WINDOWS\Minidump\102015-28484-01.dmp
2015-10-17 16:55 - 2015-10-17 16:55 - 00015798 _____ C:\Users\Ondra\Downloads\polička.jpeg
2015-10-17 15:17 - 2015-10-20 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 09:47 - 2015-10-31 20:01 - 748240147 _____ C:\WINDOWS\MEMORY.DMP
2015-10-16 09:47 - 2015-10-16 09:47 - 00896640 _____ C:\WINDOWS\Minidump\101615-24250-01.dmp
2015-10-14 19:19 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-14 19:19 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 15:43 - 2015-10-14 15:43 - 00017211 _____ C:\Users\Ondra\AppData\Local\recently-used.xbel
2015-10-14 08:13 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 08:13 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 08:13 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 08:13 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 08:13 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 08:13 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 08:13 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 08:12 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 08:12 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 08:12 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 08:12 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 08:12 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 08:12 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 08:12 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 08:12 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 08:12 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 08:12 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 08:12 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 08:12 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 08:12 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 08:12 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 08:12 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 08:11 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 08:11 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 08:11 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 08:11 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 08:11 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 08:11 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 08:11 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 08:11 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 08:11 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 08:11 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 08:11 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 08:11 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 08:11 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 08:11 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 08:11 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 08:11 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 08:11 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 08:11 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 08:11 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 08:11 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 08:11 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 08:11 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 08:11 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 08:11 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 08:11 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 08:11 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 08:11 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 08:11 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 08:11 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 08:11 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 08:11 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 08:11 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 08:11 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 08:11 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 08:11 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 08:11 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 08:11 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 08:11 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 08:11 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 08:11 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 08:11 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 08:11 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 08:11 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 08:11 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 08:11 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 08:11 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 08:11 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 08:11 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:11 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-11 16:18 - 2015-10-11 16:18 - 00000000 ____D C:\Users\Ondra\Documents\Any Video Converter
2015-10-11 16:18 - 2015-10-11 16:18 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\MPC-HC
2015-10-11 07:38 - 2015-10-20 11:00 - 00012578 _____ C:\WINDOWS\PFRO.log
2015-10-04 11:05 - 2015-10-04 11:05 - 00000000 ____D C:\Users\Ondra\Documents\Bluetooth Folder
2015-10-02 19:58 - 2015-10-02 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-10-02 19:54 - 2015-10-02 20:04 - 00000000 ____D C:\xampp
2015-10-02 19:53 - 2015-10-02 19:53 - 00000000 ____D C:\Program Files (x86)\Nová složka
2015-10-02 16:21 - 2015-10-31 20:01 - 00006268 _____ C:\WINDOWS\setupact.log
2015-10-02 16:21 - 2015-10-02 16:21 - 00000000 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 20:11 - 2015-06-21 07:45 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 20:10 - 2012-12-30 10:32 - 00000000 ____D C:\Users\Ondra\Documents\Emaily
2015-10-31 20:08 - 2015-08-16 19:29 - 01678687 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-31 20:04 - 2015-06-25 20:35 - 00000000 ___RD C:\Users\Ondra\Documents\GoogleDrive
2015-10-31 20:03 - 2015-06-21 07:45 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 20:02 - 2015-03-13 21:41 - 00000000 ____D C:\Users\Ondra
2015-10-31 20:02 - 2015-03-13 21:41 - 00000000 ____D C:\Users\kpo_postgres
2015-10-31 20:01 - 2015-03-27 18:16 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-31 20:01 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-31 19:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-31 19:47 - 2014-11-21 05:53 - 01934988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 19:47 - 2014-11-21 05:10 - 00802206 _____ C:\WINDOWS\system32\perfh005.dat
2015-10-31 19:47 - 2014-11-21 05:10 - 00183700 _____ C:\WINDOWS\system32\perfc005.dat
2015-10-31 18:35 - 2012-12-27 10:09 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-10-31 17:26 - 2014-02-02 19:27 - 00000000 ____D C:\Program Files (x86)\All Free DVD to AVI Converter
2015-10-31 17:23 - 2015-04-11 21:08 - 00000000 ____D C:\Program Files\Office 2013 KMS Activator Ultimate v1.4
2015-10-31 17:01 - 2012-12-27 10:09 - 00000292 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-10-31 16:58 - 2013-01-02 17:44 - 00000000 ____D C:\Program Files\Start Menu X
2015-10-31 16:57 - 2015-01-25 12:07 - 00000000 ____D C:\Program Files\KMSnano Final
2015-10-31 16:57 - 2012-09-23 00:46 - 00000000 ____D C:\Program Files\IDT
2015-10-31 16:56 - 2012-12-25 17:59 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-914903147-3168280860-3041313594-1002
2015-10-31 16:55 - 2015-08-16 19:04 - 00000000 ____D C:\Program Files\CCleaner
2015-10-31 16:55 - 2015-04-14 10:15 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-31 16:55 - 2015-03-15 20:29 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-31 16:55 - 2013-12-19 09:05 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-10-31 16:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-31 16:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-31 16:54 - 2015-07-10 17:25 - 00000000 ___HD C:\$Windows.~BT
2015-10-31 16:53 - 2015-01-25 08:09 - 00000296 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ondra.job
2015-10-31 16:49 - 2015-01-25 08:09 - 00002396 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Ondra
2015-10-31 16:31 - 2013-01-11 17:50 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-31 16:29 - 2015-08-16 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-31 16:29 - 2012-12-25 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-31 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-31 07:45 - 2014-12-26 21:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-31 07:38 - 2015-01-25 08:09 - 00000000 ____D C:\ProgramData\ProductData
2015-10-30 10:23 - 2012-12-25 17:52 - 00000000 ____D C:\Users\Ondra\AppData\Local\Packages
2015-10-29 21:16 - 2015-07-17 21:24 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-27 19:42 - 2012-12-25 18:00 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-25 22:42 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-25 09:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-23 15:54 - 2013-11-17 08:04 - 00003164 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForOndra
2015-10-23 15:54 - 2013-11-17 08:04 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForOndra.job
2015-10-22 08:13 - 2015-06-25 20:21 - 00002060 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-22 08:13 - 2015-06-25 20:21 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-22 08:13 - 2015-06-25 20:21 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-22 08:13 - 2015-06-25 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-20 18:39 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-17 13:31 - 2013-01-11 17:50 - 00003802 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-16 05:51 - 2014-11-21 13:21 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2014-11-21 13:21 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 11:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 10:14 - 2014-11-21 13:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 10:13 - 2015-04-17 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 10:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-14 21:16 - 2015-06-21 23:06 - 00000000 ____D C:\Users\Ondra\Documents\web
2015-10-14 15:47 - 2013-12-04 20:17 - 00000000 ____D C:\Users\Ondra\.gimp-2.8
2015-10-14 14:54 - 2015-09-29 11:37 - 00000000 ____D C:\Users\Ondra\Documents\Vlastní šablony Office
2015-10-14 10:46 - 2014-12-29 14:28 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-14 10:46 - 2013-03-21 14:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 10:18 - 2013-07-23 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 10:12 - 2012-12-25 11:30 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-11 19:27 - 2012-12-27 14:33 - 00000000 ____D C:\Users\Ondra\AppData\Local\GHISLER
2015-10-11 16:18 - 2015-08-16 19:17 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Anvsoft
2015-10-11 15:24 - 2013-10-08 19:58 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\vlc
2015-10-11 13:17 - 2013-10-08 19:57 - 00001084 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-11 13:17 - 2013-10-08 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-11 07:49 - 2015-04-07 20:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-11 07:35 - 2015-04-07 20:05 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-08 13:45 - 2015-01-26 14:56 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\TeamViewer
2015-10-08 11:00 - 2013-03-30 14:59 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\dvdcss
2015-10-03 16:21 - 2015-08-21 21:37 - 00007680 _____ C:\Users\Ondra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-02 17:04 - 2014-11-08 11:22 - 00700543 _____ C:\zk.xml
2015-10-02 11:25 - 2013-11-27 09:51 - 00000000 ____D C:\Users\Ondra\AppData\Local\gtk-2.0
2015-10-01 15:59 - 2015-07-09 12:35 - 00003794 _____ C:\WINDOWS\System32\Tasks\klcp_update

