Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by NoVaS (administrator) on NOVAS-PC (20-08-2015 15:03:47)
Running from C:\Users\NoVaS\Desktop
Loaded Profiles: NoVaS (Available Profiles: NoVaS)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Spotify Ltd) C:\Users\NoVaS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxcrnmh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\NoVaS\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-05] (Bitdefender)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-05] (Bitdefender)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [Google Update] => C:\Users\NoVaS\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc.)
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\...\Run: [Spotify Web Helper] => C:\Users\NoVaS\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-18] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-05] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-05] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-670821491-2823255400-4124354169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-670821491-2823255400-4124354169-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-05] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-05] (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C235D7AF-54D7-4A0A-89AE-31FFFB5BD243}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C7BE01B7-732C-4F14-8701-C7CDD62E71B5}: [DhcpNameServer] 192.168.42.129
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-670821491-2823255400-4124354169-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-670821491-2823255400-4124354169-1000: @tools.google.com/Google Update;version=3 -> C:\Users\NoVaS\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-670821491-2823255400-4124354169-1000: @tools.google.com/Google Update;version=9 -> C:\Users\NoVaS\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-670821491-2823255400-4124354169-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\NoVaS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [
bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-10-21]
FF HKLM-x32\...\Firefox\Extensions: [
ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-10-21]
FF HKLM-x32\...\Thunderbird\Extensions: [
bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
Chrome:
=======
CHR Profile: C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]
CHR Extension: (Google Docs) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
CHR Extension: (Google Drive) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-06-21]
CHR Extension: (YouTube) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Bitdefender Wallet) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-10-21]
CHR Extension: (Adblock Plus) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-20]
CHR Extension: (Google Search) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (Google Sheets) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]
CHR Extension: (AdBlock) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-20]
CHR Extension: (Adblock Super) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Adblock Pro) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-20]
CHR Extension: (Gmail) - C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
CHR HKU\S-1-5-21-670821491-2823255400-4124354169-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] -
http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] -
http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-05] (Bitdefender)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 sfrem01; C:\Windows\system32\sfrem01.exe [584824 2006-05-10] (Protection Technology (StarForce))
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-05] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] (Advanced Micro Devices)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
R5 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-01-31] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R5 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-31] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-28] (Disc Soft Ltd)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
R5 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-03-06] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155576 2015-03-06] (Microsoft Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-02-03] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R5 nvstor; C:\Windows\System32\drivers\nvstor.sys [166272 2011-03-11] (NVIDIA Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
R5 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-14] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [69120 2006-05-10] (Protection Technology (StarForce)) [File not signed]
