VIRY.CZ

Dobrý den, hledal jsem toto téma ale nenašel prosím nevíte někdo nebo nemáte návod jak odstranit RSA 4096?

Zdravím!
RSA 4096 je ransomware. Což je šmejd, který vám dokáže zašifrovat dokumenty, případně celý PC. PC (pokud je přístupné), vám můžeme vyčistit, ale dokumenty vám nedešifrujeme. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. Chcete-li, dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by woya (administrator) on WOYTA (23-02-2017 11:25:20)
Running from C:\Users\woya\Downloads
Loaded Profiles: woya (Available Profiles: woya & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\szninstall.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmui.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1475344 2016-03-24] (Lavasoft)
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [Steam] => "C:\Users\woya\Desktop\Nová složka\steam.exe" -silent
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [GSplay.exe] => C:\Users\woya\Desktop\GSplay.exe
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\woya\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\woya\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9D8B0457-CB80-45F2-93FC-226FF32ED990}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {07DABBBB-7C71-43CD-9A0B-38218CEB43CD} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {20A794BE-539A-4ABE-905E-BF7262C67DA1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {35F1F2F5-6E9B-4FA5-9365-06DE685EC9F6} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {4676566E-8E36-47B1-AC52-289DD87C7642} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {7FF58829-AE7D-4698-88BB-44079369A2F9} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {8BBC4653-7911-4317-8A75-C5E56D3170AC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {9814D5FA-946F-4F51-80CC-417F8AE0ABD5} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_150907__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {C7F25AC1-915D-414D-B4E2-19DE7550F76E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {F0473FF6-D974-430F-843B-597BE706BBA0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_FF.xpi => not found
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Prezentace Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Dokumenty Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-29]
CHR Extension: (Disk Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (Seznam Lištička - Email) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-22]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-22]
CHR Extension: (YouTube) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Tabulky Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-22]
CHR Extension: (Gmail) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [315376 2014-06-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-03-24] (Lavasoft Limited)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-03-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2015-09-08] (Disc Soft Ltd)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 11:25 - 2017-02-23 11:26 - 00020011 _____ C:\Users\woya\Downloads\FRST.txt
2017-02-23 11:25 - 2017-02-23 11:25 - 00000000 ____D C:\FRST
2017-02-23 11:23 - 2017-02-23 11:23 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 01107968 _____ C:\Users\woya\Downloads\RSIT.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 00000000 ____D C:\Program Files (x86)\trend micro
2017-02-22 18:18 - 2017-02-22 18:18 - 01324032 _____ C:\Users\woya\Downloads\RSITx64 (1).exe
2017-02-22 18:13 - 2017-02-22 18:13 - 01222144 _____ C:\Users\woya\Downloads\RSITx64.exe
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\rsit
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\Program Files\trend micro
2017-02-22 17:12 - 2017-02-22 17:12 - 00023032 _____ (Wiper Software) C:\WINDOWS\system32\wiperrm.exe
2017-02-22 17:12 - 2017-02-22 17:12 - 00003278 _____ C:\WINDOWS\System32\Tasks\WiperSoft Startup
2017-02-22 17:12 - 2017-02-22 17:12 - 00000786 _____ C:\Users\woya\Desktop\WiperSoft.lnk
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Users\woya\AppData\Roaming\WiperSoft
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Users\woya\AppData\Local\CrashRpt
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Program Files\WiperSoft
2017-02-22 17:11 - 2017-02-22 17:11 - 01944616 _____ (WiperSoft) C:\Users\woya\Downloads\WiperSoft-installer.exe
2017-02-22 16:31 - 2017-02-22 17:32 - 00000000 ____D C:\WINDOWS\pss
2017-02-19 21:08 - 2017-02-19 21:08 - 00000791 _____ C:\Users\woya\Desktop\Start Tor Browser.lnk
2017-02-19 21:07 - 2017-02-19 21:08 - 00000000 ____D C:\Users\woya\Desktop\Tor Browser
2017-02-16 19:09 - 2017-02-20 20:09 - 00000000 ____D C:\Users\woya\Documents\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00001373 _____ C:\Users\Public\Desktop\18 WoS Extreme Trucker.lnk
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\Program Files (x86)\18 WoS Extreme Trucker
2017-02-10 17:35 - 2017-02-10 17:51 - 00000000 ____D C:\ProgramData\Nero
2017-02-10 17:28 - 2017-02-10 17:41 - 00000000 ____D C:\Users\woya\AppData\Roaming\Nero
2017-02-09 16:34 - 2017-02-10 17:40 - 00000000 ____D C:\Users\woya\Desktop\2017 cd
2017-02-05 20:22 - 2017-02-12 20:06 - 00000000 ____D C:\Users\woya\Desktop\garáž inspirace
2017-02-03 21:31 - 2017-02-03 21:31 - 00003366 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00004214 _____ C:\WINDOWS\System32\Tasks\avast! BCU UpdateS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00001153 _____ C:\Users\woya\Desktop\Avast Browser Cleanup.lnk
2017-02-03 21:30 - 2017-02-03 21:30 - 00000000 ____D C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 11:26 - 2016-04-07 20:26 - 00000000 ____D C:\Users\woya\AppData\Roaming\Seznam.cz
2017-02-23 11:26 - 2016-01-31 09:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-23 11:25 - 2015-07-29 18:21 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-23 11:24 - 2015-07-29 18:21 - 00000000 ____D C:\Users\woya\AppData\Local\CrashDumps
