VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

chromesearch.today v prohlížeči

https://forum.viry.cz:443/viewtopic.php?t=153076

Stránka 1 z 1

chromesearch.today v prohlížeči

Napsal: 23 říj 2017 16:50
od swuklecze
když zapnu Google Chrome tak tam mám Novou tabulku, ale neoficiální, když něco vyhledám, není to přes Google ale přes chromesearch.today a když se kouknu do nastaveí prohlížeče, je to tam, ale nejde dkliknout tlačítko odstranit.. teď používám Mozilu která infikovaná není. :iefox:

FRST Scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017
Ran by test (administrator) on TEST-PC (23-10-2017 17:46:53)
Running from C:\Users\test\Downloads
Loaded Profiles: test (Available Profiles: test)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe
(WinZip) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Discord Inc.) C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Discord Inc.) C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-12] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2015-11-09] (VIA)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-17] (Valve Corporation)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Tanks (1)] => "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [WallpaperEngine] => "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Warplanes] => "C:\Games\World_of_Warplanes\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Gaijin.Net Agent] => "C:\Users\test\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Discord] => C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizace oznámení.lnk [2017-06-14]
ShortcutTarget: Aktualizace oznámení.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-06-14]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-06-14]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{40F5143E-E1E8-494E-B925-72839C3F31C7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AE568813-CC7A-4B9D-B4B4-8D4030A09294}: [NameServer] 77.234.40.79