==================== Files in the root of some directories =======

2015-03-13 21:01 - 2015-03-13 21:01 - 0000785 _____ () C:\Program Files\HOW TO DECRYPT FILES.txt
2013-05-05 19:43 - 2015-04-13 20:34 - 0000132 _____ () C:\Users\Ondra\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2013-05-19 20:59 - 2013-05-19 21:04 - 0037033 _____ () C:\Users\Ondra\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2013-05-19 20:56 - 2013-05-19 20:56 - 0037007 _____ () C:\Users\Ondra\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2013-03-27 08:46 - 2013-03-27 09:22 - 0009308 _____ () C:\Users\Ondra\AppData\Roaming\Hodnoty oddělené čárkami (Windows).CAL
2013-02-13 18:04 - 2013-04-17 21:40 - 0000600 _____ () C:\Users\Ondra\AppData\Roaming\winscp.rnd
2015-08-21 21:37 - 2015-10-03 16:21 - 0007680 _____ () C:\Users\Ondra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-13 16:46 - 2014-03-17 18:27 - 0000600 _____ () C:\Users\Ondra\AppData\Local\PUTTY.RND
2015-10-14 15:43 - 2015-10-14 15:43 - 0017211 _____ () C:\Users\Ondra\AppData\Local\recently-used.xbel
2015-04-26 19:57 - 2015-04-26 19:57 - 0012587 _____ () C:\ProgramData\mxnhytee.feu

Files to move or delete:
====================
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe


Some files in TEMP:
====================
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe
C:\Users\Ondra\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Ondra\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================


Available physical RAM: 2098.66 MB
Total physical RAM: 3979.05 MB
Percentage of memory in use: 47%

==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForOndra.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ondra.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:054203E4

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ondra\Desktop" je 3 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.015 - Logfile created 31/10/2015 at 20:53:32
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Ondra - ONDRA-HP
# Running from : C:\Users\Ondra\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Ondra\AppData\Roaming\GrabPro
[-] Folder Deleted : C:\Users\Ondra\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Ondra\AppData\Roaming\pdfforge
[-] Folder Deleted : C:\Users\Ondra\AppData\Roaming\ProgSense

***** [ Files ] *****

[-] File Deleted : C:\Users\Ondra\AppData\Local\Temp\task.vbs

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKLM\SOFTWARE\PIP
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\ProgSense

