Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Micha (administrator) on DESKTOP-A7D5F9Q (15-09-2016 16:44:14)
Running from C:\Users\Micha\Desktop
Loaded Profiles: Micha (Available Profiles: Micha)
Platform: Windows 10 Enterprise (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Windows\FixCamera.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5156\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896 2016-06-24] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe
HKU\S-1-5-21-2040892762-862270929-608955600-1002\...\Run: [Micha] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2040892762-862270929-608955600-1002\...\MountPoints2: {3ab00e21-51df-11e6-9bc2-806e6f6e6963} - "E:\Setup.exe"
HKU\S-1-5-21-2040892762-862270929-608955600-1002\...\MountPoints2: {d4398080-5dfc-11e6-9bd9-6245b4ee522f} - "D:\Lenovo_Suite.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{97245a50-693c-40ba-a190-a0c4d315edb8}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{f0dfc7bb-c587-4012-b657-af58070cb870}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-24] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-07-24] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-07-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-07-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-07-24] (Disc Soft Ltd)
R3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2016-07-24] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-07-24] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-07-24] (Microsoft Corporation)
S3 SNPSTD3; \SystemRoot\system32\DRIVERS\snpstd3.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-15 16:44 - 2016-09-15 16:44 - 00008336 _____ C:\Users\Micha\Desktop\FRST.txt
2016-09-15 16:43 - 2016-09-15 16:44 - 00000000 ____D C:\FRST
2016-09-15 16:43 - 2016-09-15 16:43 - 00112640 _____ (forum.viry.cz) C:\Users\Micha\Desktop\FRSTLauncher.exe
2016-09-15 16:42 - 2016-09-15 16:42 - 02398720 _____ (Farbar) C:\Users\Micha\Desktop\FRST64.exe
2016-09-15 16:26 - 2016-09-15 16:26 - 41623168 _____ (Skype Technologies S.A.) C:\Users\Micha\Downloads\SkypeSetupFull.exe
2016-09-15 16:15 - 2016-09-15 16:15 - 00016148 _____ C:\Windows\system32\DESKTOP-A7D5F9Q_Micha_HistoryPrediction.bin
2016-09-15 16:15 - 2016-09-15 16:15 - 00000000 ___HD C:\OneDriveTemp
2016-09-13 19:40 - 2016-09-13 19:40 - 00015250 _____ C:\Users\Micha\Downloads\Dont-Breathe.2016.DVDRip.Full_.Movie_.torrent
2016-09-13 19:40 - 2016-09-13 19:40 - 00000000 ____D C:\Users\Micha\Downloads\Don't Breathe.2016.DVDRip.Full.Movie
2016-09-13 17:46 - 2016-09-13 17:47 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-13 17:29 - 2016-09-13 19:22 - 1291557345 _____ C:\Users\Micha\Downloads\Smrt-Ve-Tmě---Don't-Breathe-(2016)-[CAM]-Cz-Titulky-v-Obraze---Moviestyl.avi
2016-09-10 17:45 - 2016-09-10 17:45 - 00039736 _____ C:\Users\Micha\Downloads\Friend-Request(0000275940).srt
2016-09-10 17:43 - 2016-09-10 17:43 - 00039736 _____ C:\Users\Micha\Downloads\Friend-Request(0000275963).srt
2016-09-10 17:43 - 2016-09-10 17:43 - 00017646 _____ C:\Users\Micha\Downloads\[torrents.igame4v.com] friend request 2016 720p bluray x264-nby 1 mkv.torrent
2016-09-10 17:43 - 2016-09-10 17:43 - 00017646 _____ C:\Users\Micha\Downloads\[torrents.igame4v.com] friend request 2016 720p bluray x264-nby 1 mkv (1).torrent
2016-09-08 21:55 - 2016-09-08 21:55 - 00020611 _____ C:\Users\Micha\Downloads\[CzT]Car_Mechanic_Simulator_2015_Zlata_Edice_v1_0_5_6_2015_CZ_.torrent
2016-09-08 21:50 - 2016-09-08 21:51 - 00000000 ____D C:\Users\Micha\Downloads\Zaslaná pošta
2016-09-01 15:37 - 2016-09-01 15:37 - 00166787 _____ C:\Users\Micha\Downloads\Pracovní výkaz.xlsx
2016-08-30 20:05 - 2016-09-02 21:22 - 00000000 ____D C:\Users\Micha\OneDrive\Dokumenty\The Witcher 3
2016-08-30 20:05 - 2016-08-30 20:09 - 00002257 _____ C:\Users\Public\Desktop\The Witcher 3 Wild Hunt.lnk
2016-08-30 19:10 - 2016-08-30 20:05 - 00000000 ____D C:\Program Files (x86)\The Witcher 3 Wild Hunt
2016-08-30 18:59 - 2016-08-30 18:59 - 00003558 _____ C:\Windows\System32\Tasks\Micha
2016-08-30 17:16 - 2016-08-30 17:17 - 00000000 ____D C:\Users\Micha\Downloads\Lights.Out.2016.CAM.READNFO.XviD-BiGDADDYVAiN
2016-08-30 16:25 - 2016-08-30 16:27 - 00000000 ____D C:\Users\Micha\Downloads\Lights Out (2016) HDCAM x264 [Dual-Audio] [English + Hindi] - Downloadhub
2016-08-30 16:24 - 2016-08-30 16:26 - 00000000 ____D C:\Users\Micha\Downloads\Lights.Out.2016.CAM.READNFO.XviD-BiGDADDYVAiN[SN]
2016-08-27 12:08 - 2016-08-27 12:08 - 00000000 ____D C:\Users\Micha\OneDrive\Dokumenty\Bandicam
2016-08-27 12:08 - 2016-08-27 12:08 - 00000000 ____D C:\Users\Micha\AppData\Roaming\BANDISOFT
