Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Peťko (administrator) on NTB1-PC (12-02-2017 22:42:32)
Running from C:\Users\Peťko\Downloads
Loaded Profiles: Peťko (Available Profiles: ntb1 & ntb & Peťko & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Peťko\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Peťko\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2015-07-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => E:\CISTENIE\ANTI-MALWARE\mbamtray.exe
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-316863829-186456399-973697600-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2015-01-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-316863829-186456399-973697600-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Peťko\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-316863829-186456399-973697600-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Peťko\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-316863829-186456399-973697600-1002\...\Run: [GoogleChromeAutoLaunch_2DDBF0F9CBA9BBF091554C04329A2D20] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-316863829-186456399-973697600-1002\...\RunOnce: [SeznamInstall-uninstall:be5ea7f76662d290ee3978a6da15e946] => C:\Users\PEKO~1\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2017-02-12] () <===== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4e899c8c-c488-4701-b4a0-b312de1f5a19}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9f996061-23f6-407e-b74a-3e8daf036d4d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{da988592-7b0e-40f7-8b1a-b6a083f85761}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {01FA7F32-8468-416A-88D1-63FBBE50734F} URL = hxxp://
www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {033F6469-C623-4298-840D-4FA647C6C2F0} URL = hxxp://
www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {22DEAD83-053E-4C35-93A8-50ECA8B1CB92} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {28881E76-7131-41BB-AC91-D4CC780FB216} URL = hxxp://
www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {4BAF0D95-68E8-4A54-92C9-D4B9EF61D2B5} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {4CE5D32C-95AF-4F03-B979-389271BA8841} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {60F6AF20-E309-4D27-A61F-8B379ADF96E4} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {82272DE5-3AF0-48FF-B7B1-4D53D90A0865} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-316863829-186456399-973697600-1002 -> {8D5F6A8F-9308-421C-AC0D-4C5C075F9930} URL = hxxp://
www.mapy.cz/?query={searchTerms}&source ... arch_12454
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-13] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-13] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-13] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-13] (Google Inc.)
DPF: HKLM-x32 {63A6B577-3FE7-4BD8-B3F3-8531551F494F} hxxps://portal.allianzsp.sk/crtng/scripts/crtcontrol.cab
DPF: HKLM-x32 {70022607-8F7B-4968-90B1-37E1EC9D9F11} hxxps://cns.allianzsp.sk/cvpn/jHDviTGdX5U5gPtrIe3PcIlf7pUxplf5yX9m6bJ9ubk/portal/web/navigw.nsf/shpages/navigator_swt.htm/$FILE/amccontrol.cab
DPF: HKLM-x32 {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} hxxp://wamail.allianzsp.sk/dwa8W.cab
FireFox:
========
FF DefaultProfile: 1jex59zy.default
FF ProfilePath: C:\Users\Peťko\AppData\Roaming\Mozilla\Firefox\Profiles\1jex59zy.default [2017-01-12]
FF Extension: (Seznam lištička) - C:\Users\Peťko\AppData\Roaming\Mozilla\Firefox\Profiles\1jex59zy.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://
www.slovenskyraj.sk/ck/denn.html
CHR StartupUrls: Profile 2 -> "hxxps://
www.reddit.com/","hxxp://www.google.com/"
CHR Profile: C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default [2016-02-28]
CHR Extension: (Disk Google) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Televízie) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2015-01-21]
CHR Extension: (Adblock Plus) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-28]
CHR Extension: (Google Search) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Mini Radio Player) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj [2015-03-21]
CHR Extension: (Svet TV) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2015-03-21]
CHR Extension: (Európa TV Live) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghiieloefjllhahjnhiemllkdkkobjdm [2016-02-28]
CHR Extension: (AdBlock) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-28]
CHR Extension: (DarkOrbit) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfellpkdddmaldkbohekiikcmadbdnj [2015-09-08]
CHR Extension: (Speedtest.net) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabkiphacephdnjaeciclbmkkmacoebe [2015-09-14]
CHR Extension: (Movie, Cartoon TV Live) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmechngcinkohbhghidihkkeianaeph [2015-01-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Inštalatér z džungle) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpobnopmcjkgbgakigfoemfgfcdiefi [2015-01-21]
CHR Extension: (World of Warcraft Cataclysm Theme) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfgblfjiipppmcbapnpmcfkhhgpbgbfc [2015-12-17]
CHR Extension: (Gmail) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Profile: C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-02-28]
CHR Extension: (Prezentácie Google) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-21]
CHR Extension: (Dokumenty Google) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-21]
CHR Extension: (Disk Google) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-21]