Internet Explorer:
==================
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {3BF1670B-0D8A-4E20-B24B-CFD61F757B1A} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {9F976E67-9D9C-4F2B-BB92-BE375CC328CA} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {C0C85594-B862-4570-848F-E85A0AB6DD3A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-12] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: aiixix9q.default
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default [2017-10-23]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-23]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default [2017-10-23]
CHR Extension: (Prezentace) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
CHR Extension: (Dokumenty) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR Extension: (Disk Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-23]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-23]
CHR Extension: (Adobe Acrobat) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-23]
CHR Extension: (Tabulky) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-23]
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-23]
CHR Extension: (Avast Online Security) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-23]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-23]
CHR HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [peefembmkccmkodbcpgilfjgkligpbba] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-12] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-17] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-10-08] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-10-15] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2017-10-23] (Enigma Software Group USA, LLC.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2015-11-09] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-15] (Microsoft Corporation)
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S2 OnfatU; "C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-12] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1020536 2017-10-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-12] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2017-03-18] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-12] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-15] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2017-10-23] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [50088 2017-02-08] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-10-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-10-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-10-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-10-23] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-28] (NVIDIA Corporation)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-08-30] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-08-30] (Windows (R) Win 7 DDK provider)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 cpuz138; \??\C:\Users\test\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-23 17:46 - 2017-10-23 17:48 - 000021816 _____ C:\Users\test\Downloads\FRST.txt
2017-10-23 17:44 - 2017-10-23 17:44 - 002402816 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2017-10-23 17:40 - 2017-10-23 17:40 - 000000000 ____D C:\Users\test\AppData\LocalLow\Mozilla
2017-10-23 17:39 - 2017-10-23 17:44 - 000000000 ____D C:\Users\test\AppData\Local\Mozilla
2017-10-23 17:39 - 2017-10-23 17:39 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-23 17:39 - 2017-10-23 17:39 - 000000884 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-10-23 17:39 - 2017-10-23 17:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-23 17:38 - 2017-10-23 17:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-23 17:12 - 2017-10-23 17:15 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-10-23 17:12 - 2017-10-23 17:15 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-23 17:12 - 2017-10-23 17:12 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-10-23 17:12 - 2017-10-23 17:12 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 17:12 - 2017-10-23 17:12 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-23 17:11 - 2017-10-23 17:11 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-23 17:11 - 2017-10-23 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 17:11 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-23 16:07 - 2017-10-23 16:07 - 003934840 _____ (Google) C:\Users\test\Downloads\chrome_cleanup_tool.exe
2017-10-23 15:51 - 2017-10-23 15:51 - 000000000 _____ C:\autoexec.bat
2017-10-23 15:50 - 2017-10-23 17:28 - 000000000 ____D C:\Users\test\AppData\Roaming\Enigma Software Group
2017-10-23 15:50 - 2017-10-23 17:09 - 000003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2017-10-23 15:50 - 2017-10-23 15:50 - 000001047 _____ C:\Users\test\Desktop\SpyHunter.lnk
2017-10-23 15:50 - 2017-10-23 15:50 - 000000000 ____D C:\sh4ldr
2017-10-23 15:49 - 2017-10-23 15:49 - 000022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2017-10-23 15:49 - 2017-10-23 15:49 - 000000000 ____D C:\Program Files\Enigma Software Group
2017-10-23 15:43 - 2017-10-23 15:43 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-23 15:43 - 2017-10-23 15:43 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-23 15:37 - 2017-10-23 15:37 - 000001730 __RSH C:\ProgramData\ntuser.pol
2017-10-23 15:34 - 2017-10-23 15:34 - 000000000 ____D C:\Users\test\Desktop\filmora
2017-10-23 13:53 - 2017-10-23 13:53 - 000000566 _____ C:\Users\test\Documents\starburn.txt
2017-10-23 13:43 - 2017-10-23 13:43 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-23 13:42 - 2017-10-23 13:56 - 000000000 ____D C:\Users\test\Downloads\Wondershare Filmora v7.8.1.2 Final Ml_Rus
2017-10-23 13:41 - 2017-10-23 13:41 - 000013237 _____ C:\Users\test\Downloads\5168_Milovya.torrent
2017-10-21 19:13 - 2017-10-21 20:34 - 000000513 _____ C:\Users\test\Desktop\Nový textový dokument.txt
2017-10-17 19:38 - 2017-07-17 04:05 - 898750996 _____ C:\Users\test\Downloads\Mašinka-Tomáš-Král-železnice.cz.avi
2017-10-17 19:32 - 2017-10-17 19:32 - 000311632 _____ C:\Users\test\Downloads\Prezentace1.pdf
2017-10-17 18:53 - 2017-10-17 18:53 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2017-10-17 18:53 - 2017-10-17 18:53 - 000000000 ____D C:\Program Files (x86)\MSECache
2017-10-17 18:53 - 2017-10-17 18:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-17 18:37 - 2017-10-17 18:37 - 000000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2017-10-16 20:39 - 2017-10-16 20:39 - 000820792 _____ (Roblox Corporation) C:\Users\test\Downloads\RobloxPlayerLauncher.exe