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3292 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Ondra (administrator) on ONDRA-HP (31-10-2015 21:16:08)
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra & kpo_postgres (Available Profiles: Ondra & Marketa & kpo_postgres)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Apache Software Foundation) C:\Program Files (x86)\KPO\server\apache\bin\httpd.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\pg_ctl.exe
(Apache Software Foundation) C:\Program Files (x86)\KPO\server\apache\bin\httpd.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\postgres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-19] (IDT, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-03] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [Alcmeter] => C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe [1171592 2015-03-13] (Microsoft Corporation) <===== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7676224 2014-11-26] (OrdinarySoft)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-02] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2015-08-16]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{8C21B61D-2276-4AAF-9251-03B047169399}: [DhcpNameServer] 212.71.150.16 82.209.19.226
Tcpip\..\Interfaces\{DFC0DB60-8F40-4FF7-B397-2F1A905C18AB}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-02] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-02] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-914903147-3168280860-3041313594-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://10.10.1.30/AVC_AX_742.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\wpav75s5.default-1401447917978
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-05-20] ()
FF Plugin HKU\S-1-5-21-914903147-3168280860-3041313594-1002: hp.com/HPDetect -> C:\Users\Ondra\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Extension: Xmarks - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\wpav75s5.default-1401447917978\Extensions\foxmarks@kei.com [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-02] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-01]
CHR Extension: (YouTube) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-21]
CHR Extension: (Avast SafePrice) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-01]
CHR Extension: (Avast Online Security) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-01]
CHR Extension: (Hangouts) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-09-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]
CHR Extension: (Gmail) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR HKU\S-1-5-21-914903147-3168280860-3041313594-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ondra\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-06-25]
CHR HKU\S-1-5-21-914903147-3168280860-3041313594-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-02] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-19] (Intel Corporation)
R2 KPO_Apache; C:\Program Files (x86)\KPO\server\apache\bin\httpd.exe [12288 2014-04-16] (Apache Software Foundation) [File not signed]
R2 KPO_PostgreSQL; C:\Program Files (x86)\KPO\server\postgresql\apps\pgsql\bin\pg_ctl.exe [65536 2014-04-16] (PostgreSQL Global Development Group) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-06-19] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37088 2014-08-05] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-02] (AVAST Software)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [16280 2012-10-24] (SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [15256 2012-10-24] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [24984 2012-10-24] (SMART Technologies ULC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-06-19] (Sunplus)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 IT9135BDA; \SystemRoot\System32\Drivers\IT9135BDA.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 21:15 - 2015-10-31 21:15 - 00053181 _____ C:\Users\Ondra\Desktop\FRST3.txt
2015-10-31 21:12 - 2015-10-31 21:13 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2015-10-31 21:00 - 2015-10-31 21:00 - 00000000 ___RD C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-31 20:52 - 2015-10-31 20:53 - 00000000 ____D C:\AdwCleaner
2015-10-31 20:51 - 2015-10-31 20:51 - 01694208 _____ C:\Users\Ondra\Desktop\adwcleaner_5.015.exe
2015-10-31 20:16 - 2015-10-31 20:16 - 00011717 _____ C:\Users\Ondra\Desktop\Addition.rar
2015-10-31 20:13 - 2015-10-31 21:16 - 00024126 _____ C:\Users\Ondra\Desktop\FRST.txt
2015-10-31 20:13 - 2015-10-31 21:16 - 00000000 ____D C:\FRST
2015-10-31 20:11 - 2015-10-31 20:11 - 02198016 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2015-10-31 20:01 - 2015-10-31 20:01 - 00284800 _____ C:\WINDOWS\Minidump\103115-22187-01.dmp
2015-10-31 16:48 - 2015-10-31 16:51 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Opera Software
2015-10-31 16:48 - 2015-10-31 16:51 - 00000000 ____D C:\Users\Ondra\AppData\Local\Opera Software
2015-10-31 16:45 - 2015-10-31 17:23 - 00000000 ____D C:\Program Files\Office 2016 KMS Activator Ultimate v1.0
2015-10-30 12:59 - 2015-10-30 12:59 - 00764600 _____ C:\WINDOWS\Minidump\103015-24859-01.dmp
2015-10-30 11:17 - 2015-10-30 11:17 - 00791168 _____ C:\WINDOWS\Minidump\103015-29484-01.dmp
2015-10-29 22:06 - 2015-10-31 08:46 - 00000000 ____D C:\Users\Ondra\Downloads\COP 2015
2015-10-27 20:33 - 2015-10-27 20:33 - 00216576 _____ C:\Users\Ondra\Desktop\Lasáková_JIHLAVA_nabídka_2015.xls
2015-10-20 11:00 - 2015-10-20 11:00 - 00694184 _____ C:\WINDOWS\Minidump\102015-28484-01.dmp
2015-10-17 16:55 - 2015-10-17 16:55 - 00015798 _____ C:\Users\Ondra\Downloads\polička.jpeg
2015-10-17 15:17 - 2015-10-20 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 09:47 - 2015-10-31 20:01 - 748240147 _____ C:\WINDOWS\MEMORY.DMP
