Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
Ran by Toma (administrator) on TOMA-PC (22-04-2018 00:14:06)
Running from C:\Users\Toma\Desktop
Loaded Profiles: Toma (Available Profiles: Toma)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Finština (Finsko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(SDL) C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Malwarebytes) C:\Users\Toma\Downloads\adwcleaner_7.1.0.0.exe
( ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-06-14] ( ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-05-14] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [42304056 2018-01-29] (VoipConnect)
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50097088 2018-04-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\...\RunOnce: [SeznamInstall-uninstall:6e3710eaab07824b28f8dec374cb981e] => C:\Users\Toma\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2018-04-21] () <==== ATTENTION
HKU\S-1-5-21-2865527742-3441578996-859845922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D9D3AF0F-D0D9-4BD0-A48D-37A1112F77AC}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{E6E69474-A415-495A-9473-4040CBC4FED2}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2865527742-3441578996-859845922-1000 -> {6275EC92-153A-4352-A337-F620999FE8AD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: lp9kdgcx.default
FF ProfilePath: C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default [2018-04-21]
FF Homepage: Mozilla\Firefox\Profiles\lp9kdgcx.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\lp9kdgcx.default -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\lp9kdgcx.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Adblocker X) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\@adblock57.xpi [2018-04-10]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (British English Dictionary) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2016-01-05] [Legacy] [not signed]
FF Extension: (United States English Spellchecker) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-18] [Legacy]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\es-es@dictionaries.addons.mozilla.org [2018-01-25] [Legacy]
FF Extension: (Dictionnaire français) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2017-11-29] [Legacy]
FF Extension: (IrregularVerbs) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\IrregularVerbs@canevas.xul.xpi [2016-04-27] [Legacy]
FF Extension: (Notifier for Gmail™) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2018-01-24]
FF Extension: (Mate Translate – translator, dictionary) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\jid1-TMndP6cdKgxLcQ@jetpack.xpi [2018-01-25]
FF Extension: (Russian spellchecking dictionary) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\ru@dictionaries.addons.mozilla.org [2016-01-05] [Legacy] [not signed]
FF Extension: (S3.Translator) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\s3google@translator.xpi [2018-04-05]
FF Extension: (Ukrainian dictionary) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\uk-ua@dictionaries.addons.mozilla.org [2017-12-14] [Legacy]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2018-04-17]
FF Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2018-03-02]
FF Extension: (Search By Image (by Google)) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2017-01-24] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-21]
FF Extension: (No Name) - C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\lp9kdgcx.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default [2018-04-21]
CHR Extension: (Prezentace Google) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01]
CHR Extension: (Dokumenty Google) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-20]
CHR Extension: (Disk Google) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-20]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-06-01]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-06-01]
CHR Extension: (YouTube) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-20]
CHR Extension: (Avira Password Manager) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-04-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-20]
CHR Extension: (Tabulky Google) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-06-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-06-01]
CHR Extension: (Gmail) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\Toma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-21]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [143664 2015-12-29] ()
R2 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2015-06-17] (SDL) [File not signed]
