Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by My (administrator) on MYA42CPC (12-11-2015 20:56:09)
Running from D:\Plocha
Loaded Profiles: My (Available Profiles: My & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Slovenština (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(3CX Ltd) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2142315196-1060382765-2288153273-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2142315196-1060382765-2288153273-1000\...\MountPoints2: {db3442a1-c5c2-11e1-addd-806e6f6e6963} - E:\Run.exe
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\shellex.dll [2014-11-19] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\shellex.dll [2014-11-19] (Kaspersky Lab ZAO)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2015-08-03]
ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk [2015-11-12]
ShortcutTarget: 3CXPhone.lnk -> C:\Program Files (x86)\3CXPhone\3CXPhone.exe (3CX Ltd)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\posta.lnk [2015-08-08]
ShortcutTarget: posta.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CCE583D1-ABE5-497C-B551-A5859466BB1C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{EE939B77-4887-4074-811A-033450CFDFF6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2142315196-1060382765-2288153273-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
HKU\S-1-5-21-2142315196-1060382765-2288153273-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://
www.azet.sk/
URLSearchHook: HKLM-x32 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-2142315196-1060382765-2288153273-1000 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-2142315196-1060382765-2288153273-1000 - (No Name) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-02-17] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-03-19] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-04] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-03-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-04] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\83m0avj5.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://
www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Homepage: hxxp://
www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-04] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
content_blocker@kaspersky.com [2014-11-19] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
online_banking@kaspersky.com [2014-11-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
virtual_keyboard@kaspersky.com [2014-11-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-02-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-11-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2142315196-1060382765-2288153273-1000: @torrentstream.net/tsplugin,version=2.0.7.2 -> C:\Users\My\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2142315196-1060382765-2288153273-1000: facebook.com/fbDesktopPlugin -> C:\Users\My\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-02-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: Bing Search - C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\83m0avj5.default\Extensions\
bingsearch.full@microsoft.com [2015-10-27] [not signed]
FF Extension: No Name - C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\83m0avj5.default\Extensions\
VUeP@7F.com [2015-10-25] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-30] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-30] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-30] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [
content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
content_blocker@kaspersky.com [2014-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
virtual_keyboard@kaspersky.com [2014-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
online_banking@kaspersky.com [2014-11-19] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [
eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Profile 1 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Profile 1 -> "hxxp://
www.azet.sk/"
CHR DefaultSearchURL: Profile 1 -> hxxp://uloz.to/hledej?q={searchTerms}&utm_source=browsersearch&utm_medium=browser&utm_campaign=tools-search
CHR DefaultSearchKeyword: Profile 1 -> uloz.to
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Desktop) - C:\Users\My\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\My\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Google Update) - C:\Users\My\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\My\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Kaspersky Protection) - C:\Users\My\AppData\Local\Google\Chrome\User Data\default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-07-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\My\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Fabulous) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ambjmeohlajelahhhniggkkceagdlcgj [2014-01-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Upozornenia Google+) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2014-01-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Facebook Sounds) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coddplbbeebbpcdjfnbllkbdjgaanhff [2014-05-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Virtuálne klavír) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj [2015-01-06]