CHR Extension: (YouTube) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-21]
CHR Extension: (Google Search) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-21]
CHR Extension: (Tabuľky Google) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-21]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-21]
CHR Extension: (Gmail) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-21]
CHR Profile: C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-12]
CHR Extension: (Disk Google) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Televízie) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bppbpeijolfcampacpljolaegibfhjph [2016-02-28]
CHR Extension: (Adblock Plus) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-13]
CHR Extension: (Steam Inventory Helper) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-12]
CHR Extension: (Google Search) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-14]
CHR Extension: (Dark YouTube Theme) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\djhcepodfooinnfhfccmoeabagbjchhg [2016-12-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-12]
CHR Extension: (Mini Radio Player) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ffeaebedjghkdbccfenjbiilalegknlj [2016-12-13]
CHR Extension: (Svet TV) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2016-03-24]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Európa TV Live) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghiieloefjllhahjnhiemllkdkkobjdm [2016-02-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-28]
CHR Extension: (AirDroid) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2016-12-13]
CHR Extension: (DarkOrbit) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igfellpkdddmaldkbohekiikcmadbdnj [2016-02-28]
CHR Extension: (Black red shards) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2016-08-19]
CHR Extension: (Speedtest.net) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kabkiphacephdnjaeciclbmkkmacoebe [2016-02-28]
CHR Extension: (Movie, Cartoon TV Live) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbmechngcinkohbhghidihkkeianaeph [2017-01-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Click&Clean App) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-01-12]
CHR Extension: (Gmail) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR Profile: C:\Users\Peťko\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Spoločnosť Google Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-11-14] (ESET)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-07-03] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 MBAMService; "E:\cistenie\Anti-Malware\mbamservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [232072 2016-11-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [212096 2016-11-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-08-08] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [177792 2016-11-14] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [48768 2016-11-14] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [76416 2016-11-14] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [91784 2016-11-14] (ESET)
S3 InputFilter_Hid_FlexDef2b; C:\WINDOWS\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-12 22:42 - 2017-02-12 22:43 - 00022924 _____ C:\Users\Peťko\Downloads\FRST.txt
2017-02-12 22:41 - 2017-02-12 22:42 - 00000000 ____D C:\FRST
2017-02-12 22:40 - 2017-02-12 22:41 - 02421248 _____ (Farbar) C:\Users\Peťko\Downloads\FRST64.exe
2017-02-12 22:29 - 2017-02-12 22:29 - 00001487 _____ C:\Users\Peťko\Desktop\Defraggler64 – odkaz.lnk
2017-02-12 22:29 - 2017-02-12 22:29 - 00000000 ____D C:\Users\Peťko\AppData\Roaming\Battle.net
2017-02-12 22:22 - 2017-02-12 22:22 - 18309328 _____ (Microsoft Corporation) C:\Users\Peťko\Downloads\MediaCreationTool.exe
2017-02-12 22:22 - 2017-02-12 22:22 - 00000000 ___HD C:\$Windows.~WS
2017-02-12 22:22 - 2017-02-12 22:22 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-12 22:16 - 2017-02-12 22:16 - 00068982 _____ C:\Users\Peťko\Documents\cc_20170212_221638.reg
2017-02-12 22:09 - 2017-02-12 22:09 - 55566792 _____ (Malwarebytes ) C:\Users\Peťko\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-12 22:08 - 2017-02-12 22:09 - 00000000 ____D C:\Program Files\Defraggler
2017-02-12 22:08 - 2017-02-12 22:08 - 00002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-12 22:08 - 2017-02-12 22:08 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-12 22:08 - 2017-02-12 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-12 22:08 - 2017-02-12 22:08 - 00000000 ____D C:\Program Files\CCleaner
2017-02-12 22:05 - 2017-02-12 22:06 - 04619752 _____ (Piriform Ltd) C:\Users\Peťko\Downloads\dfsetup221.exe
2017-02-12 20:28 - 2017-02-12 21:41 - 00000000 ____D C:\Users\ntb1\Desktop\kuchyna
2017-02-07 20:35 - 2017-02-07 20:52 - 00000000 ____D C:\Users\ntb1\AppData\Roaming\Samsung
2017-02-07 20:35 - 2017-02-07 20:52 - 00000000 ____D C:\Users\ntb1\AppData\Local\Samsung
2017-02-07 20:35 - 2017-02-07 20:35 - 00000000 ____D C:\Users\ntb1\Documents\samsung
2017-02-07 17:26 - 2017-02-07 17:35 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-07 17:24 - 2017-02-07 17:24 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2017-02-07 17:24 - 2017-02-07 17:24 - 00000000 ____D C:\Users\ntb\Documents\samsung
2017-02-07 17:24 - 2017-02-07 17:24 - 00000000 ____D C:\Users\ntb\AppData\Roaming\Samsung
2017-02-07 17:24 - 2017-02-07 17:24 - 00000000 ____D C:\Users\ntb\AppData\Local\Samsung
2017-02-07 17:23 - 2016-07-22 08:21 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SET2B03.tmp
