﻿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
Ran by xxx (administrator) on XXX-PC (01-09-2018 06:50:57)
Running from D:\zzzzz
Loaded Profiles: xxx (Available Profiles: xxx)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
() C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\launcher.exe
(Opera Software) C:\Windows\Temp\opera autoupdate\installer.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.71\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-15] (AVAST Software)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [352648 2017-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16463360 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [BingSvc] => C:\Users\xxx\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\xxx\AppData\Roaming\Seznam.cz\szninstall.exe" -c
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [utweb] => "C:\Users\xxx\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [ArGoSoftMailServer] => C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe [1422336 2006-08-14] (ArGo Software Design)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [ApowersoftScreenRecorder] => C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\...\Run: [Chromium] => c:\users\xxx\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~1\IBOARD\VBSScz\VBSS.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-06-30]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1312145065-2419162411-1920721547-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2E2CA668-3954-42A5-8580-8AA5A06568D4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6A79F534-6E4C-4533-B798-86BCF15AA33F}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8CA8A9CA-8205-4B60-8176-9A92B0F038A8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EB6A1488-3FA0-4333-A0C5-FD040CD14269}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131082184119257812&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180725__yaie
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {1E0FD48B-EFE4-43BA-BF80-F5B095D663F0} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {248293C5-D907-424A-9870-A1AAF3F616EB} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {4BE9030C-21B6-4FB7-8603-0B38F6378265} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {80D05449-5284-4329-B3EA-E9FF6F1A8BB9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {833B923C-B732-48B4-B1AB-45CCDBEFAE73} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {A05F2DB9-D67B-497E-84BE-4D4606BF8B80} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {AB64792C-7080-4E2F-B393-F93B84B21279} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180725__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {C806F8DF-3DBD-4CEE-8ECF-3495F90F8D80} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {EC6803C7-F273-45D1-85DD-94EC75F94B5D} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {FBC48B2A-67DF-4B3F-8E76-EDA7F8EDDF53} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1312145065-2419162411-1920721547-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B949C7C51-BEE6-40B2-AE21-3D8FE3EC3E62%7D&gp=811142
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15] (AVAST Software)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05] (Oracle Corporation)
DPF: {CAFEEFAC-0018-0000-00144-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_144-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_144-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: q47now0d.default
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default [2018-09-01]
FF Homepage: Mozilla\Firefox\Profiles\q47now0d.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180725__yaff
FF NewTab: Mozilla\Firefox\Profiles\q47now0d.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180725__yaff
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\Extensions\homepage@mail.ru.xpi [2018-03-12]
FF Extension: (Поиск Mail.Ru) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\Extensions\search@mail.ru.xpi [2018-03-12]
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\Extensions\sko-extension@firma.seznam.cz [2018-04-11]
FF Extension: (Пульт) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-03-12]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2018-04-11]
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\q47now0d.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-07-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ghgmnfeamobhjmillnanbfhmkoeodooi] - C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - <no Path/update_url>
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ghgmnfeamobhjmillnanbfhmkoeodooi] - C:\Users\xxx\AppData\Local\CRE\ghgmnfeamobhjmillnanbfhmkoeodooi.crx <not found>
CHR HKU\S-1-5-21-1312145065-2419162411-1920721547-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Session Restore: -> is enabled.

