Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by psosk (administrator) on DESKTOP-4KG2J6A (03-04-2017 20:17:17)
Running from C:\Users\psosk\Desktop
Loaded Profiles: psosk (Available Profiles: defaultuser0 & psosk)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Spotify Ltd) C:\Users\psosk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
() C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\backgroundTaskHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-06-17] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [AirParrot2] => [X]
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [Spotify Web Helper] => C:\Users\psosk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-27] (Spotify Ltd)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [Spotify] => C:\Users\psosk\AppData\Roaming\Spotify\Spotify.exe [7089776 2017-03-27] (Spotify Ltd)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3249506284-3394159516-870956781-1001\...\MountPoints2: {76be502b-f974-11e6-a310-74d435bea2a6} - "F:\WD SmartWare.exe" autoplay=true
ShellExecuteHooks: No Name - {60828C92-F449-11E6-B17D-64006A5CFC23} - C:\Program Files (x86)\Rokaphdruzitain\Fersetainzuvage.dll -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7007d305-aa62-408c-a5e2-2e32985f5cf6}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.msn.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-3249506284-3394159516-870956781-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3249506284-3394159516-870956781-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3249506284-3394159516-870956781-1001 ->
hxxp://www.google.comFireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
Chrome:
=======
CHR HomePage: Default ->
hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com","hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=009C44AE9156AC61664D4A885154E3D4&v=20160315&ts=AHEpC3MoC3YtA0..","hxxp://www.youndoo.com/?z=bbf89e408b6336203faaee4g2z8b5mcm8bctdg7zec&from=dam&uid=KINGSTONXSV300S37A120G_50026B774A01A9C8&type=hp","hxxp://www.startpageing123.com/?type=hp&ts=1488568164&z=514e3583ed2551ee3e12f2bgdzfb8b8w7q1bag6q7z&from=che0812&uid=KINGSTONXSV300S37A120G_50026B774A01A9C8","hxxp://www.startpageing123.com/?type=hp&ts=1489430147&z=e4687c88a22c936418ffd3fg6zebbtaz6c2e3g4zft&from=che0812&uid=KINGSTONXSV300S37A120G_50026B774A01A9C8"
CHR Profile: C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default [2017-04-03]
CHR Extension: (Google Slides) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-22]
CHR Extension: (Google Docs) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-22]
CHR Extension: (Google Drive) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-22]
CHR Extension: (YouTube) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-22]
CHR Extension: (Google Sheets) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-22]
CHR Extension: (Superblock Extended - Adblocker) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmljjoddjjkoidiahlgbgjjgodcajhgf [2017-03-22]
CHR Extension: (Google Mail Checker) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Gmail) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-22]
CHR Extension: (Chrome Media Router) - C:\Users\psosk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-31]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6758568 2016-12-28] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876088 2016-12-28] (COMODO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40952 2016-12-16] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [828360 2016-12-16] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50288 2016-12-16] (COMODO)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-22] (Disc Soft Ltd)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2015-11-25] (GenesysLogic)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [210488 2016-06-13] (Intel(R) Corporation)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 LECs6022; C:\WINDOWS\System32\drivers\LECs6022.sys [17408 2010-11-05] (Primax Electronics Ltd.)
S3 LEMo6022; C:\WINDOWS\System32\drivers\LEMo6022.sys [24064 2012-06-06] (Primax Electronics Ltd.)
S3 LEub6022; C:\WINDOWS\System32\drivers\LEub6022.sys [18432 2011-01-05] (Primax Electronics Ltd.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-04-03] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-04-01] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [28344 2015-10-10] (Windows (R) Win 7 DDK provider)
S3 pelmouse; C:\WINDOWS\System32\drivers\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\System32\drivers\pelusblf.sys [35328 2016-01-14] (TPMX Electronics Ltd.)
S3 pelvendr; C:\WINDOWS\System32\drivers\pelvendr.sys [11776 2009-11-02] (TPMX Electronics Ltd.)