CHR Extension: (Google Search) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Kaspersky Protection) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Kalendár Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Invite All (for Facebook)) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2015-02-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Bing) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-27]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Facebook Invite All) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2015-02-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Facebook Flat) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2015-11-12]
CHR Extension: (Mapy Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (kalkulačka) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkgoipeflibinmadcecedifdonakgalk [2015-04-22]
CHR Extension: (My IP address) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\monhkdcehmbdgkhgpccaccbbcgcfpjkd [2014-08-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Hangouts) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-01-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Том и Джерри) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfgbfnabebmgpmehglacfckopnbcdidi [2015-09-11]
CHR Extension: (Peňaženka Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Checker Plus for Gmail™) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-01-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Notification Sounds for Facebook) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oppjbaijagamhfnfaegamdfkjgaccbkk [2014-09-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Dokumenty Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kaspersky Protection) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Yulia Brodskaya) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-04-04]
CHR Extension: (Bleaner) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-10-16]
CHR Extension: (Peňaženka Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-03]
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Disk Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-01]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-01]
CHR Extension: (Google Search) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-01]
CHR Extension: (Kaspersky Protection) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-2142315196-1060382765-2288153273-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2142315196-1060382765-2288153273-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - C:\Users\My\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx [2013-07-28]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - <no Path/update_url>
Opera:
=======
OPR StartupUrls: "hxxp://
www.facebook.com/"
StartMenuInternet: (HKLM) OperaNext - C:\Program Files (x86)\Opera Next\Launcher.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2015-11-03] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2012-07-05] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\My\AppData\Local\Temp\7zS50EA\hpslpsvc64.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) [File not signed]
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) [File not signed]
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-11-19] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-11-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10549248 2007-04-03] (Sonix Co. Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-12 18:39 - 2015-11-12 20:56 - 00000000 ____D C:\FRST
2015-11-12 17:30 - 2015-11-12 20:05 - 00000112 _____ C:\Windows\setupact.log
2015-11-12 17:30 - 2015-11-12 17:30 - 00000000 _____ C:\Windows\setuperr.log
2015-11-11 15:31 - 2015-11-11 15:31 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2015-11-10 16:30 - 2015-11-10 16:30 - 00000390 _____ C:\Windows\Tasks\Opera scheduled Autoupdate 1372861204.job
2015-11-08 17:39 - 2015-11-09 15:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\419E49EE.sys
2015-11-03 19:29 - 2015-11-03 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
2015-11-03 19:29 - 2015-11-03 19:29 - 00000000 ____D C:\Users\My\AppData\Roaming\Netscape
2015-11-03 19:29 - 2015-11-03 19:29 - 00000000 ____D C:\Program Files (x86)\Photodex Presenter