S4 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [7168 2006-05-10] (Protection Technology (StarForce)) [File not signed]
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-20] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] (Microsoft Corporation)
R5 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
R5 vmbus; C:\Windows\System32\drivers\vmbus.sys [199552 2010-11-20] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S5 sfsync04; system32\drivers\sfsync04.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-20 15:03 - 2015-08-20 15:06 - 00021218 _____ C:\Users\NoVaS\Desktop\FRST.txt
2015-08-20 14:59 - 2015-08-20 14:59 - 00096815 _____ C:\ProgramData\1440075568.bdinstall.bin
2015-08-20 14:58 - 2015-08-20 14:58 - 00112640 _____ (forum.viry.cz) C:\Users\NoVaS\Desktop\FRSTLauncher.exe
2015-08-20 14:56 - 2015-08-20 14:56 - 02173952 _____ (Farbar) C:\Users\NoVaS\Desktop\FRST64.exe
2015-08-20 06:20 - 2015-08-20 06:20 - 00001639 _____ C:\Users\NoVaS\Desktop\mbam2.txt
2015-08-19 06:20 - 2015-08-19 06:20 - 00001505 _____ C:\Users\NoVaS\Desktop\mbam.txt
2015-08-18 08:18 - 2015-08-18 08:18 - 00047976 _____ C:\Users\NoVaS\Desktop\Extras.Txt
2015-08-18 08:15 - 2015-08-18 08:15 - 00417550 _____ C:\Users\NoVaS\Desktop\OTL.Txt
2015-08-16 21:44 - 2015-08-16 21:45 - 00602112 _____ (OldTimer Tools) C:\Users\NoVaS\Desktop\OTL.exe
2015-08-16 14:09 - 2015-08-16 14:09 - 01222144 _____ C:\Users\NoVaS\Desktop\RSITx64.exe
2015-08-13 14:22 - 2015-08-13 14:22 - 00020701 _____ C:\Users\NoVaS\Desktop\[CzT]Nekecej_a_padluj_1_2_Without_a_Paddle_2004_2009_CZ_.torrent
2015-08-13 14:22 - 2015-08-13 14:22 - 00000000 ____D C:\Users\NoVaS\Downloads\Nekecaj a Padluj
2015-08-08 15:48 - 2015-08-08 15:51 - 1983560401 _____ C:\Users\NoVaS\Downloads\Ted.2.2015.mkv
2015-08-08 15:48 - 2015-08-08 15:48 - 00019459 _____ C:\Users\NoVaS\Desktop\[CzT]Meda_2_Ted_2_2015_WebRip_.torrent
2015-08-08 15:40 - 2015-08-08 15:43 - 1021061848 _____ C:\Users\NoVaS\Downloads\Dědictví aneb Kurva se neříká.avi
2015-08-08 15:38 - 2015-08-08 15:38 - 00020041 _____ C:\Users\NoVaS\Desktop\[CzT]Dedictvi_aneb_Kurva_se_nerika_2014_CZ_.torrent
2015-08-08 12:52 - 2015-08-08 13:16 - 716609536 _____ C:\Users\NoVaS\Downloads\Poslední plavky.avi
2015-08-08 12:51 - 2015-08-08 12:51 - 00014223 _____ C:\Users\NoVaS\Desktop\[CzT]Posledni_plavky_2007_CZ_.torrent
2015-07-31 11:04 - 2014-01-03 23:53 - 00000000 ____D C:\Users\NoVaS\Desktop\Majk Spirit_Nový človek
2015-07-30 23:18 - 2015-07-30 23:38 - 186712302 _____ C:\Users\NoVaS\Desktop\Majk-Spirit_Nový-človek.rar
2015-07-29 12:09 - 2015-07-29 12:09 - 00003498 _____ C:\Windows\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8
2015-07-29 12:09 - 2015-07-29 12:09 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-27 10:21 - 2015-07-27 10:21 - 00000000 ____D C:\Users\NoVaS\AppData\Local\CEF
2015-07-23 20:55 - 2015-07-23 21:00 - 00000000 ____D C:\Users\NoVaS\Desktop\marcelka
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-20 15:03 - 2014-10-16 15:09 - 00000000 ____D C:\FRST
2015-08-20 14:50 - 2015-01-02 20:22 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 14:44 - 2014-11-27 11:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 14:26 - 2014-10-24 14:07 - 00000000 ____D C:\Program Files\trend micro
2015-08-20 14:25 - 2009-07-14 06:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 14:25 - 2009-07-14 06:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-20 14:21 - 2014-10-20 19:42 - 01186785 _____ C:\Windows\WindowsUpdate.log
2015-08-20 14:20 - 2015-01-02 20:22 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-20 14:17 - 2015-07-02 08:22 - 00011104 _____ C:\Windows\setupact.log
2015-08-20 14:17 - 2014-10-28 00:40 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-20 14:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-20 14:16 - 2015-07-20 05:01 - 00025002 _____ C:\Windows\PFRO.log
2015-08-20 14:15 - 2014-10-21 12:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-20 14:12 - 2015-07-18 14:07 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-670821491-2823255400-4124354169-1000UA.job
2015-08-20 14:12 - 2015-02-05 19:56 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-670821491-2823255400-4124354169-1000Core.job
2015-08-18 06:42 - 2013-05-20 16:37 - 00000512 _____ C:\PhysicalMBR.bin
2015-08-14 17:23 - 2015-02-09 00:10 - 00000000 ____D C:\Users\NoVaS\AppData\Local\Spotify
2015-08-14 16:19 - 2015-02-09 00:09 - 00000000 ____D C:\Users\NoVaS\AppData\Roaming\Spotify
2015-08-13 16:57 - 2014-10-20 22:41 - 00000000 ____D C:\Users\NoVaS\AppData\Roaming\uTorrent
2015-08-12 01:01 - 2014-10-21 13:48 - 00000000 ____D C:\Users\NoVaS\AppData\Roaming\Skype