2015-10-16 09:47 - 2015-10-16 09:47 - 00896640 _____ C:\WINDOWS\Minidump\101615-24250-01.dmp
2015-10-14 19:19 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-14 19:19 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-14 19:19 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 15:43 - 2015-10-14 15:43 - 00017211 _____ C:\Users\Ondra\AppData\Local\recently-used.xbel
2015-10-14 08:13 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 08:13 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 08:13 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 08:13 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 08:13 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 08:13 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 08:13 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 08:12 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 08:12 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 08:12 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 08:12 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 08:12 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 08:12 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 08:12 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 08:12 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 08:12 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 08:12 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 08:12 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 08:12 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 08:12 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 08:12 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 08:12 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 08:11 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 08:11 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 08:11 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 08:11 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 08:11 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 08:11 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 08:11 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 08:11 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 08:11 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 08:11 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 08:11 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 08:11 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 08:11 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 08:11 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 08:11 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 08:11 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 08:11 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 08:11 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 08:11 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 08:11 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 08:11 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 08:11 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 08:11 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 08:11 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 08:11 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 08:11 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 08:11 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 08:11 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 08:11 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 08:11 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 08:11 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 08:11 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 08:11 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 08:11 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 08:11 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 08:11 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 08:11 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 08:11 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 08:11 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 08:11 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 08:11 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 08:11 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 08:11 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 08:11 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 08:11 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 08:11 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 08:11 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 08:11 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:11 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:11 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-11 16:18 - 2015-10-11 16:18 - 00000000 ____D C:\Users\Ondra\Documents\Any Video Converter
2015-10-11 16:18 - 2015-10-11 16:18 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\MPC-HC
2015-10-11 07:38 - 2015-10-20 11:00 - 00012578 _____ C:\WINDOWS\PFRO.log
2015-10-04 11:05 - 2015-10-04 11:05 - 00000000 ____D C:\Users\Ondra\Documents\Bluetooth Folder
2015-10-02 19:58 - 2015-10-02 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-10-02 19:54 - 2015-10-02 20:04 - 00000000 ____D C:\xampp
2015-10-02 19:53 - 2015-10-02 19:53 - 00000000 ____D C:\Program Files (x86)\Nová složka
2015-10-02 16:21 - 2015-10-31 20:56 - 00006345 _____ C:\WINDOWS\setupact.log
2015-10-02 16:21 - 2015-10-02 16:21 - 00000000 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 21:13 - 2015-08-16 19:29 - 01721184 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-31 21:11 - 2015-06-21 07:45 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 21:05 - 2012-12-30 10:32 - 00000000 ____D C:\Users\Ondra\Documents\Emaily
2015-10-31 21:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-31 20:59 - 2015-06-25 20:35 - 00000000 ___RD C:\Users\Ondra\Documents\GoogleDrive