2015-11-03 19:28 - 2015-11-03 19:29 - 00000000 ____D C:\ProgramData\Photodex
2015-11-03 19:28 - 2015-11-03 19:28 - 00000000 ____D C:\Users\My\AppData\Roaming\Photodex
2015-11-03 19:28 - 2015-11-03 19:28 - 00000000 ____D C:\Program Files (x86)\Photodex
2015-11-03 16:36 - 2015-11-03 16:36 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0E57138E.sys
2015-11-02 16:38 - 2015-11-02 16:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\454D4722.sys
2015-10-31 16:31 - 2015-11-01 12:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2BA124D5.sys
2015-10-30 16:41 - 2015-10-30 16:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6BBE5EA2.sys
2015-10-28 16:38 - 2015-10-28 16:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\183D3FD1.sys
2015-10-27 16:38 - 2015-10-27 16:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7AFC71C6.sys
2015-10-25 18:30 - 2015-10-25 18:30 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\77B62BCD.sys
2015-10-25 17:31 - 2015-10-25 17:31 - 00003488 ____N C:\bootsqm.dat
2015-10-14 16:46 - 2015-11-12 20:04 - 00000000 ____D C:\AdwCleaner
2015-10-14 10:59 - 2015-10-14 10:59 - 00000000 ___HD C:\MPAYFOTW
2015-10-14 10:18 - 2015-10-14 10:18 - 00000000 ____D C:\Users\My\AppData\Roaming\EMX
2015-10-14 10:12 - 2015-10-14 10:12 - 00000000 ___HD C:\RFHFCQUA
2015-10-14 10:12 - 2015-10-14 10:12 - 00000000 ___HD C:\GHRDEETX
2015-10-14 10:11 - 2015-10-14 10:11 - 00000000 ___HD C:\JYLWAJGE
2015-10-14 10:04 - 2015-10-25 18:00 - 00000000 ____D C:\Windows\SysWOW64\sysdll32
2015-10-14 10:04 - 2015-10-14 10:04 - 00000001 _____ C:\Windows\SysWOW64\winwmc32.sys
2015-10-14 10:00 - 2015-10-14 10:00 - 00000000 ____D C:\Users\My\AppData\Local\SteelBytes
2015-10-14 10:00 - 2015-10-14 10:00 - 00000000 ____D C:\ProgramData\SteelBytes
2015-10-14 09:54 - 2015-10-14 09:58 - 00000000 ____D C:\Users\My\AppData\Roaming\Softativity
2015-10-14 09:16 - 2015-10-25 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Spy
2015-10-14 09:16 - 2015-10-14 09:16 - 00000000 ____D C:\Users\My\AppData\Roaming\TLOP Manager
2015-10-14 08:33 - 2015-10-25 17:59 - 155333498 _____ C:\Windows\SysWOW64\Quecache.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-12 20:56 - 2013-06-07 19:24 - 00000000 ____D C:\Users\My\AppData\Roaming\Skype
2015-11-12 20:39 - 2013-12-08 21:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-12 20:35 - 2013-05-03 12:15 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-12 20:06 - 2014-04-04 21:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-12 20:05 - 2015-02-17 20:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 20:05 - 2013-12-08 21:32 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-12 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 19:02 - 2012-11-05 12:47 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2142315196-1060382765-2288153273-1000UA.job
2015-11-12 17:24 - 2012-07-06 14:45 - 00000000 ____D C:\Users\My\AppData\Roaming\uTorrent
2015-11-12 17:22 - 2014-03-08 16:15 - 00000000 ____D C:\Users\My\AppData\Local\CrashDumps
2015-11-12 17:04 - 2009-07-14 06:08 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-11 20:45 - 2009-07-26 19:41 - 00663532 _____ C:\Windows\system32\perfh005.dat
2015-11-11 20:45 - 2009-07-26 19:41 - 00142120 _____ C:\Windows\system32\perfc005.dat
2015-11-11 20:45 - 2009-07-14 06:13 - 01591924 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 15:35 - 2013-05-03 12:15 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 15:35 - 2012-07-04 12:03 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 15:35 - 2012-07-04 12:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 15:31 - 2015-09-08 15:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-10 21:25 - 2009-07-14 05:45 - 00010416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-10 21:25 - 2009-07-14 05:45 - 00010416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 19:56 - 2013-06-21 11:41 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2015-11-10 16:34 - 2012-07-05 14:08 - 00000000 ____D C:\ProgramData\TEMP
2015-11-10 16:30 - 2013-03-10 09:26 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-08 13:02 - 2012-11-05 12:47 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2142315196-1060382765-2288153273-1000Core.job
2015-11-03 19:29 - 2012-07-04 18:25 - 00000000 ____D C:\Users\My\AppData\Roaming\Mozilla
2015-10-27 17:52 - 2013-10-14 17:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-27 17:46 - 2012-07-04 20:26 - 00000000 ____D C:\ProgramData\Skype
2015-10-25 18:40 - 2015-02-06 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-10-25 18:40 - 2014-12-17 18:27 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-10-25 18:40 - 2012-07-04 11:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-25 18:39 - 2014-12-17 18:27 - 00000000 ____D C:\Users\My\AppData\Roaming\Samsung
