Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by admin (administrator) on PCBRUMOV (17-07-2017 08:14:42)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin & Jana & Mojmír & Peťa & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\ProgramyVista\Avast\AvastSvc.exe
(AVAST Software) C:\ProgramyVista\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Windows\6000RMT.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Secomba GmbH) C:\ProgramyVista\BoxCryptor\BoxCryptor.exe
(TeamDrive Systems GmbH) C:\Program Files\TeamDrive3\TeamDrive.exe
(AVAST Software) C:\ProgramyVista\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\ProgramyVista\Avast\AvLaunch.exe [213832 2017-07-09] (AVAST Software)
HKLM\...\Run: [TV Card Remote Control Device Monitor] => C:\Windows\6000RMT.ex
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2007-11-29] (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3846505388-253851963-419263497-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3846505388-253851963-419263497-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2008-01-21] (Microsoft Corporation)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk [2012-06-24]
ShortcutTarget: BoxCryptor.lnk -> C:\ProgramyVista\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk [2015-04-02]
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files\TeamDrive3\TeamDrive.exe (TeamDrive Systems GmbH)
Startup: C:\Users\Mojmír\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk [2014-06-24]
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files\TeamDrive3\TeamDrive3.exe (TeamDrive Systems GmbH)
GroupPolicyUsers\S-1-5-21-3846505388-253851963-419263497-1002\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63A63367-C742-4DD0-8688-03DEA33AC795}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKU\S-1-5-21-3846505388-253851963-419263497-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.msn.com/?pc=UP97&ocid=UP97DHPHKU\S-1-5-21-3846505388-253851963-419263497-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearchSearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> FC834A29A94A442EABA0A7CC5EE3BFA2 URL =
hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\ProgramyVista\Avast\aswWebRepIE.dll [2017-07-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-13] (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431 [2017-07-17]
FF NewTab: Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431 -> seznam.cz
FF Extension: (Avast SafePrice) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\Extensions\sp@avast.com.xpi [2017-07-09]
FF Extension: (Avast Online Security) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\Extensions\wrc@avast.com.xpi [2017-07-09]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-06] [not signed]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2017-07-15] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-02] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-25] (Andrea Electronics Corporation)
S3 aswbIDSAgent; C:\ProgramyVista\Avast\aswidsagent.exe [5815840 2017-07-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\ProgramyVista\Avast\AvastSvc.exe [263312 2017-07-09] (AVAST Software)
R2 avast! Firewall; C:\ProgramyVista\Avast\afwServ.exe [311592 2017-07-09] (AVAST Software)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S2 SkypeUpdate; C:\ProgramyVista\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-25] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-18] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\drivers\aswNdis2.sys [339952 2017-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-09] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-09] (AVAST Software)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-26] (Lavasoft AB)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28432 2007-11-29] (Logitech, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162240 2017-07-13] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-07-15] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-07-15] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64800 2017-07-15] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-10-27] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-10-27] (Creative Technology Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-01-10] (Samsung Electronics) [File not signed]