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-08-15] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-15] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-04-13] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [472856 2018-07-17] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2015-01-10] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2015-01-10] ()
R2 pSP2clnt; C:\Program Files\pSP2Clnt\service\pSP2Clnt.exe [406016 2016-06-05] () [File not signed] <==== ATTENTION
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 MlmDm; "C:\Program Files\MLM downline manager\Files\database\bin\mlmdmbase.exe" MlmDm [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [77080 2014-03-18] (Alcor Micro, Corp.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267008 2017-08-15] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-08-15] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-08-15] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-08-15] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-08-15] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-08-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123928 2017-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99536 2017-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-08-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774320 2017-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [147688 2017-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-08-15] (AVAST Software)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc. ) [File not signed]
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [88448 2017-02-14] (McAfee, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5198336 2016-12-25] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-01-02] (Duplex Secure Ltd.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [23192 2010-02-11] (VIA Technologies, Inc.)
U3 at5luvap; C:\Windows\system32\Drivers\at5luvap.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
S3 WinRing0_1_2_0; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-01 06:50 - 2018-09-01 06:50 - 000000000 ____D C:\FRST
2018-08-31 22:11 - 2018-08-31 22:11 - 000050193 _____ C:\Users\xxx\Downloads\SS_SupportResistance_v07.53 (filter alerts MA).mq4
2018-08-31 22:11 - 2018-08-31 22:11 - 000043386 _____ C:\Users\xxx\Downloads\SS_SupportResistance_v07.53 (filter alerts MA).ex4.opdownload
2018-08-31 20:41 - 2018-08-31 20:41 - 000018524 _____ C:\Users\xxx\Downloads\Support_and_Resistance_v_TLB_OC_v02.mq4
2018-08-29 13:49 - 2018-08-31 19:40 - 000000000 ____D C:\Windows\{B58AFBDA-7D5B-40C0-BE79-D9F3286E2165}
2018-08-28 17:17 - 2018-09-01 06:48 - 000000000 ____D C:\StrategyQuant
2018-08-25 10:49 - 2018-08-29 10:31 - 000000000 ____D C:\Windows\{2E03268B-4782-44EF-B29B-44B65D240959}
2018-08-23 06:46 - 2018-08-31 19:40 - 000000000 ____D C:\Users\xxx\AppData\Local\chromium
2018-08-23 06:44 - 2018-08-23 06:48 - 000000000 ____D C:\Users\xxx\AppData\Local\{18C52E99-3C6D-4221-51F5-67C9759D9B51}
2018-08-22 16:49 - 2018-08-25 07:31 - 000000000 ____D C:\Windows\{386B5B3F-9B0C-4C98-A35A-9D30F4B40497}
2018-08-21 17:33 - 2018-08-21 17:33 - 000000000 ____D C:\Users\xxx\AppData\Roaming\AnvSoft
2018-08-21 17:28 - 2018-08-21 17:29 - 000000000 ____D C:\Users\xxx\Documents\Any Video Recorder
2018-08-21 17:19 - 2018-08-21 17:50 - 000000000 ____D C:\Users\xxx\Documents\Apowersoft
2018-08-21 17:18 - 2018-08-21 18:05 - 000000000 ____D C:\Users\xxx\AppData\Roaming\Apowersoft
2018-08-15 00:00 - 2018-08-22 13:31 - 000000000 ____D C:\Windows\{C0DBEF00-2BEB-4F04-B2D3-8007390D5C0B}
2018-08-12 02:45 - 2018-08-12 02:45 - 000000292 _____ C:\Users\xxx\AppData\Local\5439370.cmD
2018-08-11 17:36 - 2018-08-11 17:36 - 000000000 ____D C:\Program Files\XM MT4
2018-08-10 17:43 - 2018-08-14 20:47 - 000000000 ____D C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
2018-08-09 17:59 - 2018-08-28 17:12 - 000000000 ____D C:\Users\xxx\AppData\Roaming\Zoom
2018-08-07 10:35 - 2018-08-10 14:27 - 000000000 ____D C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
2018-08-06 01:31 - 2018-08-07 07:17 - 000000000 ____D C:\Windows\{7CB0BBD3D374-4DEA-9751-2D08BC721AA7}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-01 06:40 - 2014-07-22 15:28 - 000000522 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job
2018-08-31 22:45 - 2017-12-12 10:15 - 000000000 ____D C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets 1
2018-08-31 19:52 - 2009-07-14 06:34 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-31 19:52 - 2009-07-14 06:34 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-31 19:50 - 2017-05-05 14:03 - 000000000 ____D C:\Program Files\Opera
2018-08-31 19:44 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-31 19:42 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-08-31 19:40 - 2013-07-28 14:43 - 000000000 ____D C:\Windows\system32\RTCOM
2018-08-29 19:32 - 2017-04-04 06:41 - 000000000 ____D C:\Users\xxx\AppData\Roaming\fxgen
2018-08-28 21:47 - 2018-03-04 14:19 - 000000000 ____D C:\Users\xxx\AppData\Roaming\RoboForex - MetaTrader 4
2018-08-28 17:14 - 2014-04-10 13:12 - 000000000 ____D C:\Users\xxx\AppData\Roaming\MetaQuotes
2018-08-28 17:13 - 2018-07-23 15:46 - 000000000 ____D C:\Program Files\Notepad++
2018-08-28 17:13 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-08-25 21:24 - 2018-06-03 23:51 - 000001028 _____ C:\ProgramData\keystore.xml
2018-08-23 10:48 - 2013-09-30 12:31 - 000000000 ____D C:\Program Files\SendMails
2018-08-21 17:28 - 2013-09-30 12:16 - 000000000 ____D C:\Users\xxx\AppData\Roaming\Seznam.cz
2018-08-21 17:19 - 2013-09-30 11:48 - 000282848 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2018-08-20 20:48 - 2018-05-10 14:25 - 000000000 ____D C:\Users\xxx\AppData\Roaming\XM UK MT4
2018-08-19 14:23 - 2018-04-13 13:14 - 000000000 ____D C:\Users\xxx\AppData\Roaming\MetaTrader 4 Admiral Markets vyzva
2018-08-17 23:08 - 2015-12-20 12:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-15 17:40 - 2017-07-08 02:18 - 000000000 ____D C:\Users\xxx\AppData\Local\GoToMeeting
2018-08-15 16:54 - 2015-06-18 10:06 - 000000618 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1312145065-2419162411-1920721547-1000.job
2018-08-15 10:04 - 2013-03-12 10:08 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-08-15 10:04 - 2013-03-12 10:08 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-08-15 09:59 - 2013-03-12 10:07 - 000000000 ____D C:\Windows\system32\Macromed
2018-08-11 17:36 - 2017-04-14 08:39 - 000000000 ____D C:\Program Files\MetaTrader 4 Admiral Markets
2018-08-10 01:53 - 2013-03-06 17:22 - 000000000 ____D C:\Users\xxx
2018-08-02 18:18 - 2013-03-25 12:41 - 000000000 ____D C:\ProgramData\SendMails