2015-08-11 21:44 - 2014-11-27 11:34 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 21:44 - 2014-11-27 11:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 21:44 - 2014-11-27 11:34 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-09 21:34 - 2014-10-20 21:40 - 00000000 ____D C:\ProgramData\Origin
2015-08-09 21:12 - 2013-12-19 00:09 - 00000000 ____D C:\Users\NoVaS\Documents\FIFA 14
2015-08-01 15:51 - 2015-07-06 15:56 - 00064416 _____ C:\Users\NoVaS\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-01 15:49 - 2013-12-19 00:21 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-31 23:21 - 2015-07-02 08:20 - 00295664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-31 13:12 - 2015-03-13 09:01 - 00737050 _____ C:\Windows\system32\perfh00A.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00675348 _____ C:\Windows\system32\perfh00E.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00473096 _____ C:\Windows\system32\perfh00B.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00383938 _____ C:\Windows\system32\perfh00D.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00170932 _____ C:\Windows\system32\perfc00E.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00158132 _____ C:\Windows\system32\perfc00A.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00101178 _____ C:\Windows\system32\perfc00B.dat
2015-07-31 13:12 - 2015-03-13 09:01 - 00084416 _____ C:\Windows\system32\perfc00D.dat
2015-07-31 13:12 - 2015-03-12 19:09 - 00731640 _____ C:\Windows\system32\perfh010.dat
2015-07-31 13:12 - 2015-03-12 19:09 - 00146504 _____ C:\Windows\system32\perfc010.dat
2015-07-31 13:12 - 2015-03-12 18:54 - 00682218 _____ C:\Windows\system32\perfh00C.dat
2015-07-31 13:12 - 2015-03-12 18:54 - 00470608 _____ C:\Windows\system32\perfh001.dat
2015-07-31 13:12 - 2015-03-12 18:54 - 00129890 _____ C:\Windows\system32\perfc00C.dat
2015-07-31 13:12 - 2015-03-12 18:54 - 00094430 _____ C:\Windows\system32\perfc001.dat
2015-07-31 13:12 - 2015-03-12 18:25 - 00688802 _____ C:\Windows\system32\perfh007.dat
2015-07-31 13:12 - 2015-03-12 18:25 - 00148774 _____ C:\Windows\system32\perfc007.dat
2015-07-31 13:12 - 2009-07-14 17:18 - 00668542 _____ C:\Windows\system32\perfh005.dat
2015-07-31 13:12 - 2009-07-14 17:18 - 00141202 _____ C:\Windows\system32\perfc005.dat
2015-07-31 13:12 - 2009-07-14 07:13 - 07451798 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-31 13:05 - 2015-01-11 22:32 - 00000000 ____D C:\Windows\system32\appmgmt
2015-07-31 13:05 - 2014-10-25 16:41 - 00000000 ____D C:\Users\NoVaS\AppData\Roaming\HTC
2015-07-31 13:05 - 2014-10-25 16:40 - 00000000 ____D C:\ProgramData\HTC
2015-07-31 13:05 - 2014-08-19 21:32 - 00000000 ____D C:\Program Files (x86)\HTC
2015-07-31 13:04 - 2015-05-30 11:42 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2015-07-31 13:04 - 2014-10-25 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-07-21 05:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\TAPI
==================== Files in the root of some directories =======
2014-11-25 17:32 - 2014-11-25 17:32 - 0003335 _____ () C:\Users\NoVaS\AppData\Local\recently-used.xbel
2015-03-16 18:49 - 2015-03-16 18:49 - 0000379 ____H () C:\ProgramData\1-0-0-0.txt
2015-08-20 14:59 - 2015-08-20 14:59 - 0096815 _____ () C:\ProgramData\1440075568.bdinstall.bin
Some files in TEMP:
====================
C:\Users\NoVaS\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-670821491-2823255400-4124354169-1000Core.job => C:\Users\NoVaS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-670821491-2823255400-4124354169-1000UA.job => C:\Users\NoVaS\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\NoVaS\Desktop\BitDefender_Uninstall_Tool.EXE:BDU
AlternateDataStreams: C:\Users\NoVaS\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\NoVaS\Desktop\FRSTLauncher.exe:BDU
AlternateDataStreams: C:\Users\NoVaS\Desktop\MinecraftSP.exe:BDU
AlternateDataStreams: C:\Users\NoVaS\Desktop\OTL.exe:BDU
AlternateDataStreams: C:\Users\NoVaS\Desktop\RSITx64.exe:BDU
AlternateDataStreams: C:\Users\NoVaS\Downloads\SpyHunter-Installer.exe:BDU
==================== Security Center ==================
AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\NoVaS\Desktop" je 43125 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\NoVaS\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify
"C:\Users\NoVaS\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\NoVaS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
co k tomu rict. Ja muzu reagovat pouze na vysledky, ktere poslete 
Nalezy nechte odstranit, pak MBAM odinstalujte. Podle logu mate verzi Premium, ktera ma i stity. A mate i Bitdefender. Takze jeden musi pryc, jinak bude dochazet ke kolizim stitu.
Proc mate v pc ten nelegalni aktivator windows, kdyz mate system zakoupeny?
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)