2016-08-27 12:08 - 2016-08-27 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-08-27 12:07 - 2016-08-27 12:08 - 00000000 ____D C:\Program Files (x86)\Bandicam
2016-08-27 12:07 - 2016-08-27 12:07 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-08-27 12:05 - 2016-08-27 12:05 - 00000000 ____D C:\Users\Micha\AppData\Local\ShareOnline
2016-08-27 12:04 - 2016-08-27 12:04 - 00005043 _____ C:\ProgramData\rfyearrd.gkz
2016-08-27 12:04 - 2016-08-27 12:04 - 00000016 _____ C:\ProgramData\mntemp
2016-08-27 12:03 - 2016-08-27 12:05 - 00000000 ____D C:\Users\Micha\AppData\Local\Movavi
2016-08-27 12:03 - 2016-08-27 12:03 - 00004887 _____ C:\ProgramData\nolecicr.ofg
2016-08-27 12:03 - 2016-08-27 12:03 - 00000000 ____D C:\Users\Micha\AppData\Roaming\MOVAVI
2016-08-27 11:41 - 2016-08-27 11:41 - 00000000 ____D C:\Users\Micha\AppData\Roaming\library_dir
2016-08-27 11:37 - 2016-08-27 11:37 - 00490070 _____ C:\Windows\system32\Drivers\mozart_12341933178_fw_dump.cmm
2016-08-26 23:50 - 2007-02-10 15:40 - 00020480 _____ () C:\Windows\FixCamera.exe
2016-08-26 23:50 - 2006-07-03 10:31 - 00094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
2016-08-26 23:43 - 2005-11-22 20:40 - 00018944 _____ ( ) C:\Windows\system32\csnpstd3.dll
2016-08-24 19:01 - 2016-08-24 19:03 - 00000000 ____D C:\Users\Micha\AppData\Local\Adobe
2016-08-23 16:58 - 2016-08-23 16:58 - 00001282 _____ C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-08-23 16:58 - 2016-08-23 16:58 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Macromedia
2016-08-17 17:42 - 2016-08-17 17:42 - 00000000 ____D C:\ProgramData\AMD
2016-08-17 16:46 - 2016-08-17 16:46 - 00003342 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-15 16:40 - 2016-07-25 17:26 - 00000000 ____D C:\Users\Micha\AppData\Local\Battle.net
2016-09-15 16:37 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-09-15 16:16 - 2016-07-25 15:42 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-15 16:15 - 2016-07-25 16:18 - 00000000 ___RD C:\Users\Micha\OneDrive
2016-09-14 18:07 - 2016-07-24 23:19 - 00710972 _____ C:\Windows\system32\perfh005.dat
2016-09-14 18:07 - 2016-07-24 23:19 - 00141568 _____ C:\Windows\system32\perfc005.dat
2016-09-14 18:07 - 2016-07-24 22:56 - 01674756 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-14 18:07 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-09-14 18:04 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-14 18:03 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-14 18:02 - 2016-08-12 16:40 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-09-14 18:02 - 2015-07-10 11:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-09-13 19:49 - 2016-07-25 17:23 - 00000000 ____D C:\Users\Micha\AppData\Roaming\uTorrent
2016-09-13 17:47 - 2016-07-25 08:42 - 00000000 ____D C:\Windows\Panther
2016-09-13 17:13 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-12 15:49 - 2016-07-25 15:26 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-08 17:29 - 2016-07-25 15:26 - 00003970 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1469453213
2016-09-08 17:29 - 2016-07-25 15:26 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-01 15:38 - 2016-07-25 16:15 - 00000000 ____D C:\Users\Micha\AppData\Local\Packages
2016-08-30 20:05 - 2016-07-24 22:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-30 16:20 - 2016-08-13 06:11 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Skype
2016-08-30 16:20 - 2016-08-13 06:11 - 00000000 ____D C:\ProgramData\Skype
2016-08-27 12:03 - 2016-07-25 16:17 - 00000000 ____D C:\Users\Micha\AppData\Roaming\PlaysTV
2016-08-27 00:15 - 2015-07-10 13:04 - 00000176 _____ C:\Windows\win.ini
2016-08-25 21:17 - 2016-07-25 16:15 - 00000000 ____D C:\Users\Micha
2016-08-23 16:58 - 2016-07-25 16:27 - 00001258 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-08-17 16:46 - 2016-07-25 16:18 - 00002387 _____ C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== Files in the root of some directories =======
2016-08-27 12:04 - 2016-08-27 12:04 - 0000016 _____ () C:\ProgramData\mntemp
2016-08-27 12:03 - 2016-08-27 12:03 - 0004887 _____ () C:\ProgramData\nolecicr.ofg
2016-08-27 12:04 - 2016-08-27 12:04 - 0005043 _____ () C:\ProgramData\rfyearrd.gkz
Some files in TEMP:
====================
C:\Users\Micha\AppData\Local\Temp\bdfilters.dll
C:\Users\Micha\AppData\Local\Temp\playstv_patch.exe
C:\Users\Micha\AppData\Local\Temp\shareonlinesetup.exe
C:\Users\Micha\AppData\Local\Temp\_is5D9E.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-08 18:00
==================== End of FRST.txt ============================