2017-02-23 11:22 - 2015-01-17 04:40 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-23 11:22 - 2015-01-17 04:40 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-23 11:22 - 2014-03-18 10:47 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-23 11:22 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-22 18:02 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 16:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 17:09 - 2015-06-14 18:55 - 00000000 ____D C:\Users\woya\Desktop\psani
2017-02-20 17:48 - 2015-08-20 19:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\vlc
2017-02-20 17:37 - 2016-10-26 19:19 - 00000000 ____D C:\Users\woya\Desktop\ok obrázky
2017-02-19 21:08 - 2016-06-21 07:44 - 00000839 _____ C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-02-19 20:43 - 2015-05-31 18:47 - 00000000 ____D C:\Users\woya\Desktop\obrázky
2017-02-15 14:43 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-10 17:34 - 2014-07-25 10:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-04 00:00 - 2015-07-29 18:04 - 00000000 ____D C:\Users\woya
2017-02-03 22:00 - 2016-03-29 17:25 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 21:38 - 2016-03-29 17:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\AVAST Software
2017-02-03 21:38 - 2016-03-29 17:15 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-02 17:10 - 2013-08-22 15:44 - 00381936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.txt
2016-03-29 17:25 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.png
2016-03-29 17:25 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.txt
2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.txt
2016-03-29 17:23 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.png
2016-03-29 17:24 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.txt
2016-03-29 13:31 - 2016-03-29 14:17 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.png
2016-03-29 13:31 - 2016-03-29 14:17 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.txt
2016-03-29 17:05 - 2016-03-29 18:48 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.png
2016-03-29 17:05 - 2016-03-29 18:48 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.txt
2016-03-28 17:32 - 2016-03-28 18:01 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.png
2016-03-28 17:32 - 2016-03-28 18:01 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.txt
2016-03-29 13:13 - 2016-03-29 13:21 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.png
2016-03-29 13:13 - 2016-03-29 13:21 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.txt
2015-01-17 04:48 - 2015-01-17 04:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-04-07 20:48 - 2015-11-23 18:51 - 4964056 _____ (Acer Incorporated) C:\Users\woya\AppData\Local\Temp\AcerDocsSetup.exe
2015-09-09 10:22 - 2015-09-09 10:22 - 7850088 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\BingBarSetup-Partner.exe
2015-09-08 09:16 - 2015-09-08 09:16 - 0102912 _____ () C:\Users\woya\AppData\Local\Temp\bitool.dll
2016-04-01 21:54 - 2016-04-01 21:54 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\woya\AppData\Local\Temp\COMAP.EXE
2015-05-15 14:57 - 2015-05-15 14:57 - 0027448 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x64.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0030008 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x86.dll
2015-11-12 15:30 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2016-04-07 21:02 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\FoxitUpdater.exe
2015-09-22 18:06 - 2015-09-22 18:06 - 2382216 _____ (Mooii) C:\Users\woya\AppData\Local\Temp\GoogleSetup.exe
2017-02-10 17:32 - 2014-03-20 00:55 - 1036288 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\kernel32.dll
2015-09-01 12:11 - 2015-09-01 12:11 - 0120336 _____ (McAfee, Inc.) C:\Users\woya\AppData\Local\Temp\McCSPInstall.dll
2016-03-29 18:23 - 2015-09-01 12:11 - 0162120 _____ (McAfee Inc.) C:\Users\woya\AppData\Local\Temp\mccspuninstall.exe
2016-01-31 08:56 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\woya\AppData\Local\Temp\MSETUP4.EXE
2015-12-11 18:02 - 2015-12-11 18:03 - 62903592 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\oct3A0.tmp.exe
2016-02-17 11:05 - 2016-02-17 11:06 - 63078856 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octA9B3.tmp.exe
2015-08-06 18:10 - 2015-08-06 18:20 - 67114248 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octAF19.tmp.exe
2015-10-16 20:01 - 2015-10-16 20:03 - 67197784 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB4FF.tmp.exe
2015-12-19 05:16 - 2015-12-19 05:17 - 63066872 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB55E.tmp.exe
2015-09-02 21:56 - 2015-09-02 21:58 - 67202952 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octBB15.tmp.exe
2016-03-12 23:06 - 2016-03-12 23:06 - 63142648 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octC5AF.tmp.exe
2015-12-04 20:11 - 2015-12-04 20:18 - 62760704 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octCDC7.tmp.exe
2016-03-09 09:13 - 2016-03-09 09:14 - 63143840 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octD498.tmp.exe
2015-10-30 21:49 - 2015-10-30 21:51 - 64809432 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octF860.tmp.exe
2015-05-15 14:57 - 2015-05-15 14:57 - 0033080 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-win32.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0032056 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-x64.dll
2016-03-26 21:10 - 2016-03-26 21:10 - 0685568 _____ () C:\Users\woya\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
2016-07-03 15:11 - 2016-07-03 15:12 - 30533688 _____ () C:\Users\woya\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-09-25 06:00 - 2016-09-25 06:00 - 1246584 _____ (Google Inc.) C:\Users\woya\AppData\Local\Temp\{E3206134-7530-4F06-B7CC-238CD47B99DC}-53.0.2785.143_53.0.2785.116_chrome_updater.exe
2017-02-09 16:36 - 2017-02-09 16:36 - 0534528 _____ () C:\Users\woya\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 17:15

