Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.10.2018
Ran by Shark_a (administrator) on ŠÁRKA-PC (10-10-2018 12:20:52)
Running from C:\Users\Shark_a\Downloads
Loaded Profiles: Shark_a (Available Profiles: Šárka & Shark_a)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3201373891-2770881317-2911375207-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3201373891-2770881317-2911375207-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3201373891-2770881317-2911375207-1000\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{009DEF2C-BEB5-4B7B-B44B-E74F3C9435DD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6F948DC8-2A39-4E9B-8346-75B2C55D21AC}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{97C66666-0C60-4CDA-8972-464553C40FBE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F4A5BECF-F960-4069-AE51-AB18CBF15CC3}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3201373891-2770881317-2911375207-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default [2018-10-10]
CHR Extension: (Prezentace) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-07]
CHR Extension: (Dokumenty) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-07]
CHR Extension: (Disk Google) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-10]
CHR Extension: (YouTube) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]
CHR Extension: (Tabulky) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-10]
CHR Extension: (Hangouts Google) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2018-07-21]
CHR Extension: (Skype) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-01-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-10]
CHR Extension: (Gmail) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-28]
CHR Profile: C:\Users\Shark_a\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1795176 2011-08-29] (Realsil Microelectronics Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 avast; "C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [10542080 2011-04-05] (Intel Corporation) [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254568 2011-08-29] (Realtek Semiconductor Corp.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [119952 2016-03-10] (MBB)
U1 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae.sys [X]
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-10 17:16 - 2018-10-10 17:16 - 000262144 _____ C:\Windows\system32\config\sam.lbk
2018-10-10 12:20 - 2018-10-10 12:21 - 000009991 _____ C:\Users\Shark_a\Downloads\FRST.txt
2018-10-10 12:20 - 2018-10-10 12:20 - 001774592 _____ (Farbar) C:\Users\Shark_a\Downloads\FRST.exe
2018-10-10 12:20 - 2018-10-10 12:20 - 000000000 ____D C:\FRST
2018-10-10 11:58 - 2018-10-10 11:59 - 000000000 ____D C:\rsit
2018-10-10 11:58 - 2018-10-10 11:58 - 001107968 _____ C:\Users\Shark_a\Downloads\RSIT.exe
2018-10-10 11:58 - 2018-10-10 11:58 - 000000000 ____D C:\Program Files\trend micro
2018-10-09 04:41 - 2018-10-09 05:14 - 4211651293 _____ C:\Users\Šárka\takeout-20180826T145022Z-011.zip
2018-10-06 22:24 - 2018-10-06 22:24 - 078242924 _____ C:\Users\Šárka\Downloads\IMG_8477.MOV
2018-09-29 00:01 - 2018-09-29 00:01 - 000000000 ____D C:\Users\Shark_a\AppData\Local\ElevatedDiagnostics
2018-09-15 09:28 - 2018-09-15 09:29 - 160398136 _____ (Apple Inc.) C:\Users\Šárka\Downloads\iCloudSetup.exe
2018-09-15 05:09 - 2018-09-15 05:09 - 000031413 _____ C:\Users\Šárka\Documents\Who NOSE5.8..txt
2018-09-12 11:28 - 2018-08-10 17:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-12 11:28 - 2018-08-10 17:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-12 11:28 - 2018-08-10 17:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-12 11:28 - 2018-08-10 17:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-12 11:28 - 2018-08-10 17:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-10 13:36 - 2018-10-10 11:38 - 000004284 _____ C:\Windows\system32\PerfStringBackup.TMP
2018-09-10 12:58 - 2018-09-28 22:55 - 000000644 __RSH C:\Users\Shark_a\ntuser.pol
2018-09-10 12:35 - 2018-07-17 00:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-10 12:03 - 2009-07-14 06:34 - 000018192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-10 12:03 - 2009-07-14 06:34 - 000018192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-10 11:38 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-10-10 11:33 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-10 11:10 - 2015-12-08 20:05 - 000000000 ____D C:\Users\Šárka\AppData\Roaming\Skype
2018-10-09 05:14 - 2015-10-23 19:16 - 000000000 ____D C:\Users\Šárka
2018-09-29 10:44 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-29 09:36 - 2016-03-10 23:48 - 000000000 ____D C:\Users\Shark_a
2018-09-29 07:58 - 2015-10-31 04:21 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-09-29 07:56 - 2018-08-12 11:20 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-29 07:56 - 2018-08-05 08:39 - 000000000 ___RD C:\Users\Šárka\Downloads\François Tremen_files
2018-09-29 07:56 - 2018-01-07 17:43 - 000000000 ____D C:\Program Files\Common Files\Skype
2018-09-29 07:56 - 2017-06-09 15:21 - 000000000 ___RD C:\Program Files\Skype
2018-09-29 07:56 - 2017-06-09 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-09-29 07:56 - 2017-02-07 14:51 - 000000000 ____D C:\Users\Šárka\Downloads\[ www.torrenting.com ] - Chemsex.2015.DVDRip.x264-GHOULS
2018-09-29 07:56 - 2017-01-31 18:16 - 000000000 ____D C:\Users\Šárka\Desktop\Subs
2018-09-29 07:56 - 2016-11-04 03:50 - 000000000 ____D C:\Users\Šárka\Downloads\PROTEKTOR
2018-09-29 07:56 - 2016-08-05 19:13 - 000000000 ___RD C:\Users\Shark_a\Tracing
2018-09-29 07:56 - 2016-04-23 14:26 - 000000000 ____D C:\Program Files\Codec Pack - All In 1
2018-09-29 07:56 - 2016-01-23 23:27 - 000000000 ____D C:\Users\Šárka\Downloads\The.Big.Short.2015.DVDScr.XVID.AC3.HQ.Hive-CM8
2018-09-29 07:56 - 2016-01-23 22:57 - 000000000 ____D C:\Users\Šárka\Downloads\Secret in Their Eyes (2015) 720p BluRay x264 YIFY
2018-09-29 07:56 - 2016-01-23 20:19 - 000000000 ____D C:\Users\Šárka\Downloads\Subs
2018-09-29 07:56 - 2016-01-08 20:46 - 000000000 ____D C:\Users\Šárka\Downloads\Reservoir Dogs (1992) [1080p]
2018-09-29 07:56 - 2015-10-26 13:34 - 000000000 ____D C:\Program Files\Broadcom
2018-09-29 07:56 - 2009-07-14 04:37 - 000000000 __RHD C:\Users\Public\Libraries
2018-09-29 07:56 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2018-09-29 07:55 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-09-29 07:54 - 2016-08-18 21:07 - 000000000 ____D C:\Users\Šárka\Downloads\DANCEFLOOR
2018-09-29 07:54 - 2016-04-23 16:20 - 000000000 ____D C:\Users\Šárka\Downloads\BXX58+-Tajemstvi-jejich-oci---The.secret-in-their-eyes.DRAMA-2009-CZ-SUB
2018-09-29 07:54 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\DVD Maker
2018-09-29 07:54 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-09-29 07:11 - 2018-08-17 23:40 - 000328192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-29 06:40 - 2009-07-14 11:19 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-09-29 06:40 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\inetsrv
2018-09-28 22:42 - 2018-05-23 02:46 - 000000000 ____D C:\Users\Shark_a\AppData\Local\AVAST Software
2018-09-28 22:42 - 2015-10-26 13:42 - 000000000 ____D C:\ProgramData\AVAST Software
2018-09-28 22:32 - 2018-05-25 02:08 - 000000000 ____D C:\Users\Šárka\AppData\Local\AVAST Software
2018-09-20 17:50 - 2015-10-26 13:39 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-20 17:50 - 2015-10-26 13:39 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-15 05:04 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-09-10 23:01 - 2016-09-06 22:19 - 000000000 ____D C:\Users\Šárka\Downloads\FUNE