==================== Files in the root of some directories =======

2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Program Files\Common Files\EPzkz.exe
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files\Common Files\iOCEropcPITcV.exe
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files\Common Files\jyBOEA.exe
2018-07-28 16:41 - 2018-07-28 16:41 - 000000000 _____ () C:\Users\xxx\AppData\Roaming\c363305a3b3727ddf060c57e79c292bfb033d.exe
2013-08-14 07:29 - 2013-08-21 20:35 - 000000083 _____ () C:\Users\xxx\AppData\Roaming\Camdata.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 000000408 _____ () C:\Users\xxx\AppData\Roaming\CamLayout.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 000000408 _____ () C:\Users\xxx\AppData\Roaming\CamShapes.ini
2013-08-14 07:29 - 2013-08-21 20:35 - 000004518 _____ () C:\Users\xxx\AppData\Roaming\CamStudio.cfg
2015-01-10 19:20 - 2015-01-10 19:20 - 000022328 _____ () C:\Users\xxx\AppData\Roaming\PnkBstrK.sys
2013-05-04 22:01 - 2013-05-04 22:01 - 000000047 _____ () C:\Users\xxx\AppData\Roaming\SwvUstatus.cfg
2018-08-12 02:45 - 2018-08-12 02:45 - 000000292 _____ () C:\Users\xxx\AppData\Local\5439370.cmD
2013-05-03 14:35 - 2013-09-02 22:17 - 000005120 ____R () C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-16 21:43 - 2013-09-18 12:38 - 000000058 ____R () C:\Users\xxx\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-06-18 10:38 - 2013-06-18 10:38 - 000000292 ____R () C:\Users\xxx\AppData\Local\HamsterBookConverter.cfg
2013-09-21 18:08 - 2013-09-21 18:08 - 000004794 ____R () C:\Users\xxx\AppData\Local\recently-used.xbel
2013-08-15 22:28 - 2013-09-10 09:20 - 000007598 ____R () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
2018-02-17 20:13 - 2018-02-17 20:13 - 000000002 _____ () C:\Users\xxx\AppData\Local\WMI.ini
2017-04-27 23:02 - 2017-04-27 23:02 - 000000000 _____ () C:\Users\xxx\AppData\Local\{12ABD32A-CC90-47F1-99BC-DF5C4B4AED14}
2018-04-01 14:37 - 2018-04-01 14:37 - 000000000 _____ () C:\Users\xxx\AppData\Local\{236164E2-1D05-48C6-BF23-0DD2C36BAA10}
2017-09-09 11:49 - 2017-09-09 11:49 - 000000000 _____ () C:\Users\xxx\AppData\Local\{3A4F401D-BB07-4701-9159-E69F8A2EEFF3}
2017-05-06 20:22 - 2017-05-06 20:22 - 000000000 _____ () C:\Users\xxx\AppData\Local\{D8D0D2A6-AC5E-4A87-8DCA-1BD53B40F2D1}

Some files in TEMP:
====================
2018-08-28 17:26 - 2018-08-31 17:59 - 000079904 _____ () C:\Users\xxx\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 00:21

==================== End of FRST.txt ============================