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2018-02-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2018-02-27] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2018-02-27] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1179248 2018-03-21] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1725800 2018-02-27] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [154888 2018-02-27] (Bitdefender)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [248336 2018-02-27] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [191784 2018-02-27] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-06-23] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-21 23:23 - 2018-04-21 23:23 - 000000000 ___RD C:\Users\Toma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-04-21 23:21 - 2018-04-21 23:22 - 000000000 ____D C:\AdwCleaner
2018-04-21 23:20 - 2018-04-21 23:20 - 007256272 _____ (Malwarebytes) C:\Users\Toma\Downloads\adwcleaner_7.1.0.0.exe
2018-04-21 23:01 - 2018-04-21 23:01 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2018-04-21 23:01 - 2018-04-21 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-04-21 22:59 - 2018-04-21 22:59 - 060721488 _____ (Skype Technologies S.A.) C:\Users\Toma\Downloads\Skype.exe
2018-04-21 22:57 - 2018-04-21 22:57 - 067157242 _____ C:\Users\Toma\Downloads\skype_7.40.0.151.exe
2018-04-21 22:41 - 2018-04-21 22:41 - 000024658 _____ C:\Users\Toma\Desktop\info RSIT.txt
2018-04-21 22:33 - 2018-04-21 22:33 - 000002924 _____ C:\Windows\System32\Tasks\{3025C3B2-232A-4771-AF11-5300E246DBE4}
2018-04-21 22:00 - 2018-04-21 22:40 - 000000000 ____D C:\rsit
2018-04-21 22:00 - 2018-04-21 22:01 - 000000000 ____D C:\Program Files\trend micro
2018-04-21 21:59 - 2018-04-21 21:59 - 001329152 _____ C:\Users\Toma\Downloads\RSITx64.exe
2018-04-21 21:58 - 2018-04-21 21:58 - 001222144 _____ C:\Users\Toma\Desktop\RSITx64.exe
2018-04-21 21:45 - 2018-04-22 00:14 - 000021736 _____ C:\Users\Toma\Desktop\FRST.txt
2018-04-21 21:39 - 2018-04-21 21:40 - 000112640 _____ (forum.viry.cz) C:\Users\Toma\Desktop\FRSTLauncher(1).exe
2018-04-21 21:38 - 2018-04-21 21:38 - 000003140 _____ C:\Windows\System32\Tasks\{5C677165-391C-431D-AD70-98E24E583BBC}
2018-04-21 21:06 - 2018-04-21 21:06 - 000669363 _____ C:\Users\Toma\Documents\Убийца Шута.odt
2018-04-21 16:40 - 2018-04-21 21:44 - 000029696 _____ C:\Users\Toma\AppData\Local\MSGBOX.EXE
2018-04-21 16:28 - 2018-04-21 16:28 - 002404352 _____ (Farbar) C:\Users\Toma\Desktop\FRST64.exe
2018-04-21 12:25 - 2018-04-21 12:25 - 000030359 _____ C:\Users\Toma\Downloads\Addition.txt
2018-04-21 12:23 - 2018-04-21 12:25 - 000032100 _____ C:\Users\Toma\Downloads\FRST.txt
2018-04-21 12:08 - 2018-04-21 12:13 - 000112640 _____ (forum.viry.cz) C:\Users\Toma\Downloads\FRSTLauncher.exe
2018-04-21 11:55 - 2018-04-22 00:14 - 000000000 ____D C:\FRST
2018-04-21 10:56 - 2018-04-21 11:00 - 000369728 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-20 14:42 - 2018-04-20 14:42 - 000092560 _____ C:\Users\Toma\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-20 14:33 - 2018-04-20 14:33 - 000000082 _____ C:\Windows\system32\cc_20180420_143313.reg
2018-04-20 14:32 - 2018-04-20 14:32 - 000000082 _____ C:\Windows\system32\cc_20180420_143249.reg
2018-04-20 12:47 - 2018-04-20 12:47 - 000000000 ____D C:\Users\Toma\Documents\robin_khobb-ubijca_shuta
2018-04-20 12:12 - 2018-04-20 12:12 - 000031645 _____ C:\Users\Toma\Desktop\АНЕКДОТЫ_Веселые ребята.odt
2018-04-18 09:11 - 2018-04-16 20:40 - 000018293 _____ C:\Users\Toma\Documents\Зоопарк Усти-над-Лабем.odt
2018-04-16 18:28 - 2018-04-16 18:28 - 009576572 _____ C:\Users\Toma\Downloads\ZOO_2018_final kontrola.pdf
2018-04-11 12:41 - 2018-04-11 12:42 - 043604600 _____ (Microsoft Corporation) C:\Users\Toma\Downloads\Windows-KB890830-x64-V5.59.exe
2018-04-08 14:37 - 2018-04-08 14:37 - 000223744 _____ C:\Users\Toma\Downloads\aktualni-program-hdo-ke-stazeni(1).xls
2018-04-08 14:35 - 2018-04-08 14:35 - 000223744 _____ C:\Users\Toma\Downloads\aktualni-program-hdo-ke-stazeni.xls
2018-04-04 22:10 - 2018-04-04 22:10 - 000080075 _____ C:\Users\Toma\Documents\vzp-prehled-o-prijmech-a-vydajich-osvc.pdf
2018-04-04 22:08 - 2018-04-04 22:08 - 000013552 _____ C:\Users\Toma\Documents\čestné prohlášení 2017.odt
2018-04-04 21:30 - 2018-04-04 21:30 - 000067312 _____ C:\Users\Toma\Downloads\vzp-prehled-o-prijmech-a-vydajich-osvc.pdf
2018-04-04 21:28 - 2018-04-04 21:28 - 001241382 _____ C:\Users\Toma\Downloads\DzPVZP17_xml_z(1).xlsx
2018-04-04 21:05 - 2018-04-04 21:05 - 001242843 _____ C:\Users\Toma\Downloads\DzPVZP17_xml_z.xlsx
2018-03-30 09:23 - 2018-03-30 09:23 - 015335217 _____ C:\Users\Toma\Downloads\Pojistna_smlouva_c_8602629921_(3000078303)_dodatky_c_53-70.pdf
2018-03-30 09:17 - 2018-03-30 09:17 - 000090933 _____ C:\Users\Toma\Downloads\555230851.PDF
2018-03-30 09:16 - 2018-03-30 09:16 - 000088603 _____ C:\Users\Toma\Downloads\555230850.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-21 23:54 - 2018-02-03 00:22 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-04-21 23:34 - 2016-06-01 21:39 - 000000000 ____D C:\Users\Toma\AppData\Roaming\Seznam.cz