2015-10-31 20:58 - 2015-06-21 07:45 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 20:56 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-31 20:53 - 2015-03-13 21:41 - 00000000 ____D C:\Users\Ondra
2015-10-31 20:31 - 2013-01-11 17:50 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-31 20:27 - 2012-12-25 17:59 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-914903147-3168280860-3041313594-1002
2015-10-31 20:02 - 2015-03-13 21:41 - 00000000 ____D C:\Users\kpo_postgres
2015-10-31 20:01 - 2015-03-27 18:16 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-31 19:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-31 19:47 - 2014-11-21 05:53 - 01934988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 19:47 - 2014-11-21 05:10 - 00802206 _____ C:\WINDOWS\system32\perfh005.dat
2015-10-31 19:47 - 2014-11-21 05:10 - 00183700 _____ C:\WINDOWS\system32\perfc005.dat
2015-10-31 18:35 - 2012-12-27 10:09 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-10-31 17:26 - 2014-02-02 19:27 - 00000000 ____D C:\Program Files (x86)\All Free DVD to AVI Converter
2015-10-31 17:23 - 2015-04-11 21:08 - 00000000 ____D C:\Program Files\Office 2013 KMS Activator Ultimate v1.4
2015-10-31 17:01 - 2012-12-27 10:09 - 00000292 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-10-31 16:58 - 2013-01-02 17:44 - 00000000 ____D C:\Program Files\Start Menu X
2015-10-31 16:57 - 2015-01-25 12:07 - 00000000 ____D C:\Program Files\KMSnano Final
2015-10-31 16:57 - 2012-09-23 00:46 - 00000000 ____D C:\Program Files\IDT
2015-10-31 16:55 - 2015-08-16 19:04 - 00000000 ____D C:\Program Files\CCleaner
2015-10-31 16:55 - 2015-04-14 10:15 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-31 16:55 - 2015-03-15 20:29 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-31 16:55 - 2013-12-19 09:05 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-10-31 16:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-31 16:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-31 16:54 - 2015-07-10 17:25 - 00000000 ___HD C:\$Windows.~BT
2015-10-31 16:53 - 2015-01-25 08:09 - 00000296 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ondra.job
2015-10-31 16:49 - 2015-01-25 08:09 - 00002396 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Ondra
2015-10-31 16:29 - 2015-08-16 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-31 16:29 - 2012-12-25 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-31 07:45 - 2014-12-26 21:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-31 07:38 - 2015-01-25 08:09 - 00000000 ____D C:\ProgramData\ProductData
2015-10-30 10:23 - 2012-12-25 17:52 - 00000000 ____D C:\Users\Ondra\AppData\Local\Packages
2015-10-29 21:16 - 2015-07-17 21:24 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-27 19:42 - 2012-12-25 18:00 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-25 22:42 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-25 09:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-23 15:54 - 2013-11-17 08:04 - 00003164 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForOndra
2015-10-23 15:54 - 2013-11-17 08:04 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForOndra.job
2015-10-22 08:13 - 2015-06-25 20:21 - 00002060 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-22 08:13 - 2015-06-25 20:21 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-22 08:13 - 2015-06-25 20:21 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-22 08:13 - 2015-06-25 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-20 18:39 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-17 13:31 - 2013-01-11 17:50 - 00003802 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-16 05:51 - 2014-11-21 13:21 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2014-11-21 13:21 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 11:51 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 10:14 - 2014-11-21 13:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 10:13 - 2015-04-17 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 10:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-14 21:16 - 2015-06-21 23:06 - 00000000 ____D C:\Users\Ondra\Documents\web
2015-10-14 15:47 - 2013-12-04 20:17 - 00000000 ____D C:\Users\Ondra\.gimp-2.8
2015-10-14 14:54 - 2015-09-29 11:37 - 00000000 ____D C:\Users\Ondra\Documents\Vlastní šablony Office
2015-10-14 10:46 - 2014-12-29 14:28 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-14 10:46 - 2013-03-21 14:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 10:18 - 2013-07-23 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 10:12 - 2012-12-25 11:30 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-11 19:27 - 2012-12-27 14:33 - 00000000 ____D C:\Users\Ondra\AppData\Local\GHISLER
2015-10-11 16:18 - 2015-08-16 19:17 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\Anvsoft
2015-10-11 15:24 - 2013-10-08 19:58 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\vlc
2015-10-11 13:17 - 2013-10-08 19:57 - 00001084 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-11 13:17 - 2013-10-08 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-11 07:49 - 2015-04-07 20:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-11 07:35 - 2015-04-07 20:05 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-08 13:45 - 2015-01-26 14:56 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\TeamViewer
2015-10-08 11:00 - 2013-03-30 14:59 - 00000000 ____D C:\Users\Ondra\AppData\Roaming\dvdcss
2015-10-03 16:21 - 2015-08-21 21:37 - 00007680 _____ C:\Users\Ondra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-02 17:04 - 2014-11-08 11:22 - 00700543 _____ C:\zk.xml
2015-10-02 11:25 - 2013-11-27 09:51 - 00000000 ____D C:\Users\Ondra\AppData\Local\gtk-2.0
2015-10-01 15:59 - 2015-07-09 12:35 - 00003794 _____ C:\WINDOWS\System32\Tasks\klcp_update