==================== End of FRST.txt ============================

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.043 - Log vytvořen 23/02/2017 v 12:46:48
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-23.2 [Server]
# Operační systém : Windows 8.1 Connected (X64)
# Uživatelské jméno : woya - WOYTA
# Spuštěno z : C:\Users\woya\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: LavasoftTcpService
[-] Služba smazána: WCAssistantService


***** [ Složky ] *****

[-] Složka smazána: C:\Users\woya\AppData\Local\VirtualStore\Program Files\Booking.com
[-] Složka smazána: C:\Users\woya\AppData\Roaming\RPEng
[-] Složka smazána: C:\Users\woya\AppData\Roaming\lavasoft\web companion
[-] Složka smazána: C:\Users\woya\AppData\Roaming\WiperSoft
[-] Složka smazána: C:\Program Files\Booking.com
[-] Složka smazána: C:\Program Files\WiperSoft
[-] Složka smazána: C:\ProgramData\lavasoft\web companion
[-] Složka smazána: C:\Program Files (x86)\lavasoft\web companion
[-] Složka smazána: C:\Users\Public\Pokki


***** [ Soubory ] *****

[#] Soubor smazán: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] Soubor smazán: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[#] Soubor smazán: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] Soubor smazán: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Software Update Application


***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Classes\pokki
[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Classes\Tomabo.MP4Player.play
[#] Klíč smazán po restartu: HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: HKCU\Software\Classes\Tomabo.MP4Player.play
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Klíč smazán: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.flv
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.mp4
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS.1
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Tomabo.MP4Player.play
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.flv
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.mp4
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\WiperSoft
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[-] Klíč smazán: HKLM\SOFTWARE\Lavasoft\Web Companion
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easyphotoedit.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getformsonline.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myradioaccess.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safepcrepair.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice-cz.eu
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice-cz.eu
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easyphotoedit.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getformsonline.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myradioaccess.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safepcrepair.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice-cz.eu
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice-cz.eu
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[-] Hodnota smazána: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Hodnota smazána: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11696 Bajty] - [23/02/2017 12:46:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [11179 Bajty] - [23/02/2017 12:45:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11844 Bajty] ##########

Dejte nový log FRST.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by woya (23-02-2017 18:12:37)
Running from C:\Users\woya\Downloads
Windows 8.1 Connected (Update) (X64) (2015-07-29 17:08:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3354066490-3795016998-3616670782-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3354066490-3795016998-3616670782-501 - Limited - Disabled)
woya (S-1-5-21-3354066490-3795016998-3616670782-1001 - Administrator - Enabled) => C:\Users\woya