==================== Files in the root of some directories =======

2016-10-10 03:02 - 2016-10-10 03:02 - 000000017 _____ () C:\Users\Shark_a\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-06-09 15:18 - 2017-06-09 15:18 - 014456872 _____ (Microsoft Corporation) C:\Users\Shark_a\AppData\Local\Temp\vc_redist.x86.exe
2016-09-14 15:53 - 2016-09-14 15:53 - 000003584 _____ () C:\Users\Šárka\AppData\Local\Temp\8dsoevvu.dll
2015-12-08 20:15 - 2015-12-08 20:15 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Šárka\AppData\Local\Temp\BingSvc.exe
2015-12-08 20:15 - 2015-12-08 20:15 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Šárka\AppData\Local\Temp\BSvcProcessor.exe
2015-12-08 20:15 - 2015-12-08 20:15 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Šárka\AppData\Local\Temp\BSvcUpdater.exe
2016-05-06 07:54 - 2016-05-06 07:54 - 000003584 _____ () C:\Users\Šárka\AppData\Local\Temp\ei7h_yik.dll
2016-10-07 11:39 - 2017-03-09 08:12 - 056756184 _____ (Skype Technologies S.A.) C:\Users\Šárka\AppData\Local\Temp\SkypeSetup.exe
2016-05-11 06:37 - 2016-05-11 06:37 - 001295448 _____ (Google Inc.) C:\Users\Šárka\AppData\Local\Temp\{DF2B35B0-9FE3-425E-AEEB-2043ECFE2A5D}-50.0.2661.102_50.0.2661.94_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-06 19:22

==================== End of FRST.txt ============================