==================== Files in the root of some directories =======

2015-03-13 21:01 - 2015-03-13 21:01 - 0000785 _____ () C:\Program Files\HOW TO DECRYPT FILES.txt
2013-05-05 19:43 - 2015-04-13 20:34 - 0000132 _____ () C:\Users\Ondra\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2013-05-19 20:59 - 2013-05-19 21:04 - 0037033 _____ () C:\Users\Ondra\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2013-05-19 20:56 - 2013-05-19 20:56 - 0037007 _____ () C:\Users\Ondra\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2013-03-27 08:46 - 2013-03-27 09:22 - 0009308 _____ () C:\Users\Ondra\AppData\Roaming\Hodnoty oddělené čárkami (Windows).CAL
2013-02-13 18:04 - 2013-04-17 21:40 - 0000600 _____ () C:\Users\Ondra\AppData\Roaming\winscp.rnd
2015-08-21 21:37 - 2015-10-03 16:21 - 0007680 _____ () C:\Users\Ondra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-13 16:46 - 2014-03-17 18:27 - 0000600 _____ () C:\Users\Ondra\AppData\Local\PUTTY.RND
2015-10-14 15:43 - 2015-10-14 15:43 - 0017211 _____ () C:\Users\Ondra\AppData\Local\recently-used.xbel
2015-04-26 19:57 - 2015-04-26 19:57 - 0012587 _____ () C:\ProgramData\mxnhytee.feu

Files to move or delete:
====================
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe


Some files in TEMP:
====================
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe
C:\Users\Ondra\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Ondra\AppData\Local\Temp\sqlite3.dll
C:\Users\Ondra\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 20:27

