Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by 05667 (administrator) on RADOSLAVSR (24-01-2016 11:43:50)
Running from C:\Users\05667\Desktop
Loaded Profiles: 05667 (Available Profiles: 05667)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2015-12-16] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Run: [EPSON SX110 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE [223232 2008-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14305952 2014-09-29] (Gadwin Systems)
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-23] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-15]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-15]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{085a96a2-e3ed-497a-91d6-9398ac67ddf5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6B0B1543-CE99-41FB-AFE4-06352B22CE1C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-3641774439-2828617140-3225078060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://
www.google.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3641774439-2828617140-3225078060-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://
www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-23] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-23] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [
msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://google.sk/
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Good Morning) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidllfklologdjckenbjmdichamhjllc [2016-01-21]
CHR Extension: (AdBlock) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20]
CHR Extension: (Language Games : English) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihlhnabocoobedjofajlcimegiomkemd [2014-12-13]
CHR Extension: (Google Mail Checker) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (FB Fast) - C:\Users\05667\AppData\Local\Google\Chrome\User Data\Default\Extensions\olacjgeaghngbckbengchedjejodkdmo [2016-01-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-06-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-06-28] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2014-06-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-06-28] (Microsoft Corporation)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [666624 2012-04-27] ( )
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-24 10:11 - 2012-01-20 16:35 - 00000000 ____D C:\Users\05667\Desktop\bukasovy masiv
2016-01-24 08:42 - 2016-01-24 08:42 - 01505280 _____ C:\Users\05667\Desktop\adwcleaner_5.030.exe
2016-01-23 19:15 - 2016-01-23 19:16 - 00034985 _____ C:\Users\05667\Desktop\Addition.txt
2016-01-23 19:13 - 2016-01-24 11:43 - 00016081 _____ C:\Users\05667\Desktop\FRST.txt
2016-01-23 19:13 - 2016-01-24 11:43 - 00000000 ____D C:\FRST
2016-01-23 19:13 - 2016-01-23 19:13 - 02370560 _____ (Farbar) C:\Users\05667\Desktop\FRST64.exe
2016-01-23 12:27 - 2016-01-23 12:27 - 00000000 ____D C:\Users\05667\Desktop\Elvis Presley - Gold The Very Best of the King
2016-01-22 21:58 - 2016-01-22 21:58 - 01865596 _____ C:\Users\05667\Desktop\fwdrezujemoinzertar0ik4000001.zip
2016-01-21 21:33 - 2016-01-21 22:11 - 1378306048 _____ C:\Users\05667\Downloads\boj-sněžného-pluhu-s-mafií.avi
2016-01-21 19:06 - 2016-01-21 19:06 - 00000635 _____ C:\Users\05667\Desktop\vymenene gerety emden.txt
2016-01-21 14:28 - 2016-01-21 14:28 - 00002233 _____ C:\Users\Public\Desktop\Gadwin PrintScreen (64-Bit).lnk
2016-01-21 14:28 - 2016-01-21 14:28 - 00000000 ____D C:\Users\05667\AppData\Roaming\Gadwin
2016-01-21 14:28 - 2016-01-21 14:28 - 00000000 ____D C:\Users\05667\AppData\Local\Gadwin
2016-01-21 14:28 - 2016-01-21 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin
2016-01-21 14:28 - 2016-01-21 14:28 - 00000000 ____D C:\Program Files\Gadwin
2016-01-21 14:27 - 2016-01-21 14:27 - 13148691 _____ C:\Users\05667\Desktop\PrintScreen540_Setup.zip
2016-01-21 14:16 - 2016-01-21 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-01-21 14:16 - 2016-01-21 14:16 - 00000000 ____D C:\Program Files (x86)\TechSmith
2016-01-20 16:53 - 2016-01-20 16:53 - 00000574 _____ C:\Users\05667\Desktop\url.htm
2016-01-19 14:46 - 2016-01-19 15:43 - 1974632448 _____ C:\Users\05667\Downloads\Druhá míza [Danny Collins] 2015 (CZ Dabing).avi
2016-01-18 20:43 - 2016-01-18 21:15 - 781206384 _____ C:\Users\05667\Downloads\Cena moci 2015 Cz dab..mkv
2016-01-17 11:00 - 2016-01-17 11:00 - 00408342 _____ C:\Users\05667\Desktop\obrzkyprevspoet2.zip
2016-01-17 10:57 - 2016-01-17 10:57 - 05291941 _____ C:\Users\05667\Desktop\nabijacka.zip