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 WoS Extreme Trucker 1.01 (HKLM-x32\...\18 WoS Extreme Trucker) (Version: 1.01 - )
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Avast Browser Cleanup (HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Dostihy 3000 deluxe 1.1 (HKLM-x32\...\Dostihy 3000 deluxe) (Version: - )
FlatOut2 (HKLM-x32\...\{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1) (Version: 1.0 - US - ACTION, s.r.o.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MP4 Downloader 3 (HKLM-x32\...\MP4 Downloader_is1) (Version: - Tomabo)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2900 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2900 series) (Version: - ‭Canon Inc.)
Seznam Software (HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\SeznamInstall) (Version: - Seznam.cz)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM-x32\...\{aad49f43-1a84-4288-b613-935b27d0155b}) (Version: 2.3.1395.2683 - Lavasoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WiperSoft 1.1.1129.64 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.1.1129.64 - WiperSoft)
Youtube Downloader 4.64 (HKLM-x32\...\Youtube Downloader_is1) (Version: - Youtube Downloader)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll => No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D5813D-E736-4F11-837A-C531554BBE00} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {0E584EB4-44EB-4EFF-AF8F-18FECFC02980} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FC5BAE0-D1E0-4907-921A-C998C4706788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FFCBD1B-E841-4DDA-B426-3A529CB82FBA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {152511BA-96D0-445A-AEFD-8A54A6CC4DB1} - System32\Tasks\avastBCLS-1-5-21-3354066490-3795016998-3616670782-1001 => C:\Users\woya\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-02-03] (AVAST Software)
Task: {26017BFB-4F6C-4228-BD0A-E1FD8088A606} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {27136821-C55F-4E62-9FC3-698136975B66} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-17] ()
Task: {2B73EEF8-E1D7-4F04-8F46-F5E3F2F2CB07} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-17] ()
Task: {35BD2535-E6F4-4E46-897B-16B0A22C1076} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {4F9519E3-FBC9-4AE5-B983-84412665942F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {54F69BC0-95C4-41A7-A6DD-B0149A610BB8} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {8D624D77-5BAB-4867-817F-0486624A853B} - System32\Tasks\avast! BCU UpdateS-1-5-21-3354066490-3795016998-3616670782-1001 => C:\Users\woya\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {9B225D04-7D76-435D-8AA5-56B887B0C34C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {A63E59BD-3FE3-4FAD-A667-7726D17D294C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {B1C45E26-4094-4479-9C0D-10D3F81ABAF1} - System32\Tasks\WiperSoft Startup => C:\Program Files\WiperSoft\WiperSoft.exe
Task: {BE22A6C3-A72F-4A5C-ACA2-631630B8B6D2} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {BF6ECB47-87D1-4AE4-AEAB-3660156A02BB} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {FFA14740-5B10-407E-A2DD-8D9DC312A8D3} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-09 16:36 - 2017-02-08 12:38 - 00079872 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\12618libfoxloader-x64.dll
2016-01-31 09:12 - 2013-06-28 16:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-04-29 11:38 - 2014-04-29 11:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 11:35 - 2014-04-29 11:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 11:42 - 2014-04-29 11:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-04-07 20:27 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-04-07 20:27 - 2017-02-08 12:39 - 00080576 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2015-07-17 13:39 - 2015-07-17 13:39 - 04612448 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2015-07-17 13:40 - 2015-07-17 13:40 - 00013664 _____ () C:\Program Files (x86)\Acer\Care Center\LogDebug.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00177504 _____ () C:\Program Files (x86)\Acer\Care Center\ACCUtilities.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00025440 _____ () C:\Program Files (x86)\Acer\Care Center\MonitorDataHelper.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00018784 _____ () C:\Program Files (x86)\Acer\Care Center\ACCPlugin.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00026464 _____ () C:\Program Files (x86)\Acer\Care Center\MonitorControlLib.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00065888 _____ () C:\Program Files (x86)\Acer\Care Center\ACCMonitorPlugin\ACCSupportMonitor.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00042336 _____ () C:\Program Files (x86)\Acer\Care Center\ACCMonitorPlugin\ACtCTuneUpMonitorDisk.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00016224 _____ () C:\Program Files (x86)\Acer\Care Center\ACCADSManager.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 01744224 _____ () C:\Program Files (x86)\Acer\Care Center\ACCPlugin\ACCTuneUpPlg.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00019296 _____ () C:\Program Files (x86)\Acer\Care Center\ACCNotifyShow.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00013152 _____ () C:\Program Files (x86)\Acer\Care Center\FullScreenDetector.dll
2016-04-07 20:27 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-04-07 20:27 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\24777libfoxloader.dll
2016-09-20 20:02 - 2016-09-20 20:02 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 14:09 - 2016-08-30 14:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 14:05 - 2016-08-30 14:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\woya\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+axnmj+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+axnmj+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+gbsft+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+gbsft+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+ppoad+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+ppoad+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+qsdah+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+qsdah+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\Run: => "GSplay.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A6E0E8B8-0F7E-48EC-B3BF-379632A43DBB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{7C6BE4EB-52FF-45AA-9269-9FF67A95459C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{82278E7C-5DB9-486E-A1E8-B06E8F1257CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3D602074-8D86-4C00-8C67-8BAC650E4557}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C723D88F-312E-4426-81B3-3704ECD8D10B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{952B2A17-ED85-47BF-B693-77FC0844D25C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5270D993-F1FB-4EAE-8D38-52712D8588D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BEA74ED-700A-4272-9A44-EBA52E14C3DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAEF7DD4-F8BD-4813-B4EB-5112F3C199E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AC650F09-802D-4BE7-802E-708FE90381FE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{779C7489-EF91-4AB2-8CC9-F6EBD8793FD5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5324E564-9C31-434B-8F91-9BA1F820FD46}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0B510DC5-836C-4BB3-9A11-32EBDDE695FF}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{184D893A-38EB-4022-9798-B8F0F544F3BD}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{88AACC96-5109-4F27-9FB9-5426CF542A37}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{83ED3DC9-491B-4458-A3F9-BDD0CD37825A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CAC036C5-2566-4B1D-B156-8CB1A0C2901D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8B7801E1-32B2-4BE3-9963-9F5B88CD1D8B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7D23B06D-FF5F-4DE9-9B8B-CE85F8AD211A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CC01E70B-EDFA-42CD-8823-0C169935BC6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B4DD6EF5-B6C1-4C01-8FE8-670FD2FF6370}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C575E886-A720-4354-AC51-1099ECA3877D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0EA76FA5-C5CA-48A4-B59F-5D67A2027A7A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{36A3F1C7-24A2-46D7-A1DD-814D6FF6C99F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{56B2D0CE-F65F-4864-B41C-9E67F42CADCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35EF9241-2D95-4429-86A1-D11E3355B9F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{726C32E7-CBB5-43B2-8965-8F441D694D11}] => (Allow) C:\Users\woya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{646D8618-A930-47FB-BF11-8CF655953197}] => (Allow) C:\Users\woya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FBCA041-03AC-481F-A52E-5A9F149389E7}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5510A360-19BF-44A7-8CA9-8F4609DAF3EA}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B3AFDE39-1F24-4E85-B26D-80A56EED1F50}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{37BB6B44-936A-4273-9234-0610BB082074}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C719ED7F-DE85-44C2-B366-C54E08FA0840}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9C3D067D-4B0E-410D-AE26-625F3F5909B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{2482F45F-CA39-46C3-B155-3BC3AAD78F65}C:\users\woya\gsplay\csko\hl.exe] => (Block) C:\users\woya\gsplay\csko\hl.exe
FirewallRules: [UDP Query User{5F5A9D60-28CC-4D22-98EE-C821FF2A9553}C:\users\woya\gsplay\csko\hl.exe] => (Block) C:\users\woya\gsplay\csko\hl.exe
FirewallRules: [{ECFD9D02-4DCA-4650-A089-74D77867A7EB}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D6E05EE6-4789-4FE9-9797-0637540DD7CA}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{5286E535-A5D9-465F-B9A8-67EFEB0C1480}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{AD961097-BDB7-4026-AA17-07E30410DAA7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{2B6D838C-CDD9-4FB6-A9BC-FF3879FF6E8D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{A0997697-D8DE-4E4B-828C-80BA688417EC}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{3936CBBF-ED6D-4738-948A-12C6A946837C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{C822E9DA-F6A9-49CE-99F3-6588B83033F1}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{3658897B-FECA-4772-A9E1-18C7CC0E166E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4Downloader.exe] => Enabled:MP4 Downloader