S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [35328 2015-12-17] (TPMX Electronics Ltd.)
S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-06-13] (Realtek )
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-04-25] (QUALCOMM Incorporated)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-22] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-03 20:17 - 2017-04-03 20:17 - 00015593 _____ C:\Users\psosk\Desktop\FRST.txt
2017-04-03 20:17 - 2017-04-03 20:17 - 00000000 ____D C:\FRST
2017-04-03 20:16 - 2017-04-03 20:17 - 02424832 _____ (Farbar) C:\Users\psosk\Desktop\FRST64.exe
2017-04-03 20:15 - 2017-04-03 20:15 - 00000000 ___HD C:\OneDriveTemp
2017-04-01 23:16 - 2017-04-01 23:16 - 00000668 _____ C:\Users\psosk\Desktop\DelFix.txt
2017-04-01 23:16 - 2017-04-01 23:16 - 00000426 _____ C:\Users\psosk\Desktop\DelFix1.txt
2017-04-01 23:15 - 2017-04-01 23:16 - 00000426 _____ C:\DelFix.txt
2017-04-01 23:15 - 2017-04-01 23:15 - 00797760 _____ C:\Users\psosk\Desktop\delfix_1.013.exe
2017-04-01 23:14 - 2017-04-01 23:14 - 00000000 ____D C:\Users\psosk\Desktop\backups
2017-03-28 19:38 - 2017-04-03 20:15 - 00000000 ___RD C:\Users\psosk\iCloudDrive
2017-03-28 19:38 - 2017-03-28 19:39 - 00000000 ____D C:\Users\psosk\AppData\Local\Apple Inc
2017-03-28 19:38 - 2017-03-28 19:38 - 00000000 ____D C:\Users\psosk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-03-27 20:49 - 2017-03-27 20:49 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-27 20:49 - 2017-03-27 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-27 20:49 - 2017-03-27 20:49 - 00000000 ____D C:\Program Files\iTunes
2017-03-27 20:49 - 2017-03-27 20:49 - 00000000 ____D C:\Program Files\iPod
2017-03-27 20:48 - 2017-03-27 20:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-03-27 20:48 - 2017-03-27 20:48 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-27 20:43 - 2017-03-27 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-03-23 21:01 - 2017-03-23 21:01 - 00000000 ____D C:\Users\psosk\AppData\Local\PeerDistRepub
2017-03-22 15:26 - 2017-04-03 20:17 - 00047387 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-22 15:26 - 2017-04-03 20:17 - 00022612 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-22 15:26 - 2017-03-22 15:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-22 15:26 - 2017-03-22 15:26 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-22 15:26 - 2017-03-22 15:26 - 00001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-22 15:26 - 2017-03-22 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-22 15:26 - 2017-03-22 15:26 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-22 15:25 - 2017-03-22 15:25 - 05755024 _____ (Zemana Ltd. ) C:\Users\psosk\Downloads\Zemana.AntiMalware.Setup.exe
2017-03-22 15:25 - 2017-03-22 15:25 - 00000000 ____D C:\Users\psosk\AppData\Local\Zemana
2017-03-22 15:18 - 2017-03-22 15:18 - 00000000 ____D C:\ProgramData\Shared Space
2017-03-22 15:15 - 2017-03-22 14:50 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-03-22 15:11 - 2017-03-22 15:15 - 00000000 ____D C:\zoek
2017-03-21 23:32 - 2017-03-22 14:25 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-21 22:44 - 2017-03-21 22:44 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-21 22:44 - 2017-03-21 22:44 - 00000000 ____D C:\ProgramData\Sophos
2017-03-21 22:44 - 2017-03-21 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-21 22:44 - 2017-03-21 22:44 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-21 22:32 - 2017-03-21 22:33 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-19 23:31 - 2017-03-19 23:31 - 00000000 ____D C:\Users\psosk\AppData\Roaming\Macromedia
2017-03-19 20:34 - 2017-03-19 20:34 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\Comms
2017-03-19 20:33 - 2017-03-19 20:34 - 00002444 _____ C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-19 20:33 - 2017-03-19 20:34 - 00000000 ___RD C:\Users\TEMP.DESKTOP-4KG2J6A.004\OneDrive
