FRST :Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2017
Ran by Jakub (administrator) on JAKUB-PC (27-02-2017 20:13:19)
Running from C:\Users\Jakub\Downloads\Desktop
Loaded Profiles: Jakub (Available Profiles: Jakub)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(© 2015 Microsoft Corporation) C:\Users\Jakub\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.52\deploy\LeagueClient.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.6.2.0_x86__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1486848 2009-08-28] (VIA)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2015-06-15] (LogMeIn, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKU\S-1-5-21-2460206527-1493759754-90791392-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2460206527-1493759754-90791392-1000\...\Run: [BingSvc] => C:\Users\Jakub\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2460206527-1493759754-90791392-1000\...\Run: [Voobly] => C:\Program Files\Voobly\voobly.exe [159744 2016-04-03] (Voobly)
HKU\S-1-5-21-2460206527-1493759754-90791392-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7416536 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2460206527-1493759754-90791392-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-04-07]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0ccc13c1-fd50-48b8-bdc6-8042ddc467bc}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{3325e624-3a70-41e6-8fd6-9b5edc45d376}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{74b70064-3414-49ba-b68c-92788b8bbbb8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8db9411a-25d6-4ea6-b22b-1913f0554876}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fdd04cc3-ae0f-4cdb-96bd-c490418bd7b2}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2460206527-1493759754-90791392-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKU\S-1-5-21-2460206527-1493759754-90791392-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearchHKU\S-1-5-21-2460206527-1493759754-90791392-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-wwSearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2460206527-1493759754-90791392-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2460206527-1493759754-90791392-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-22] (Oracle Corporation)
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xwMkUhdM.default [2017-02-27]
FF NewTab: Mozilla\Firefox\Profiles\xwMkUhdM.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\xwMkUhdM.default -> about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-20] ()
FF Plugin: @gamersfirst.com/LiveLauncher -> C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-04-14] (Nexon)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-27]
CHR Extension: (Prezentace Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-26]
CHR Extension: (Dokumenty Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-26]
CHR Extension: (Disk Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-26]
CHR Extension: (YouTube) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-26]
CHR Extension: (Tabulky Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-26]
CHR Extension: (Skype) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-26]
CHR Extension: (Gmail) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-26]
CHR Extension: (Chrome Media Router) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] -
hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-03-11] (Flexera Software, Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [217088 2009-12-22] (Teruten) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2016-01-29] (NVIDIA Corporation)
S2 gupdate1cac9dd563a9e30; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc.)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2016-01-29] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S2 sfrem01; C:\Windows\system32\sfrem01.exe [353912 2006-05-10] (Protection Technology (StarForce))
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R3 athur; C:\WINDOWS\System32\drivers\athur.sys [1501696 2010-03-09] (Atheros Communications, Inc.)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [83872 2012-11-22] ()
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2015-02-24] (Disc Soft Ltd)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] () [File not signed]
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [38512 2015-08-03] (LogMeIn Inc.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2012-11-22] ()
R1 MpKsl0f47fa7c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55321439-7798-4B11-93FB-C755582A2FFE}\MpKsl0f47fa7c.sys [39168 2017-02-27] (Microsoft Corporation)
R1 MpKslfbe77a60; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2CD434F9-58FB-4E05-8148-4AF5360D8BA8}\MpKslfbe77a60.sys [39168 2017-02-26] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2016-01-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [32912 2016-01-29] (NVIDIA Corporation)