==================== Restore Points =========================

16-01-2017 17:05:28 Naplánovaný kontrolní bod
10-02-2017 17:32:41 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
10-02-2017 17:33:57 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
18-02-2017 10:10:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2017 11:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACCStd.exe, verze: 2.1.8006.0, časové razítko: 0x55a873b5
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532954fb
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000005bf8
ID chybujícího procesu: 0x1098
Čas spuštění chybující aplikace: 0x01d28dbee514199d
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\KERNELBASE.dll
ID zprávy: 3cf6d7f6-f9b2-11e6-829e-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/23/2017 11:24:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: ACCStd.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentException
Zásobník:
na System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Insert(System.__Canon, System.__Canon, Boolean)
na MonitorControlLib.MonitorSelector.AddMonitorObj(MonitorControlLib.IMonitorObject)
na ACtCTuneUpDiskMonitor.MonitorPlugin.InitMonitorObjects()
na MonitorControlLib.MonitorManager.LaunchManager()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (02/22/2017 06:19:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RSITx64.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 16ac

Čas spuštění: 01d28d2efea0ce43

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\woya\Downloads\RSITx64.exe

ID hlášení: 05e95481-f923-11e6-829e-acd1b85b8ca0

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (02/19/2017 05:32:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACCStd.exe, verze: 2.1.8006.0, časové razítko: 0x55a873b5
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532954fb
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000005bf8
ID chybujícího procesu: 0x4de0
Čas spuštění chybující aplikace: 0x01d28acc0249831e
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\KERNELBASE.dll
ID zprávy: 10c658c2-f6c1-11e6-8291-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/19/2017 05:31:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACCStd.exe, verze: 2.1.8006.0, časové razítko: 0x55a873b5
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532954fb
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000005bf8
ID chybujícího procesu: 0x4de0
Čas spuštění chybující aplikace: 0x01d28acc0249831e
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\KERNELBASE.dll
ID zprávy: e56d9774-f6c0-11e6-8291-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/19/2017 05:31:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: ACCStd.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentException
Zásobník:
na System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Insert(System.__Canon, System.__Canon, Boolean)
na MonitorControlLib.MonitorSelector.AddMonitorObj(MonitorControlLib.IMonitorObject)
na ACtCTuneUpDiskMonitor.MonitorPlugin.InitMonitorObjects()
na MonitorControlLib.MonitorManager.LaunchManager()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (02/18/2017 10:06:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/18/2017 09:51:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 56.0.2924.87 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 30cc