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Alcmeter] => C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe [1171592 2015-03-13] (Microsoft Corporation) <===== ATTENTION
C:\Users\Ondra\AppData\Local\Temp
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
Toolbar: HKU\S-1-5-21-914903147-3168280860-3041313594-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\AutoKMS
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe

ResetHosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Ondra (2015-10-31 22:17:34) Run:1
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra & kpo_postgres (Available Profiles: Ondra & Marketa & kpo_postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Alcmeter] => C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe [1171592 2015-03-13] (Microsoft Corporation) <===== ATTENTION
C:\Users\Ondra\AppData\Local\Temp
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
Toolbar: HKU\S-1-5-21-914903147-3168280860-3041313594-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\AutoKMS
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe

ResetHosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Alcmeter => value removed successfully

"C:\Users\Ondra\AppData\Local\Temp" folder move:

Could not move "C:\Users\Ondra\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
HKU\S-1-5-21-914903147-3168280860-3041313594-1006\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-914903147-3168280860-3041313594-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\AutoKMS => moved successfully
C:\Users\Ondra\AppData\Local\Temp\e14Jx25mh4p0rr1.exe => moved successfully
ResetHosts: => Error: No automatic fix found for this entry.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-31 22:21:36)

C:\Users\Ondra\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:21:41 ====

Smazáno. Nastala nějaká změna?

zlepsilo se. budu sledovat

OK a dejte vědět.

Projel jsem pro jistoru eset online a našlo toto: To se mí vůbec nelíbí. Není to celý log, byl moc dlouhý.