R0 sfhlp02; C:\WINDOWS\System32\drivers\sfhlp02.sys [6656 2006-05-10] (Protection Technology (StarForce)) [File not signed]
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [44216 2016-04-26] (Tunngle.net GmbH)
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-06-22] (VIA Technologies, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-02-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-02-26] (Zemana Ltd.)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-27 16:55 - 2017-02-27 16:55 - 00000000 ____D C:\Users\Jakub\AppData\Local\Apple
2017-02-27 13:17 - 2017-02-27 13:17 - 02975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jakub\Downloads\avira_registry_cleaner_en.exe
2017-02-27 13:11 - 2017-02-27 13:11 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-27 13:01 - 2017-02-27 13:01 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4A700B24.sys
2017-02-26 22:09 - 2017-02-26 22:09 - 00000000 ____D C:\Users\Jakub\AppData\Local\NetworkTiles
2017-02-26 18:31 - 2017-02-27 20:13 - 00000000 ____D C:\FRST
2017-02-26 17:49 - 2017-02-26 17:49 - 00000000 ____D C:\Users\Jakub\AppData\Local\CrashDumps
2017-02-26 17:37 - 2017-02-26 17:37 - 00015600 _____ C:\Users\Jakub\Downloads\MemTest.zip
2017-02-26 15:39 - 2017-02-27 20:13 - 00144414 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-26 15:39 - 2017-02-27 20:13 - 00114245 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-26 15:39 - 2017-02-26 15:39 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-02-26 15:39 - 2017-02-26 15:39 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-02-26 15:39 - 2017-02-26 15:39 - 00001957 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-26 15:39 - 2017-02-26 15:39 - 00000000 ____D C:\Users\Jakub\AppData\Local\Zemana
2017-02-26 15:39 - 2017-02-26 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-26 15:39 - 2017-02-26 15:39 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-02-26 13:55 - 2017-02-26 13:30 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-02-26 13:30 - 2017-02-26 13:53 - 00000000 ____D C:\zoek_backup
2017-02-25 15:22 - 2017-02-25 15:22 - 00000000 ____D C:\ProgramData\Sophos
2017-02-25 15:21 - 2017-02-25 15:21 - 00002763 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-02-25 15:21 - 2017-02-25 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-02-25 15:21 - 2017-02-25 15:21 - 00000000 ____D C:\Program Files\Sophos
2017-02-25 14:13 - 2017-02-25 14:18 - 00000000 ____D C:\Users\TEMP
2017-02-25 14:01 - 2017-02-25 14:01 - 00000000 ____D C:\Users\Jakub\AppData\Local\Autodesk
2017-02-24 22:36 - 2017-02-25 13:21 - 00000000 ____D C:\AdwCleaner
2017-02-24 22:35 - 2017-02-27 13:11 - 00152512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-24 22:34 - 2017-02-27 13:13 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-24 22:34 - 2017-02-27 13:13 - 00094656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-24 22:34 - 2017-02-27 13:13 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-24 22:34 - 2017-02-26 17:44 - 00073672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-24 22:34 - 2017-02-24 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-24 22:34 - 2017-02-24 22:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-24 22:34 - 2017-01-20 07:47 - 00059976 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-02-24 22:30 - 2017-02-24 22:30 - 00000000 ____D C:\Users\Jakub\AppData\Local\Adobe
2017-02-24 22:25 - 2017-02-26 16:36 - 00000000 ____D C:\Users\Jakub\Downloads\Oprava PC
2017-02-24 20:27 - 2017-02-24 20:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-02-24 19:42 - 2017-02-24 19:41 - 00921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2017-02-24 19:37 - 2017-02-24 19:37 - 00001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-24 19:37 - 2017-02-24 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-24 19:37 - 2017-02-24 19:37 - 00000000 ____D C:\Program Files\CCleaner
2017-02-19 17:17 - 2017-02-19 17:18 - 00000000 ____D C:\ProgramData\Tunngle
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-27 16:02 - 2016-09-12 15:28 - 00000000 ____D C:\Users\Jakub
2017-02-27 15:17 - 2013-05-12 10:15 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\vlc
2017-02-27 13:12 - 2016-09-12 15:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-27 13:12 - 2016-09-12 15:22 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-27 13:12 - 2016-07-16 03:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-27 13:11 - 2016-07-16 09:30 - 00002577 _____ C:\WINDOWS\system32\config.nt
2017-02-27 02:04 - 2016-09-12 15:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-27 02:04 - 2014-05-17 18:30 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\TS3Client