S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [279168 2011-04-13] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-17 08:14 - 2017-07-17 08:15 - 00012855 _____ C:\Users\admin\Downloads\FRST.txt
2017-07-17 08:14 - 2017-07-17 08:14 - 00000000 ____D C:\FRST
2017-07-17 08:10 - 2017-07-17 08:11 - 01780736 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2017-07-16 09:30 - 2017-07-16 09:30 - 00011458 _____ C:\ComboFix.txt
2017-07-16 09:28 - 2017-07-16 09:28 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-15 19:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-07-15 19:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-07-15 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-07-15 17:59 - 2017-07-16 09:30 - 00000000 ____D C:\Qoobox
2017-07-15 17:57 - 2017-07-15 20:10 - 00000000 ____D C:\Windows\erdnt
2017-07-15 17:54 - 2017-07-15 17:54 - 05659794 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2017-07-15 17:43 - 2017-07-15 17:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-15 17:22 - 2017-07-15 10:23 - 01309184 _____ C:\Users\admin\Desktop\zoek.exe
2017-07-15 17:15 - 2017-07-15 19:38 - 00563836 _____ C:\Windows\ntbtlog.txt
2017-07-15 11:52 - 2017-07-15 11:52 - 00000000 ____D C:\ProgramData\WindowsSearch
2017-07-15 10:27 - 2017-07-15 11:30 - 00000000 ____D C:\zoek_backup
2017-07-14 20:27 - 2017-07-14 20:27 - 00006146 _____ C:\Users\admin\Desktop\rk_A8A4.tmp.txt
2017-07-14 18:34 - 2017-07-15 09:32 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 18:33 - 2017-07-14 20:27 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-14 16:07 - 2017-07-14 16:07 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-14 16:07 - 2017-07-14 16:07 - 00000000 ____D C:\ProgramData\Sophos
2017-07-14 16:07 - 2017-07-14 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-14 16:06 - 2017-07-14 16:06 - 00000000 ____D C:\Program Files\Sophos
2017-07-14 14:30 - 2017-07-14 14:30 - 00003528 _____ C:\Users\admin\Desktop\JRT.txt
2017-07-14 14:26 - 2017-07-14 14:26 - 01663672 _____ (Malwarebytes) C:\Users\admin\Downloads\JRT.exe
2017-07-14 14:23 - 2017-07-14 14:23 - 22102088 _____ C:\Users\admin\Downloads\RogueKiller_portable32.exe
2017-07-14 14:22 - 2017-07-14 14:24 - 171325824 _____ (Sophos Limited) C:\Users\admin\Downloads\Sophos Virus Removal Tool.exe
2017-07-13 20:01 - 2017-07-14 16:00 - 00001662 _____ C:\Users\admin\Desktop\malwarebytes.txt
2017-07-13 19:11 - 2017-07-15 19:33 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-13 19:11 - 2017-07-15 19:33 - 00040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-13 19:11 - 2017-07-15 17:49 - 00064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-13 19:11 - 2017-07-13 19:11 - 00162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-13 19:11 - 2017-07-13 19:11 - 00001861 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-13 19:11 - 2017-07-13 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-13 19:11 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-13 19:10 - 2017-07-13 19:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-13 19:10 - 2017-07-13 19:10 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-13 18:57 - 2017-07-13 18:57 - 00010929 _____ C:\Users\admin\Desktop\AdwCleaner[S0].txt
2017-07-13 18:53 - 2017-07-14 14:09 - 00000000 ____D C:\AdwCleaner
2017-07-13 18:52 - 2017-07-13 16:49 - 65033984 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-13 18:52 - 2017-07-13 16:48 - 04110280 _____ C:\Users\admin\Desktop\AdwCleaner.exe
2017-07-13 18:42 - 2017-07-13 18:42 - 00050688 _____ (Atribune.org) C:\Users\admin\Downloads\ATF-Cleaner.exe
2017-07-13 17:59 - 2017-07-13 17:59 - 00448512 _____ (OldTimer Tools) C:\Users\admin\Downloads\TFC.exe
2017-07-13 14:58 - 2017-07-13 14:58 - 00017372 _____ C:\Users\admin\Documents\cc_20170713_145832.reg
2017-07-13 14:56 - 2017-07-13 14:56 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-13 14:56 - 2017-07-13 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-13 14:56 - 2017-07-13 14:56 - 00000000 ____D C:\Program Files\CCleaner
2017-07-13 14:55 - 2017-07-13 14:56 - 09747512 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup532.exe