Čas spuštění: 01d289c407781257

Čas ukončení: 3542

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 785f680b-f5b7-11e6-8291-acd1b85b8ca0

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (02/03/2017 09:25:25 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/03/2017 09:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: LiveUpdateAgent.exe, verze: 2.0.2002.0, časové razítko: 0x550985aa
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007fff16d416b4
ID chybujícího procesu: 0x1e34
Čas spuštění chybující aplikace: 0x01d27e58b79aade1
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 11d64128-ea4c-11e6-828e-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/23/2017 12:58:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070003): Microsoft.ZuneMusic.

Error: (02/23/2017 12:58:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070003): Microsoft.Office.OneNote.

Error: (02/23/2017 12:46:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba User Experience Improvement Program byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Quick Access RadioMgr Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ePower Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Quick Access Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (02/23/2017 12:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/23/2017 12:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba WC Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2016-03-30 00:16:34.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 27%
Total physical RAM: 3977.98 MB
Available physical RAM: 2899.33 MB
Total Virtual: 6793.98 MB
Available Virtual: 5514.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.63 GB) (Free:84.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E5D888E7)

Partition: GPT.

==================== End of Addition.txt ============================

Potřebuji ještě log FRST. Toto je pouze Additional.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by woya (administrator) on WOYTA (24-02-2017 12:58:55)
Running from C:\Users\woya\Downloads
Loaded Profiles: woya (Available Profiles: woya & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\woya\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [Steam] => "C:\Users\woya\Desktop\Nová složka\steam.exe" -silent
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [GSplay.exe] => C:\Users\woya\Desktop\GSplay.exe
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\woya\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\woya\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9D8B0457-CB80-45F2-93FC-226FF32ED990}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {07DABBBB-7C71-43CD-9A0B-38218CEB43CD} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {20A794BE-539A-4ABE-905E-BF7262C67DA1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {35F1F2F5-6E9B-4FA5-9365-06DE685EC9F6} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {4676566E-8E36-47B1-AC52-289DD87C7642} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {7FF58829-AE7D-4698-88BB-44079369A2F9} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {8BBC4653-7911-4317-8A75-C5E56D3170AC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {9814D5FA-946F-4F51-80CC-417F8AE0ABD5} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {C7F25AC1-915D-414D-B4E2-19DE7550F76E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {F0473FF6-D974-430F-843B-597BE706BBA0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_FF.xpi => not found
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Prezentace Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Dokumenty Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-29]
CHR Extension: (Disk Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (Seznam Lištička - Email) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-22]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-22]
CHR Extension: (YouTube) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Tabulky Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-22]
CHR Extension: (Gmail) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [315376 2014-06-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2015-09-08] (Disc Soft Ltd)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 12:54 - 2017-02-24 12:54 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64 (2).exe
2017-02-24 12:53 - 2017-02-24 12:53 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64 (1).exe
2017-02-23 18:09 - 2017-02-23 18:09 - 00000000 ____D C:\Users\woya\Downloads\FRST-OlderVersion
2017-02-23 12:42 - 2017-02-23 12:46 - 00000000 ____D C:\AdwCleaner
2017-02-23 12:42 - 2017-02-23 12:42 - 04015056 _____ C:\Users\woya\Downloads\adwcleaner_6.043.exe
2017-02-23 11:28 - 2017-02-24 12:57 - 00037999 _____ C:\Users\woya\Downloads\Addition.txt
2017-02-23 11:25 - 2017-02-24 12:58 - 00017957 _____ C:\Users\woya\Downloads\FRST.txt
2017-02-23 11:25 - 2017-02-24 12:58 - 00000000 ____D C:\FRST
2017-02-23 11:23 - 2017-02-23 18:09 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 01107968 _____ C:\Users\woya\Downloads\RSIT.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 00000000 ____D C:\Program Files (x86)\trend micro
2017-02-22 18:18 - 2017-02-22 18:18 - 01324032 _____ C:\Users\woya\Downloads\RSITx64 (1).exe
2017-02-22 18:13 - 2017-02-22 18:13 - 01222144 _____ C:\Users\woya\Downloads\RSITx64.exe
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\rsit
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\Program Files\trend micro
2017-02-22 17:12 - 2017-02-22 17:12 - 00023032 _____ (Wiper Software) C:\WINDOWS\system32\wiperrm.exe
2017-02-22 17:12 - 2017-02-22 17:12 - 00003278 _____ C:\WINDOWS\System32\Tasks\WiperSoft Startup
2017-02-22 17:12 - 2017-02-22 17:12 - 00000786 _____ C:\Users\woya\Desktop\WiperSoft.lnk
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Users\woya\AppData\Local\CrashRpt
2017-02-22 17:11 - 2017-02-22 17:11 - 01944616 _____ (WiperSoft) C:\Users\woya\Downloads\WiperSoft-installer.exe
2017-02-22 16:31 - 2017-02-22 17:32 - 00000000 ____D C:\WINDOWS\pss
2017-02-19 21:08 - 2017-02-19 21:08 - 00000791 _____ C:\Users\woya\Desktop\Start Tor Browser.lnk
2017-02-19 21:07 - 2017-02-19 21:08 - 00000000 ____D C:\Users\woya\Desktop\Tor Browser
2017-02-16 19:09 - 2017-02-20 20:09 - 00000000 ____D C:\Users\woya\Documents\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00001373 _____ C:\Users\Public\Desktop\18 WoS Extreme Trucker.lnk
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\Program Files (x86)\18 WoS Extreme Trucker
2017-02-10 17:35 - 2017-02-10 17:51 - 00000000 ____D C:\ProgramData\Nero
2017-02-10 17:28 - 2017-02-10 17:41 - 00000000 ____D C:\Users\woya\AppData\Roaming\Nero
2017-02-09 16:34 - 2017-02-10 17:40 - 00000000 ____D C:\Users\woya\Desktop\2017 cd
2017-02-05 20:22 - 2017-02-12 20:06 - 00000000 ____D C:\Users\woya\Desktop\garáž inspirace