2015-10-25 18:38 - 2015-09-01 09:15 - 00000000 ____D C:\ProgramData\ProgDVB
2015-10-25 18:38 - 2015-09-01 09:15 - 00000000 ____D C:\Program Files\ProgDVB
2015-10-25 18:23 - 2015-09-28 18:42 - 00000000 ____D C:\Users\My\AppData\Roaming\FREKLR_Monitor
2015-10-25 18:00 - 2015-09-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free_Keyl0gger
2015-10-25 18:00 - 2015-09-22 07:47 - 00000000 ____D C:\Users\My\AppData\Local\Viber
2015-10-25 18:00 - 2015-08-03 19:14 - 00000000 ____D C:\Users\Guest
2015-10-25 18:00 - 2015-02-17 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-25 18:00 - 2014-08-20 15:38 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-25 18:00 - 2014-01-18 13:25 - 00000000 ___HD C:\Program Files (x86)\Keylogger
2015-10-25 18:00 - 2013-12-10 13:22 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-25 18:00 - 2013-12-08 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-25 18:00 - 2013-11-11 20:45 - 00000000 ____D C:\Users\My\AppData\LocalLow\COMODO
2015-10-25 18:00 - 2013-03-13 15:22 - 00000000 ____D C:\Users\My\AppData\Local\WinZip
2015-10-25 18:00 - 2012-09-05 10:33 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-10-25 18:00 - 2012-09-05 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-10-25 18:00 - 2012-07-18 16:44 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-10-25 18:00 - 2012-07-04 13:32 - 00000000 ____D C:\Users\My\AppData\Roaming\Winamp
2015-10-25 18:00 - 2012-07-04 13:32 - 00000000 ____D C:\Users\My\AppData\Roaming\vlc
2015-10-25 18:00 - 2012-07-04 13:21 - 00000000 ____D C:\Users\My\AppData\Roaming\IrfanView
2015-10-25 18:00 - 2012-07-04 12:13 - 00000000 ____D C:\Users\My\AppData\Roaming\GHISLER
2015-10-25 18:00 - 2012-07-04 12:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-25 18:00 - 2012-07-04 12:03 - 00000000 ____D C:\Windows\system32\Macromed
2015-10-25 18:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-10-25 18:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2015-10-25 17:59 - 2013-07-03 15:18 - 00000000 ____D C:\Users\My\AppData\Roaming\Opera Software
2015-10-25 17:02 - 2012-07-04 11:19 - 00000000 ____D C:\Users\My
2015-10-25 17:01 - 2015-02-17 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-14 11:59 - 2014-09-28 12:04 - 00262144 _____ C:\Windows\system32\config\elam
2015-10-14 09:30 - 2015-09-28 20:35 - 00000000 ____D C:\Users\My\AppData\Roaming\TSS Manager
==================== Files in the root of some directories =======
2012-08-16 22:41 - 2012-07-17 21:28 - 1723904 _____ () C:\Program Files\SystemInfo.exe
2013-05-28 06:52 - 2013-11-28 20:56 - 0000000 _____ () C:\Users\My\AppData\Roaming\bitlord_log.txt
2012-08-16 11:59 - 2012-08-16 12:00 - 0000506 _____ () C:\Users\My\AppData\Roaming\ex_log.txt
2013-03-12 09:39 - 2013-03-12 09:39 - 0028452 _____ () C:\Users\My\AppData\Roaming\Hodnoty oddelené čiarkou.ADR
2012-08-01 08:43 - 2012-08-01 08:43 - 0028259 _____ () C:\Users\My\AppData\Roaming\Hodnoty oddělené tabulátory (Windows).ADR
2012-08-01 08:39 - 2012-08-01 08:39 - 0028256 _____ () C:\Users\My\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2005-04-08 03:16 - 2012-09-19 10:57 - 0396881 ____H () C:\Users\My\AppData\Roaming\Mylog.dat
2012-05-03 12:12 - 2012-05-03 12:12 - 0000532 _____ () C:\Users\My\AppData\Local\datos.txt
2012-08-03 12:45 - 2014-02-02 19:38 - 0009728 _____ () C:\Users\My\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-06 21:50 - 2012-07-06 21:50 - 0000046 _____ () C:\Users\My\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
2014-05-05 16:59 - 2014-05-05 16:59 - 0001776 _____ () C:\Users\My\AppData\Local\recently-used.xbel
2012-07-04 16:11 - 2015-02-17 21:15 - 0007598 _____ () C:\Users\My\AppData\Local\Resmon.ResmonCfg
2012-05-14 11:38 - 2012-05-14 11:38 - 0043976 _____ () C:\Users\My\AppData\Local\save_en.bmp
2012-05-14 11:38 - 2012-05-14 11:38 - 0043976 _____ () C:\Users\My\AppData\Local\save_es.bmp
2012-08-15 10:55 - 2012-08-15 10:55 - 0000920 _____ () C:\Users\My\AppData\Local\SRDownloader.nast
2012-08-07 09:21 - 2012-08-07 09:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-06-02 16:12 - 2013-06-02 16:12 - 0004904 _____ () C:\ProgramData\nrqarzkn.tdg
Files to move or delete:
====================
C:\ProgramData\C__Program Files (x86)_HideIPEasy_Witaminka_HideIPEasy.exe
C:\ProgramData\D__Plocha_Auto Hide IP 5.3.9.8 ( Eng )( Crack )_Crack_AutoHideIP.exe
C:\ProgramData\D__Plocha_HideIPEasy 5.3.1.2 ( Eng )( Aktywator )_Witaminka_HideIPEasy.exe
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\My\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2012-08-17 10:13] - [2011-02-25 07:19] - 2900992 ____A (Microsoft Corporation) F92AD418BC6BC4129AFC2B720460E559
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-29 20:40
==================== End of FRST.txt ============================