2017-07-13 14:40 - 2017-07-13 14:40 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-07-13 14:10 - 2017-07-13 14:10 - 00000000 ____D C:\Users\admin\AppData\Local\CEF
2017-07-13 14:05 - 2017-07-13 14:05 - 00000000 ____D C:\Users\admin\Tracing
2017-07-12 20:40 - 2017-07-12 20:34 - 29183358 _____ C:\Users\Mojmír\Desktop\asunsoft-windows-password-geeker-professional.exe
2017-07-10 08:46 - 2017-07-10 08:46 - 01524744 _____ C:\Users\admin\Downloads\Skype - CHIP-Installer.exe
2017-07-10 08:45 - 2017-07-17 08:09 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-07-09 15:27 - 2017-07-09 15:24 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-17 08:09 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 08:09 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-16 09:28 - 2015-04-02 15:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamDrive3
2017-07-16 09:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2017-07-16 09:20 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-16 09:19 - 2009-01-13 10:01 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-07-16 09:19 - 2006-11-02 15:01 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-15 20:02 - 2009-01-17 20:43 - 00000000 ____D C:\Users\Jana
2017-07-15 17:48 - 2009-01-17 20:14 - 00000008 __RSH C:\Users\admin\ntuser.pol
2017-07-15 17:48 - 2009-01-15 14:45 - 00000000 ____D C:\Users\admin
2017-07-15 11:30 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-14 15:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-13 19:13 - 2009-01-16 20:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2017-07-13 15:13 - 2008-01-21 08:47 - 01532794 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-13 15:13 - 2008-01-21 08:46 - 00645320 _____ C:\Windows\system32\perfh005.dat
2017-07-13 15:13 - 2008-01-21 08:46 - 00137958 _____ C:\Windows\system32\perfc005.dat
2017-07-13 14:57 - 2009-03-03 21:45 - 00000000 ____D C:\Windows\Minidump
2017-07-13 14:40 - 2011-12-17 12:12 - 00000000 ____D C:\Program Files\Skype
2017-07-13 14:40 - 2009-01-16 20:22 - 00000000 ____D C:\ProgramData\Skype
2017-07-13 06:40 - 2009-01-18 18:10 - 00000000 ____D C:\Users\Mojmír\AppData\Roaming\Skype
2017-07-13 06:39 - 2014-06-22 11:49 - 00000000 ____D C:\Users\Mojmír\AppData\Roaming\TeamDrive3
2017-07-12 17:58 - 2009-01-31 08:34 - 00006944 _____ C:\Users\Mojmír\AppData\Local\d3d9caps.dat
2017-07-12 10:51 - 2016-11-20 14:06 - 00000000 ____D C:\Users\Mojmír\AppData\LocalLow\Mozilla
2017-07-10 16:50 - 2009-01-18 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Skype
2017-07-10 16:41 - 2016-11-29 17:05 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Mozilla
2017-07-09 15:29 - 2013-03-12 18:46 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-09 15:24 - 2015-08-27 19:16 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-09 15:24 - 2014-08-18 19:13 - 00339952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2017-07-09 15:24 - 2014-08-18 19:13 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-09 15:24 - 2014-05-15 15:47 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-09 15:24 - 2013-03-12 18:45 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-09 15:24 - 2011-04-23 14:41 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-09 15:24 - 2010-08-03 12:10 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-09 15:24 - 2010-08-03 12:10 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-09 15:24 - 2010-08-03 12:10 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-07-06 16:49 - 2017-03-05 13:13 - 00000000 ____D C:\Users\Jana\AppData\Roaming\TeamDrive3
2017-07-04 13:52 - 2017-01-29 20:06 - 00121344 _____ C:\Users\Mojmír\Desktop\NissanPulsar_2017.xls
2017-06-30 16:19 - 2012-12-15 17:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-30 11:28 - 2015-11-06 20:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-20 13:47 - 2017-05-09 12:22 - 00000000 _____ C:\Windows\system32\last.dump
==================== Files in the root of some directories =======
2017-07-16 09:44 - 2017-07-17 08:13 - 0004272 _____ () C:\Users\admin\AppData\Roaming\teamdrive-shell-extension.log
2009-01-15 22:24 - 2013-03-15 08:45 - 0006944 _____ () C:\Users\admin\AppData\Local\d3d9caps.dat
2009-01-16 20:24 - 2009-01-16 20:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-16 09:31
=================== End of FRST.txt ============================