2017-03-19 20:33 - 2017-03-19 20:34 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Roaming\Apple Computer
2017-03-19 20:33 - 2017-03-19 20:33 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Roaming\Skype
2017-03-19 20:33 - 2017-03-19 20:33 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\Apple Computer
2017-03-19 20:32 - 2017-03-19 20:49 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004
2017-03-19 20:32 - 2017-03-19 20:41 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\Google
2017-03-19 20:32 - 2017-03-19 20:34 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\Packages
2017-03-19 20:32 - 2017-03-19 20:33 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\ConnectedDevicesPlatform
2017-03-19 20:32 - 2017-03-19 20:32 - 00000020 ___SH C:\Users\TEMP.DESKTOP-4KG2J6A.004\ntuser.ini
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Šablony
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Soubory cookie
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Poslední
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Okolní tiskárny
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Okolní síť
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Nabídka Start
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Dokumenty
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Documents\Obrázky
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Documents\Hudba
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Documents\Filmy
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\Data aplikací
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 _SHDL C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\Data aplikací
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Roaming\Adobe
2017-03-19 20:32 - 2017-03-19 20:32 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.004\AppData\Local\TileDataLayer
2017-03-19 20:27 - 2017-03-19 20:30 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.003\AppData\Local\Comms
2017-03-19 20:27 - 2017-03-19 20:30 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.003
2017-03-19 20:26 - 2017-03-22 15:12 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.002\AppData\Local\Google
2017-03-19 20:26 - 2017-03-19 20:27 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.002
2017-03-19 20:22 - 2017-03-19 20:26 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.001
2017-03-19 19:49 - 2017-03-19 19:49 - 775779908 _____ C:\WINDOWS\MEMORY.DMP
2017-03-19 19:49 - 2017-03-19 19:49 - 00412652 _____ C:\WINDOWS\Minidump\031917-10875-01.dmp
2017-03-19 19:49 - 2017-03-19 19:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-18 19:53 - 2017-03-18 19:54 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.000\AppData\Local\Comms
2017-03-18 19:50 - 2017-03-18 19:54 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A.000
2017-03-18 19:49 - 2017-03-18 19:50 - 00000000 ____D C:\Users\TEMP.DESKTOP-4KG2J6A
2017-03-18 19:34 - 2017-03-18 19:35 - 00000000 ____D C:\Users\TEMP
2017-03-18 00:25 - 2017-03-18 01:21 - 00000000 ____D C:\ESD
2017-03-18 00:24 - 2017-03-18 00:24 - 00000000 ___HD C:\$Windows.~WS
2017-03-18 00:24 - 2017-03-18 00:24 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-17 23:55 - 2017-04-03 20:14 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-17 23:55 - 2017-04-01 23:09 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-17 23:55 - 2017-04-01 23:08 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-17 23:55 - 2017-04-01 23:08 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-17 23:55 - 2017-04-01 23:08 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-17 23:55 - 2017-03-17 23:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-17 23:55 - 2017-03-17 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-17 23:55 - 2017-03-17 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 23:55 - 2017-03-17 23:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 23:55 - 2017-02-24 07:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-17 23:39 - 2017-03-31 20:21 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-17 23:39 - 2017-03-27 22:04 - 00000000 ____D C:\Users\psosk\AppData\Local\CrashDumps