2016-01-16 18:36 - 2016-01-16 18:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-16 18:36 - 2016-01-16 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-16 09:04 - 2016-01-18 20:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-16 09:04 - 2016-01-16 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-16 09:04 - 2016-01-16 09:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-16 09:04 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-16 09:04 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-16 09:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-14 20:45 - 2016-01-14 20:45 - 00204386 _____ C:\Users\05667\Desktop\Zmluvna_dokumentacia.zip
2016-01-14 18:34 - 2016-01-16 16:49 - 00000000 ____D C:\Users\05667\Desktop\odvirenie pc
2016-01-14 18:27 - 2016-01-14 18:27 - 00000000 ____D C:\_OTM
2016-01-13 15:45 - 2016-01-13 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visible Body Muscle Premium
2016-01-13 15:45 - 2016-01-13 15:45 - 00000000 ____D C:\Program Files (x86)\Visible Body Muscle Premium_DVT
2016-01-06 16:31 - 2016-01-06 16:31 - 00012781 _____ C:\Users\05667\Documents\34888_01_9982_2016-01-06.pdf
2016-01-06 16:31 - 2016-01-06 16:31 - 00012780 _____ C:\Users\05667\Documents\34888_00_9981_2016-01-06.pdf
2016-01-04 18:54 - 2016-01-04 18:54 - 00481208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-02 13:07 - 2016-01-06 21:14 - 00000000 ____D C:\Users\05667\Desktop\balneo1
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-24 11:22 - 2014-09-02 07:50 - 00000000 __RDO C:\Users\05667\SkyDrive
2016-01-24 11:22 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-24 11:22 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-24 11:22 - 2013-05-13 09:10 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-24 09:52 - 2013-09-30 05:04 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-24 08:48 - 2015-01-23 23:58 - 00000000 ____D C:\AdwCleaner
2016-01-23 22:59 - 2014-05-25 18:26 - 00000000 ____D C:\Users\05667\AppData\Roaming\vlc
2016-01-23 19:16 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-21 19:11 - 2013-04-09 18:01 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3641774439-2828617140-3225078060-1001
2016-01-21 14:17 - 2013-10-22 14:28 - 00000000 ____D C:\Users\05667
2016-01-21 07:09 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-19 15:43 - 2014-05-16 16:30 - 00000000 ____D C:\Program Files (x86)\FastShare
2016-01-19 13:30 - 2013-08-21 23:03 - 00007622 _____ C:\Users\05667\AppData\Local\Resmon.ResmonCfg
2016-01-16 21:00 - 2013-04-09 23:59 - 00000000 ____D C:\Users\05667\AppData\Roaming\Skype
2016-01-16 18:36 - 2014-03-02 13:13 - 00000000 ____D C:\Users\05667\AppData\Local\Skype
2016-01-16 18:36 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-16 18:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-16 18:36 - 2013-04-09 23:59 - 00000000 ____D C:\ProgramData\Skype
2016-01-16 18:36 - 2013-04-09 17:54 - 00000000 ____D C:\Users\05667\AppData\Local\Packages
2016-01-16 12:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\security
2016-01-16 09:04 - 2014-01-01 23:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-14 18:33 - 2013-08-18 20:31 - 00000000 ____D C:\Program Files\trend micro
2016-01-04 18:52 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-04 10:48 - 2015-12-08 19:33 - 00000000 ____D C:\Users\05667\AppData\Roaming\Opera Software
2016-01-04 10:48 - 2015-12-08 19:33 - 00000000 ____D C:\Users\05667\AppData\Local\Opera Software
2016-01-04 10:48 - 2015-12-08 19:30 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-02 13:15 - 2013-04-10 01:53 - 00000000 ____D C:\Users\05667\Documents\anglictina
2015-12-27 21:35 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories =======
2013-04-13 06:22 - 2013-04-13 06:22 - 0000021 _____ () C:\Users\05667\AppData\Roaming\my_intel.sys
2013-04-09 17:56 - 2013-05-16 21:06 - 0000564 _____ () C:\Users\05667\AppData\Roaming\sp_data.sys
2013-04-10 01:08 - 2015-11-05 11:09 - 0060928 _____ () C:\Users\05667\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 17:07 - 2014-04-09 17:07 - 0000062 _____ () C:\Users\05667\AppData\Local\MRDownloader.err
2014-04-09 16:07 - 2014-04-09 18:24 - 0001080 _____ () C:\Users\05667\AppData\Local\MRDownloader.nast
2013-08-21 23:03 - 2016-01-19 13:30 - 0007622 _____ () C:\Users\05667\AppData\Local\Resmon.ResmonCfg
2013-05-21 20:31 - 2014-04-20 19:58 - 0037324 _____ () C:\Users\05667\AppData\Local\SRDownloader.err
2013-05-18 16:53 - 2014-04-20 20:21 - 0001912 _____ () C:\Users\05667\AppData\Local\SRDownloader.nast
2013-12-27 11:21 - 2013-12-27 11:21 - 0004152 _____ () C:\ProgramData\hsqvmxbo.uxh
2014-11-28 18:26 - 2014-11-28 18:30 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2014-10-04 20:47 - 2014-10-04 20:47 - 0000774 _____ () C:\ProgramData\prevodove tabulky.rar
2012-08-05 03:25 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 03:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\05667\AppData\Local\Temp\sqlite3.dll
C:\Users\05667\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-24 09:37
==================== End of FRST.txt ============================