2018-04-21 23:34 - 2015-12-20 20:04 - 000000000 ____D C:\Users\Toma\AppData\Local\CrashDumps
2018-04-21 23:33 - 2016-06-01 21:40 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2018-04-21 23:31 - 2009-07-14 06:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-21 23:31 - 2009-07-14 06:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-21 23:29 - 2015-12-21 17:23 - 000719098 _____ C:\Windows\system32\perfh019.dat
2018-04-21 23:29 - 2015-12-21 17:23 - 000151344 _____ C:\Windows\system32\perfc019.dat
2018-04-21 23:29 - 2015-12-21 17:17 - 000671828 _____ C:\Windows\system32\perfh005.dat
2018-04-21 23:29 - 2015-12-21 17:17 - 000142424 _____ C:\Windows\system32\perfc005.dat
2018-04-21 23:29 - 2015-12-21 17:12 - 000386842 _____ C:\Windows\system32\perfh00D.dat
2018-04-21 23:29 - 2015-12-21 17:12 - 000085260 _____ C:\Windows\system32\perfc00D.dat
2018-04-21 23:29 - 2010-11-21 11:10 - 000476000 _____ C:\Windows\system32\perfh00B.dat
2018-04-21 23:29 - 2010-11-21 11:10 - 000102022 _____ C:\Windows\system32\perfc00B.dat
2018-04-21 23:29 - 2009-07-14 07:13 - 003507970 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-21 23:29 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-21 23:26 - 2018-02-03 00:22 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-04-21 23:24 - 2016-11-16 19:48 - 000000000 ____D C:\Users\Toma\AppData\LocalLow\Mozilla
2018-04-21 23:23 - 2017-08-21 13:06 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2018-04-21 23:23 - 2015-12-31 00:30 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2018-04-21 23:23 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-21 11:24 - 2015-12-29 21:50 - 000000000 ____D C:\Users\Toma\AppData\Roaming\Skype
2018-04-21 11:00 - 2009-07-14 07:08 - 000032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-20 20:11 - 2015-12-29 21:50 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-20 20:11 - 2015-12-29 21:48 - 000000000 ____D C:\ProgramData\Skype
2018-04-20 10:08 - 2016-06-26 19:58 - 000000000 ____D C:\Users\Toma\Desktop\Scans
2018-04-20 10:04 - 2017-06-04 18:13 - 000000000 ___RD C:\Users\Toma\Documents\Scanned Documents
2018-04-20 09:02 - 2016-01-30 15:49 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-18 21:40 - 2015-12-30 00:12 - 000000000 ____D C:\Users\Toma\Documents\Soubory aplikace Outlook
2018-04-18 09:47 - 2016-10-22 18:43 - 000000000 ___RD C:\Users\Toma\Desktop\Nové různé
2018-04-14 20:09 - 2016-10-25 22:16 - 000000000 ___RD C:\Users\Toma\Desktop\HEALTH
2018-04-11 12:46 - 2017-10-11 17:50 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-11 12:46 - 2015-12-20 23:54 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-04 22:07 - 2017-03-28 13:43 - 000013552 _____ C:\Users\Toma\Documents\čestné prohlášení 2016.odt
2018-04-04 21:21 - 2015-12-29 21:34 - 000000000 ____D C:\Users\Toma\AppData\Local\Adobe
2018-03-28 09:21 - 2017-06-13 23:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 09:21 - 2015-12-20 20:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-27 13:45 - 2017-11-26 19:16 - 000000000 ____D C:\Users\Toma\Desktop\фотки Мимика и мамки-тётки
2018-03-27 12:20 - 2017-06-16 01:13 - 000000000 ____D C:\Users\Toma\Desktop\KNITTING
2018-03-27 12:14 - 2017-09-29 12:53 - 000091485 _____ C:\Users\Toma\Downloads\524581956.PDF
2018-03-27 12:14 - 2017-03-29 13:00 - 000096762 _____ C:\Users\Toma\Downloads\469383687(1).PDF
2018-03-27 12:14 - 2016-09-28 09:35 - 000096762 _____ C:\Users\Toma\Downloads\469383687.PDF
2018-03-26 10:53 - 2016-01-01 02:13 - 000000000 ___RD C:\Users\Toma\Desktop\HRY
2018-03-25 09:52 - 2015-12-21 00:48 - 003433546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-10-21 16:38 - 2015-10-21 16:38 - 118294111 _____ () C:\Program Files (x86)\openoffice1.cab
2015-10-21 16:36 - 2015-10-21 16:36 - 002306048 _____ () C:\Program Files (x86)\openoffice412.msi
2015-10-21 16:36 - 2015-10-21 16:36 - 000478720 _____ () C:\Program Files (x86)\setup.exe
2015-10-21 16:36 - 2015-10-21 16:36 - 000000279 _____ () C:\Program Files (x86)\setup.ini
2016-06-01 22:07 - 2017-11-16 23:00 - 000000349 _____ () C:\Users\Toma\AppData\Roaming\FotoSketcher.ini
2018-04-21 16:40 - 2018-04-21 21:44 - 000029696 _____ () C:\Users\Toma\AppData\Local\MSGBOX.EXE

Files to move or delete:
====================
C:\Users\Toma\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


Some files in TEMP:
====================
2018-04-20 18:33 - 2018-04-20 18:34 - 058834376 _____ (Skype Technologies S.A.) C:\Users\Toma\AppData\Local\Temp\SkypeSetup.exe
2018-04-21 23:34 - 2018-04-21 23:33 - 000534528 _____ () C:\Users\Toma\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-18 11:18

==================== End of FRST.txt ============================