2017-03-16 11:20 - 2012-02-08 17:36 - 00363520 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B9L.dll
2017-03-16 11:20 - 2012-01-26 11:25 - 00081664 _____ C:\WINDOWS\system32\CNC1763D.TBL
2017-03-16 11:20 - 2012-01-16 15:21 - 00287744 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B9C.dll
2017-03-16 11:20 - 2012-01-16 15:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B9I.dll
2017-03-16 11:20 - 2008-08-25 19:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2017-03-16 11:19 - 2017-03-16 11:19 - 00000000 ___HD C:\ProgramData\CanonBJ
2017-03-16 11:19 - 2012-03-26 06:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB9.DLL
2017-03-14 01:23 - 2017-04-03 20:16 - 00326004 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-03-14 01:23 - 2017-03-17 22:49 - 00000000 ___HD C:\VTRoot
2017-03-13 22:01 - 2017-03-13 22:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2017-03-13 22:01 - 2017-03-13 22:01 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-03-13 21:39 - 2017-03-13 21:43 - 00000000 ___RD C:\Users\psosk\Desktop\Camera Roll
2017-03-13 21:35 - 2017-03-13 21:35 - 00000000 ____D C:\Users\psosk\Desktop\Nová složka
2017-03-13 21:18 - 2017-04-02 00:52 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-03-13 21:18 - 2017-03-13 21:18 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2017-03-13 21:18 - 2017-03-13 21:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-03-13 21:17 - 2017-03-30 05:10 - 00307960 _____ (COMODO) C:\WINDOWS\system32\iseguard64.dll
2017-03-13 21:17 - 2017-03-30 05:10 - 00236792 _____ (COMODO) C:\WINDOWS\SysWOW64\iseguard32.dll
2017-03-13 21:17 - 2017-03-29 23:49 - 00062208 _____ (COMODO) C:\WINDOWS\system32\Drivers\isedrv.sys
2017-03-13 21:17 - 2017-03-13 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-03-13 21:17 - 2017-03-13 23:31 - 00000000 ____D C:\Program Files\COMODO
2017-03-13 21:17 - 2017-03-13 21:17 - 03858824 _____ (COMODO) C:\WINDOWS\SysWOW64\ise_installer.exe
2017-03-13 21:17 - 2017-03-13 21:17 - 00000000 ____D C:\Users\psosk\AppData\Local\Comodo
2017-03-13 21:16 - 2017-03-13 23:29 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-03-13 21:11 - 2017-03-31 20:10 - 00000000 ____D C:\ProgramData\Comodo
2017-03-13 21:11 - 2017-03-13 21:11 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-03-13 21:00 - 2017-03-13 21:35 - 00000000 ____D C:\Users\psosk\Desktop\hudba
2017-03-08 23:17 - 2017-04-03 20:15 - 00000000 ____D C:\Users\psosk\AppData\Local\Spotify
2017-03-08 23:17 - 2017-03-13 22:00 - 00002037 _____ C:\Users\psosk\Desktop\Spotify.lnk
2017-03-08 23:17 - 2017-03-08 23:17 - 00001836 _____ C:\Users\psosk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-03-08 23:16 - 2017-04-03 20:15 - 00000000 ____D C:\Users\psosk\AppData\Roaming\Spotify
2017-03-07 21:10 - 2017-03-07 21:10 - 00000000 ____D C:\Users\psosk\AppData\Local\AirParrot 2
2017-03-07 21:10 - 2017-03-07 21:10 - 00000000 ____D C:\ProgramData\AirParrot 2
2017-03-07 14:56 - 2017-03-07 14:56 - 00001388 _____ C:\Program Files (x86)\metadata
2017-03-07 14:55 - 2017-03-17 23:39 - 00002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-07 14:52 - 2017-03-07 14:52 - 00000000 ____D C:\Users\psosk\Documents\aMule Downloads
2017-03-07 12:07 - 2017-03-07 12:07 - 00000000 ____D C:\Users\psosk\AppData\Roaming\Wargaming.net
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-03 20:15 - 2017-02-23 05:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-03 20:15 - 2017-02-22 20:23 - 00000000 ___RD C:\Users\psosk\OneDrive
2017-04-03 20:15 - 2017-02-22 20:21 - 00000000 __SHD C:\Users\psosk\IntelGraphicsProfiles