2017-02-26 16:34 - 2015-08-06 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-02-26 16:34 - 2015-08-06 21:53 - 00000000 ____D C:\Program Files\CrystalDiskInfo
2017-02-26 15:31 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-26 13:52 - 2009-07-14 03:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-26 12:09 - 2014-10-30 18:57 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-25 14:41 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 14:13 - 2015-09-03 17:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-25 13:29 - 2015-08-05 19:10 - 00001054 _____ C:\Users\Jakub\Desktop\JRT.txt
2017-02-24 22:34 - 2014-04-20 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-24 21:08 - 2016-09-12 15:25 - 03273728 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 21:08 - 2016-07-16 18:01 - 01336780 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-24 21:08 - 2016-07-16 18:01 - 00367914 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-24 21:05 - 2014-06-03 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-02-24 21:05 - 2014-06-03 18:48 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-02-24 21:05 - 2014-03-11 22:00 - 00000000 ____D C:\Program Files\Autodesk
2017-02-24 21:05 - 2014-03-11 21:54 - 00000000 ____D C:\ProgramData\Autodesk
2017-02-24 21:04 - 2016-07-16 03:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-24 21:04 - 2012-01-01 09:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-02-24 20:48 - 2014-04-22 20:18 - 00000000 ____D C:\Games
2017-02-24 20:47 - 2011-06-15 13:32 - 00000000 ____D C:\EULA SHIT
2017-02-24 20:42 - 2015-05-22 20:45 - 00000000 ____D C:\GOG Games
2017-02-24 20:40 - 2012-01-01 09:42 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2017-02-24 20:36 - 2016-09-07 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-02-24 20:36 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-02-24 20:34 - 2016-06-26 21:10 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-02-24 20:27 - 2010-03-22 17:23 - 00000000 ___RD C:\Program Files\Skype
2017-02-24 20:27 - 2010-03-22 17:23 - 00000000 ____D C:\ProgramData\Skype
2017-02-24 20:04 - 2014-03-11 21:54 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\Autodesk
2017-02-24 20:00 - 2016-07-23 18:08 - 00000000 ____D C:\Users\Jakub\AppData\Local\LogMeIn Hamachi
2017-02-24 20:00 - 2012-09-17 21:28 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\DAEMON Tools Lite
2017-02-24 20:00 - 2011-05-27 10:47 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\uTorrent
2017-02-24 19:58 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-24 19:48 - 2016-04-23 18:47 - 00000000 ____D C:\Users\Jakub\Downloads\Dont Starve Together
2017-02-24 19:48 - 2015-12-06 15:38 - 00000000 ____D C:\Users\Jakub\Downloads\aoe2conq
2017-02-24 19:45 - 2014-03-10 00:02 - 00000000 ____D C:\temp
2017-02-24 19:37 - 2014-02-20 21:20 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-24 19:29 - 2013-10-24 00:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 19:25 - 2009-10-15 09:25 - 135086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 19:24 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 20:39 - 2015-09-03 17:36 - 00000000 ____D C:\Users\Jakub\AppData\Local\Packages
2017-02-21 21:11 - 2016-01-30 23:42 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\.minecraft
2017-02-20 17:24 - 2015-08-11 22:56 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-20 01:56 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-19 19:07 - 2014-06-09 19:03 - 00000000 ____D C:\Users\Jakub\AppData\Roaming\Tunngle
2017-02-19 17:18 - 2016-04-27 15:12 - 00000000 ____D C:\Program Files\Tunngle
2017-02-19 17:17 - 2016-04-27 15:12 - 00001018 _____ C:\Users\Public\Desktop\Tunngle.lnk
2017-02-19 17:17 - 2016-04-27 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2017-02-19 16:46 - 2011-02-17 17:06 - 00000000 ____D C:\Users\Jakub\Documents\My Games
2017-02-15 22:04 - 2015-05-02 17:44 - 00001749 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-02-07 01:50 - 2010-03-22 18:22 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:48 - 2016-07-16 09:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 09:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-31 15:54 - 2010-03-22 17:32 - 00000000 ____D C:\Program Files\Google
==================== Files in the root of some directories =======
2014-05-24 20:03 - 2014-05-24 20:03 - 0000037 ___SH () C:\Users\Jakub\AppData\Local\70149b02515b3bb20dd492.47983420
2010-09-21 16:26 - 2011-10-26 09:06 - 0015360 ____H () C:\Users\Jakub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-30 02:33 - 2015-06-30 02:33 - 0000218 _____ () C:\Users\Jakub\AppData\Local\recently-used.xbel
2011-05-13 15:52 - 2014-10-18 17:50 - 0007597 ____H () C:\Users\Jakub\AppData\Local\Resmon.ResmonCfg
2014-03-11 22:06 - 2014-03-11 22:06 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-24 19:23
==================== End of FRST.txt ============================