2017-02-03 21:31 - 2017-02-03 21:31 - 00003366 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00004214 _____ C:\WINDOWS\System32\Tasks\avast! BCU UpdateS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00001153 _____ C:\Users\woya\Desktop\Avast Browser Cleanup.lnk
2017-02-03 21:30 - 2017-02-03 21:30 - 00000000 ____D C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 12:54 - 2015-01-17 04:40 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-24 12:54 - 2015-01-17 04:40 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-24 12:54 - 2014-03-18 10:47 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 12:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-23 12:53 - 2016-04-07 20:26 - 00000000 ____D C:\Users\woya\AppData\Roaming\Seznam.cz
2017-02-23 12:47 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 12:46 - 2015-09-07 20:42 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-02-23 12:45 - 2015-09-07 20:42 - 00000000 ____D C:\Users\woya\AppData\Roaming\Lavasoft
2017-02-23 11:40 - 2015-07-29 18:21 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-23 11:26 - 2016-01-31 09:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-23 11:24 - 2015-07-29 18:21 - 00000000 ____D C:\Users\woya\AppData\Local\CrashDumps
2017-02-22 16:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 17:09 - 2015-06-14 18:55 - 00000000 ____D C:\Users\woya\Desktop\psani
2017-02-20 17:48 - 2015-08-20 19:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\vlc
2017-02-20 17:37 - 2016-10-26 19:19 - 00000000 ____D C:\Users\woya\Desktop\ok obrázky
2017-02-19 21:08 - 2016-06-21 07:44 - 00000839 _____ C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-02-19 20:43 - 2015-05-31 18:47 - 00000000 ____D C:\Users\woya\Desktop\obrázky
2017-02-15 14:43 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-10 17:34 - 2014-07-25 10:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-04 00:00 - 2015-07-29 18:04 - 00000000 ____D C:\Users\woya
2017-02-03 22:00 - 2016-03-29 17:25 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 21:38 - 2016-03-29 17:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\AVAST Software
2017-02-03 21:38 - 2016-03-29 17:15 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-02 17:10 - 2013-08-22 15:44 - 00381936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.txt
2016-03-29 17:25 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.png
2016-03-29 17:25 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.txt
2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.txt
2016-03-29 17:23 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.png
2016-03-29 17:24 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.txt
2016-03-29 13:31 - 2016-03-29 14:17 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.png
2016-03-29 13:31 - 2016-03-29 14:17 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.txt
2016-03-29 17:05 - 2016-03-29 18:48 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.png
2016-03-29 17:05 - 2016-03-29 18:48 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.txt
2016-03-28 17:32 - 2016-03-28 18:01 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.png
2016-03-28 17:32 - 2016-03-28 18:01 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.txt
2016-03-29 13:13 - 2016-03-29 13:21 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.png
2016-03-29 13:13 - 2016-03-29 13:21 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.txt
2015-01-17 04:48 - 2015-01-17 04:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-04-07 20:48 - 2015-11-23 18:51 - 4964056 _____ (Acer Incorporated) C:\Users\woya\AppData\Local\Temp\AcerDocsSetup.exe
2015-09-09 10:22 - 2015-09-09 10:22 - 7850088 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\BingBarSetup-Partner.exe
2015-09-08 09:16 - 2015-09-08 09:16 - 0102912 _____ () C:\Users\woya\AppData\Local\Temp\bitool.dll
2016-04-01 21:54 - 2016-04-01 21:54 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\woya\AppData\Local\Temp\COMAP.EXE
2015-05-15 14:57 - 2015-05-15 14:57 - 0027448 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x64.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0030008 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x86.dll
2015-11-12 15:30 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2016-04-07 21:02 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\FoxitUpdater.exe
2015-09-22 18:06 - 2015-09-22 18:06 - 2382216 _____ (Mooii) C:\Users\woya\AppData\Local\Temp\GoogleSetup.exe
2017-02-10 17:32 - 2014-03-20 00:55 - 1036288 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\kernel32.dll
2015-09-01 12:11 - 2015-09-01 12:11 - 0120336 _____ (McAfee, Inc.) C:\Users\woya\AppData\Local\Temp\McCSPInstall.dll
2016-03-29 18:23 - 2015-09-01 12:11 - 0162120 _____ (McAfee Inc.) C:\Users\woya\AppData\Local\Temp\mccspuninstall.exe
2016-01-31 08:56 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\woya\AppData\Local\Temp\MSETUP4.EXE
2015-12-11 18:02 - 2015-12-11 18:03 - 62903592 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\oct3A0.tmp.exe
2016-02-17 11:05 - 2016-02-17 11:06 - 63078856 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octA9B3.tmp.exe
2015-08-06 18:10 - 2015-08-06 18:20 - 67114248 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octAF19.tmp.exe
2015-10-16 20:01 - 2015-10-16 20:03 - 67197784 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB4FF.tmp.exe
2015-12-19 05:16 - 2015-12-19 05:17 - 63066872 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB55E.tmp.exe
2015-09-02 21:56 - 2015-09-02 21:58 - 67202952 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octBB15.tmp.exe
2016-03-12 23:06 - 2016-03-12 23:06 - 63142648 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octC5AF.tmp.exe
2015-12-04 20:11 - 2015-12-04 20:18 - 62760704 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octCDC7.tmp.exe
2016-03-09 09:13 - 2016-03-09 09:14 - 63143840 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octD498.tmp.exe
2015-10-30 21:49 - 2015-10-30 21:51 - 64809432 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octF860.tmp.exe
2015-05-15 14:57 - 2015-05-15 14:57 - 0033080 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-win32.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0032056 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-x64.dll
2016-03-26 21:10 - 2016-03-26 21:10 - 0685568 _____ () C:\Users\woya\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
2016-07-03 15:11 - 2016-07-03 15:12 - 30533688 _____ () C:\Users\woya\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-09-25 06:00 - 2016-09-25 06:00 - 1246584 _____ (Google Inc.) C:\Users\woya\AppData\Local\Temp\{E3206134-7530-4F06-B7CC-238CD47B99DC}-53.0.2785.143_53.0.2785.116_chrome_updater.exe
2017-02-09 16:36 - 2017-02-09 16:36 - 0534528 _____ () C:\Users\woya\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 17:15