C:\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Recycle.Bin\S-1-5-18\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Recycle.Bin\S-1-5-21-914903147-3168280860-3041313594-1002\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Recycle.Bin\S-1-5-21-914903147-3168280860-3041313594-1005\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\boot\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\boot\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\boot\fonts\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\boot\resources\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\0f5705e0-a232-4bf2-8a69-fc5bd89e6762\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\1cacbb91-a979-4fbf-a96c-6638efda238e\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\2afcf7ff-2bb9-47d6-90da-e561fe0e74d0\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\ad3105ec-7f3e-4cc7-beb8-dc1c0e834f88\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\ad3105ec-7f3e-4cc7-beb8-dc1c0e834f88\B186751\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\adfe6603-c061-483e-9c8f-bea034ddd795\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\b40738a3-d02c-4d57-a327-2da4dbb0f428\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\da-dk\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\de-de\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\el-gr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\en-us\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\es-es\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\fi-fi\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\fr-fr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\hu-hu\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\it-it\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\ja-jp\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\ko-kr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\nb-no\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\nl-nl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\pl-pl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\pt-br\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\pt-pt\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\ro-ro\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\ru-ru\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\sk-sk\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\sv-se\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\tr-tr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\zh-cn\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Drivers\DU\c106d4b3-9cd3-4e4a-a3fe-c16590177732\zh-tw\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\efi\boot\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\efi\microsoft\boot\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\efi\microsoft\boot\fonts\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\efi\microsoft\boot\resources\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\LangPacks\DU\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\LangPacks\DU\8d98eb5b-a65c-465b-8fa8-c32f8b932e15\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\ar-sa\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\bg-bg\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\da-dk\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\de-de\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\Diagnostics\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\bitsextensions-server\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-activedirectory-webservices-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-bluetooth-config\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-com-complus-setup-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-com-dtc-setup-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-dhcpservermigplugin-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-directoryservices-adam-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-iasserver-migplugin\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-ie-clientnetworkprotocolimplementation-migration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-iis-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-international-core-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-internet-naming-service-runtime\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-mediaplayer-drm-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-msmq-messagingcoreservice\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-ndis\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-networkbridge\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-networkloadbalancing-core\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-offlinefiles-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-performancecounterinfrastructure-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-performancecounterinfrastructureconsumer-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-rasconnectionmanager\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-rasserver-migplugin\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-shmig-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-shmig-dl\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-storagemigration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-storagemigration\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-sxs\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-sxs\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-tapisetup\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-terminalservices-licenseserver\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-unimodem-config\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-winsock-core-infrastructure-upgrade\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\microsoft-windows-wmi-core\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\dlmanifests\networking-mpssvc-svc\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\el-gr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\en-gb\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\en-us\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\es-es\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\es-mx\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\et-ee\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\etwproviders\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\etwproviders\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\fi-fi\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\fr-ca\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\fr-fr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\he-il\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\hr-hr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\hu-hu\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\inf\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\it-it\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\ja-jp\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\ko-kr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\lt-lt\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\lv-lv\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\migration\wtr\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\nb-no\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\nl-nl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\Panther\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\Panther\img\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\Panther\MigrationShims\MigShim1\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\pl-pl\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\pt-br\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\pt-pt\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-activedirectory-webservices\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-client-license-platform-service-migration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-ehome-reg-inf\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-hyper-v\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-international-core\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-appx-deployment-server\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-audio-mmecore-other\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-bth-user\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-deviceaccess\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-deviceassociationframework\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-directoryservices-adam-client\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-gameuxmig\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-iis-rm\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-mapscontrol-migration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-ndis\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-network-setup\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-offlinefiles-core\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-offlinefiles-core\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-pnpmigration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-rasapi-mig\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-rasserver-migplugin\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-security-ngc-localaccountmigplugin\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-shmig\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-shmig\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-storagemigration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-storagemigration\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-sxs\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-sxs\cs-cz\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-terminalservices-appserver-licensing\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-terminalservices-licenseserver\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\microsoft-windows-textservicesframework-migration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\networkbridge\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\printing-localprinting-replacement\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\sebmigration\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\sppmig\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\usb\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\windowssearchengine\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\replacementmanifests\wslicensing\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\ro-ro\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\Rollback\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\ru-ru\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\en-us\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\insert\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskclearui\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknav\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files\Common Files\Microsoft Shared\ink\LanguageModel\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Program Files (x86)\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\ProgramData\Microsoft\Diagnosis\DownloadedSettings\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\ProgramData\Microsoft\Windows\Start Menu\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\ProgramData\Microsoft\Windows\Start Menu\Programs\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\sources\recovery\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\sources\recovery\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Default\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Desktop\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Documents\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Downloads\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Libraries\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Music\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Pictures\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Users\Public\Videos\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\apppatch\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\Fonts\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\Globalization\Sorting\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\INF\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\INF\PERFLIB\0000\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\INF\PERFLIB\0405\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\INF\RemoteAccess\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\INF\RemoteAccess\0000\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\INF\RemoteAccess\0405\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\L2Schemas\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\PLA\Reports\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\PLA\Reports\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\PLA\Rules\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\PLA\Rules\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\resources\Themes\aero\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\resources\Themes\aero\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\ar-SA\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\bg-BG\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\CodeIntegrity\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\config\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\da-DK\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\de-DE\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\DiagSvcs\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\DiagSvcs\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\Dism\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\Dism\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\Dism\en-US\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\downlevel\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\cs-CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\en-US\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\etc\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\el-GR\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\en-GB\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\en-US\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\es-ES\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\es-MX\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\et-EE\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\fi-FI\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\fr-CA\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\fr-FR\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\he-IL\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\hr-HR\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\hu-HU\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\it-IT\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\ja-JP\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\ko-KR\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\lt-LT\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\lv-LV\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán - uložen do karantény
C:\Program Files\Common Files\Adobe\HelpCfg\cs_CZ\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán
zán
F:\$RECYCLE.BIN\S-1-5-21-914903147-3168280860-3041313594-1002\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán
F:\$RECYCLE.BIN\S-1-5-21-914903147-3168280860-3041313594-1005\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán
F:\system.sav\util\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán
F:\system.sav\util\hpfire\HOW TO DECRYPT FILES.txt Win32/Filecoder.W.Gen trojský kůň vymazán

Frst neukáže vše. Proto se ptám na případnou změnu chování. V případě, kdyby se vám něco nezdálo, požádal bach vás o log MBAM: http://www.malwarebytes.org/mbam.php (kompletní). Pokud ho provedete, dejte log a předem nic nemažte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4. 11. 2015
Čas skenování: 23:18
Protokol: kviki-mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.04.08
Databáze rootkitů: v2015.11.04.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Ondra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 874766
Uplynulý čas: 15 hod, 39 min, 42 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 4
PUP.Optional.APNToolBar, C:\Program Files (x86)\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe, , [e523eb8fe5a6ee48c093ed380df420e0],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Nalezenou položku smažte.

Položku jsem smazal. Ovšem jsem zjistil, že mi to šifruje soubory. U poloviny dat mám nyni napsáno zašifrovano