2017-02-07 17:23 - 2016-07-22 08:21 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SET691F.tmp
2017-02-07 17:20 - 2016-05-18 14:49 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2017-02-07 17:20 - 2016-05-18 14:49 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2017-02-07 17:19 - 2017-02-07 20:52 - 00000000 ____D C:\ProgramData\Samsung
2017-02-07 17:19 - 2017-02-07 20:52 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-02-07 17:18 - 2017-02-07 17:18 - 00000000 ____D C:\Users\ntb\AppData\Local\Downloaded Installations
2017-01-25 18:26 - 2017-01-25 18:26 - 00132913 _____ C:\Users\ntb1\Downloads\A8E.tmp
2017-01-25 13:06 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:06 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-20 22:47 - 2017-01-20 22:47 - 00000000 ____D C:\Users\ntb1\AppData\Roaming\HDDHealth
2017-01-17 15:02 - 2017-01-17 15:03 - 00000000 ____D C:\Users\ntb\Desktop\dom proj
2017-01-15 20:20 - 2017-01-15 20:20 - 01658943 _____ C:\Users\ntb1\Downloads\fwdrdfinaltdia.zip
2017-01-14 21:16 - 2017-01-14 21:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-12 22:22 - 2016-10-02 21:25 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-12 22:22 - 2016-10-02 21:10 - 00023429 _____ C:\WINDOWS\diagwrn.xml
2017-02-12 22:22 - 2016-10-02 21:10 - 00021557 _____ C:\WINDOWS\diagerr.xml
2017-02-12 22:10 - 2015-12-17 14:30 - 00000000 ____D C:\Users\Peťko\AppData\Roaming\Seznam.cz
2017-02-12 21:59 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-12 21:51 - 2015-12-16 16:34 - 00000000 ____D C:\Users\ntb1\AppData\Roaming\Seznam.cz
2017-02-12 21:31 - 2015-01-15 15:06 - 00000000 ____D C:\Users\ntb1\Desktop\Triedené
2017-02-12 19:01 - 2016-10-02 20:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-11 23:48 - 2016-10-02 20:37 - 00000000 ____D C:\Users\ntb1
2017-02-11 21:01 - 2015-05-30 19:18 - 00000000 ____D C:\Users\ntb1\AppData\Roaming\Skype
2017-02-07 22:26 - 2015-03-26 21:15 - 00000000 ____D C:\Users\ntb1\AppData\Roaming\vlc
2017-02-07 21:27 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-07 20:52 - 2015-01-16 16:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-07 19:01 - 2016-11-24 18:31 - 00000000 ____D C:\Users\ntb\AppData\LocalLow\Mozilla
2017-02-04 21:05 - 2016-12-15 21:31 - 00000000 ____D C:\Users\ntb1\AppData\LocalLow\Mozilla
2017-02-04 20:13 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-04 18:45 - 2015-01-19 12:16 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 18:45 - 2015-01-19 12:16 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-31 09:27 - 2015-01-19 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-30 19:21 - 2015-01-16 14:06 - 00000000 ____D C:\Users\ntb\Desktop\poistovna
2017-01-29 16:22 - 2016-11-21 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-29 16:22 - 2015-01-30 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 15:11 - 2016-10-02 21:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-25 19:24 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-25 18:26 - 2016-12-13 19:28 - 00000000 ____D C:\Users\ntb1\Desktop\kupelna
2017-01-25 13:32 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 19:55 - 2016-05-02 19:23 - 00000000 ____D C:\Users\ntb1\Desktop\dom
2017-01-22 16:47 - 2015-12-26 22:02 - 00000000 ____D C:\Users\ntb\Desktop\Staré údaje Firefoxu
2017-01-22 16:17 - 2015-02-10 18:47 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 16:16 - 2015-02-10 18:48 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-22 16:16 - 2015-02-10 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 16:16 - 2015-02-10 18:47 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 14:58 - 2015-11-09 21:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 19:54 - 2015-01-21 14:24 - 00000000 ____D C:\Program Files\WinRAR
2017-01-16 12:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-14 21:16 - 2016-10-02 20:37 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-14 21:13 - 2016-12-10 20:05 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-14 21:13 - 2016-04-25 20:05 - 00002397 _____ C:\Users\ntb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-14 21:13 - 2016-04-25 20:05 - 00000000 ___RD C:\Users\ntb1\OneDrive
2017-01-14 21:11 - 2016-04-24 22:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-14 21:10 - 2015-01-16 18:02 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-14 21:09 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
==================== Files in the root of some directories =======
2015-01-19 12:21 - 2015-01-19 12:21 - 6000640 _____ () C:\Program Files (x86)\GUT6CF6.tmp
Files to move or delete:
====================
C:\Users\PEKO~1\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
Some files in TEMP:
====================
2016-10-29 16:16 - 2016-10-29 16:16 - 0737856 _____ (Oracle Corporation) C:\Users\ntb\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-22 16:09 - 2017-01-22 16:09 - 0739904 _____ (Oracle Corporation) C:\Users\ntb\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-03 19:06 - 2016-11-03 19:06 - 0534528 _____ () C:\Users\ntb\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
2017-01-15 14:28 - 2017-01-15 14:28 - 43886552 _____ (Skype Technologies S.A.) C:\Users\ntb1\AppData\Local\Temp\SkypeSetup.exe
2017-02-09 18:33 - 2017-02-09 18:33 - 0534528 _____ () C:\Users\ntb1\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
2017-02-12 22:10 - 2017-02-12 22:09 - 0534528 _____ () C:\Users\Peťko\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-04 16:48
==================== End of FRST.txt ============================