2017-04-03 20:14 - 2017-02-23 05:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-02 00:52 - 2017-02-22 18:23 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-04-02 00:34 - 2017-02-23 05:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-01 23:32 - 2017-02-22 18:23 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-01 23:15 - 2017-02-22 20:06 - 02681866 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-01 23:15 - 2017-02-22 18:28 - 01211394 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-01 23:15 - 2017-02-22 18:28 - 00293202 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-01 23:10 - 2017-02-22 18:26 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-31 20:21 - 2017-02-22 20:26 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-31 20:16 - 2017-02-22 18:26 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-31 20:10 - 2017-02-22 20:40 - 00000000 ____D C:\KMPlayer
2017-03-28 19:38 - 2017-03-02 23:34 - 00000000 ____D C:\Users\psosk\AppData\Roaming\Apple Computer
2017-03-28 19:38 - 2017-02-22 20:20 - 00000000 ____D C:\Users\psosk
2017-03-27 20:49 - 2017-03-02 23:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-27 20:48 - 2017-03-02 23:51 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-27 20:43 - 2017-03-02 23:51 - 00000000 ____D C:\Users\psosk\AppData\Local\Apple Computer
2017-03-26 21:09 - 2017-02-22 18:26 - 00000000 ____D C:\WINDOWS\INF
2017-03-22 15:11 - 2017-02-22 18:26 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-21 22:29 - 2017-02-24 20:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-21 22:28 - 2017-02-24 20:59 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-19 20:49 - 2017-02-22 20:19 - 00000000 ____D C:\Users\defaultuser0
2017-03-19 20:34 - 2017-02-22 20:24 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-19 20:32 - 2017-02-22 20:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-18 19:41 - 2017-03-02 00:42 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-18 01:08 - 2017-02-22 18:31 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-17 23:39 - 2017-03-02 00:43 - 00000000 ____D C:\Users\psosk\AppData\LocalLow\Mozilla
2017-03-17 23:39 - 2017-03-02 00:43 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 23:38 - 2017-03-02 00:42 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 23:38 - 2017-03-02 00:42 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 22:47 - 2017-02-22 20:21 - 00000000 ____D C:\Users\psosk\AppData\Local\Packages
2017-03-17 22:45 - 2017-02-22 18:26 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-16 11:20 - 2017-02-22 18:26 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-03-13 22:00 - 2017-02-22 20:42 - 00002847 _____ C:\Users\psosk\Desktop\µTorrent.lnk
2017-03-10 07:17 - 2017-02-25 18:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 07:17 - 2017-02-25 18:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 20:32 - 2017-02-22 20:25 - 00000000 ____D C:\Users\psosk\AppData\Local\Google
2017-03-09 20:32 - 2017-02-22 20:25 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-07 21:47 - 2017-03-03 21:07 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-03-07 21:46 - 2017-02-24 20:20 - 00034328 _____ (Sysinternals -
www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-07 11:44 - 2017-02-22 20:21 - 00000000 ____D C:\Users\psosk\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2017-03-07 14:56 - 2017-03-07 14:56 - 0001388 _____ () C:\Program Files (x86)\metadata
Some files in TEMP:
====================
2014-08-06 17:47 - 2014-08-06 17:47 - 0157696 _____ () C:\Users\psosk\AppData\Local\Temp\ERUNT.exe
2017-03-31 20:10 - 2017-03-31 20:10 - 3866608 _____ (COMODO) C:\Users\psosk\AppData\Local\Temp\ise_installer.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-31 20:25
==================== End of FRST.txt ============================
(Size: 111.8 GB) (Disk ID: B3BFC4EA)