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
oolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\Users\woya\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll => No File <==== ATTENTION
Task: {0E584EB4-44EB-4EFF-AF8F-18FECFC02980} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FC5BAE0-D1E0-4907-921A-C998C4706788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)

EmptyTemp:
End

Uložte do C:\Users\woya\Downloads plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Zdravím log se neobjevil. Myslel jste uložit do stažených souborů nebo přímo na plochu?

Pardon, to bude asi tohle, že:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by woya (24-02-2017 14:34:38) Run:2
Running from C:\Users\woya\Downloads
Loaded Profiles: woya (Available Profiles: woya & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
oolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\Users\woya\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll => No File <==== ATTENTION
Task: {0E584EB4-44EB-4EFF-AF8F-18FECFC02980} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FC5BAE0-D1E0-4907-921A-C998C4706788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)

EmptyTemp:
End
*****************

HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34852885-5583-11e5-8263-acd1b85b8ca0} => key not found.
HKCR\CLSID\{34852885-5583-11e5-8263-acd1b85b8ca0} => key not found.
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5deba2d2-560f-11e5-8265-acd1b85b8ca0} => key not found.
HKCR\CLSID\{5deba2d2-560f-11e5-8265-acd1b85b8ca0} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found.
oolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\glhecpdglaanfgdgcefipbokcmenleaf => key not found.
aswVmm => service not found.
"C:\ProgramData\DP45977C.lfl" => not found.
C:\Users\woya\AppData\Local\Temp => moved successfully
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E584EB4-44EB-4EFF-AF8F-18FECFC02980} => key not found.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FC5BAE0-D1E0-4907-921A-C998C4706788} => key not found.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6336167 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1732 B
Edge => 0 B
Chrome => 8975976 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -650 B
woya => 20129 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 22.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:34:41 ====

Mělo by to být OK.

Děkuji za pomoc. Nevíte kde jsem k tomu mohl přinít. Antivirovy program využívám.

Ransomware existuje v mnoho variantách, takže ji AV ani nemusel znát.