2017-10-16 20:39 - 2017-10-16 20:39 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-10-15 13:09 - 2017-10-15 20:32 - 000281392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-10-15 13:09 - 2017-10-15 20:32 - 000076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\Desktop\Assassin's Creed III (Singleplayer).url
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\Desktop\Assassin's Creed III (Multiplayer).url
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed III (Singleplayer).url
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed III (Multiplayer).url
2017-10-15 12:27 - 2017-10-15 12:27 - 000001205 _____ C:\Users\test\Desktop\Uplay.lnk
2017-10-15 12:27 - 2017-10-15 12:27 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-10-15 11:55 - 2017-10-15 12:23 - 000000000 ____D C:\Users\test\Documents\Assassin's Creed Unity
2017-10-14 22:45 - 2017-10-14 22:45 - 000000672 _____ C:\Users\Public\Desktop\PBE.lnk
2017-10-14 22:45 - 2017-10-14 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PBE
2017-10-14 22:26 - 2017-10-15 09:53 - 000000000 ____D C:\Users\test\Downloads\Assassins.Creed.Unity.Gold.Edition.MULTi13-ElAmigos
2017-10-12 20:12 - 2017-10-12 20:12 - 000000222 _____ C:\Users\test\Desktop\Rocket League.url
2017-10-12 18:23 - 2017-10-12 18:22 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-12 14:49 - 2017-10-12 14:49 - 010698399 _____ C:\Users\test\Downloads\[JPz Central] Its Not Like I Like You!! (feat. Emirichu Static-P Amree).mp4
2017-10-08 21:17 - 2017-10-08 11:43 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-10-08 17:46 - 2017-10-16 08:43 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-10-08 01:26 - 2017-10-08 01:26 - 000000222 _____ C:\Users\test\Desktop\Dead by Daylight.url
2017-10-07 22:23 - 2017-10-07 22:23 - 000000222 _____ C:\Users\test\Desktop\Unturned.url
2017-10-05 18:27 - 2017-10-05 18:27 - 000000000 ____D C:\ProgramData\Wondershare
2017-10-05 18:26 - 2017-10-05 18:26 - 000000000 ____D C:\Users\test\AppData\Local\Wondershare
2017-10-05 18:24 - 2017-10-06 22:46 - 000000000 ____D C:\Users\test\Documents\Wondershare Filmora
2017-10-05 15:19 - 2017-10-05 15:19 - 001275430 _____ C:\Users\test\Downloads\2017-10-05-1517-30.flv
2017-10-03 17:21 - 2017-10-03 17:21 - 000000000 ____D C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2017-10-03 17:21 - 2017-10-03 17:21 - 000000000 ____D C:\Program Files (x86)\AMD
2017-10-03 17:21 - 2008-07-12 08:18 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-10-03 17:21 - 2008-07-12 08:18 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-10-03 17:21 - 2008-07-12 08:18 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-10-03 17:16 - 2017-10-03 17:16 - 000000221 _____ C:\Users\test\Desktop\Moonbase Alpha.url
2017-10-03 16:08 - 2017-10-03 17:52 - 000000000 ____D C:\Program Files\MAXON
2017-10-03 16:07 - 2017-10-03 16:38 - 000000000 ____D C:\Users\test\AppData\Roaming\MAXON
2017-10-02 21:38 - 2017-10-02 21:38 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-10-02 21:38 - 2017-10-02 21:38 - 000000000 ____D C:\Program Files\Blender Foundation
2017-10-01 15:50 - 2017-10-01 15:50 - 000000000 ____D C:\Users\test\AppData\Local\Apps\2.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-23 17:46 - 2016-02-04 20:33 - 000000000 ____D C:\FRST
2017-10-23 17:40 - 2017-07-02 00:13 - 000000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2017-10-23 17:39 - 2015-11-20 15:32 - 000000000 ____D C:\Users\test\AppData\Roaming\Skype
2017-10-23 17:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
2017-10-23 17:15 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-23 17:15 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-23 17:09 - 2017-09-10 11:00 - 000003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468859727
2017-10-23 17:09 - 2017-06-14 20:33 - 000003512 _____ C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-10-23 17:09 - 2017-06-14 20:33 - 000003398 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2017-10-23 17:09 - 2017-05-25 13:44 - 000003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-test-PC-test
2017-10-23 17:09 - 2017-04-19 17:58 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2016-09-03 12:34 - 000004512 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-23 17:09 - 2016-08-20 13:12 - 000009010 _____ C:\Windows\System32\Tasks\Gerkmiwegh Cache
2017-10-23 17:09 - 2016-05-11 06:14 - 000003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15d7bd5d2ebca
2017-10-23 17:09 - 2016-05-11 06:14 - 000003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8
2017-10-23 17:09 - 2016-02-04 20:13 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-10-23 17:09 - 2015-11-21 02:50 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-23 17:09 - 2015-11-15 00:14 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-10-23 17:09 - 2015-11-15 00:12 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{38DB25C1-6B48-4196-8799-61FE26F18AD5}
2017-10-23 16:08 - 2015-11-27 23:22 - 000000000 ____D C:\Users\test\AppData\Local\CrashDumps
2017-10-23 15:50 - 2015-11-15 00:59 - 000000000 ____D C:\Users\test
2017-10-23 15:43 - 2015-11-15 00:14 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-23 15:42 - 2015-11-15 01:00 - 000001397 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-23 15:37 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-10-23 15:37 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-10-23 15:02 - 2016-07-17 13:53 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-23 13:53 - 2017-06-11 21:17 - 000000000 ____D C:\Users\test\AppData\Roaming\uTorrent
2017-10-23 13:30 - 2017-01-02 17:11 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-10-23 13:30 - 2015-11-19 17:50 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-10-23 13:30 - 2015-11-15 01:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-23 13:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-22 22:02 - 2017-07-27 01:11 - 000000021 _____ C:\Users\test\Desktop\Animepreparedtowatch.txt
2017-10-22 21:51 - 2017-08-01 10:26 - 000001213 _____ C:\Users\test\Desktop\Anime i watched.txt
2017-10-20 15:18 - 2016-11-11 16:12 - 000000000 ____D C:\Users\test\Desktop\Songs
2017-10-20 13:21 - 2016-12-17 23:15 - 000000000 ____D C:\Users\test\AppData\Local\Ubisoft Game Launcher
2017-10-18 06:01 - 2009-07-14 06:45 - 000440080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-17 19:40 - 2017-04-13 16:37 - 000000000 ____D C:\Users\test\Desktop\other
2017-10-17 19:40 - 2015-11-15 01:26 - 000113928 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-17 19:39 - 2011-04-12 10:34 - 000668540 _____ C:\Windows\system32\perfh005.dat
2017-10-17 19:39 - 2011-04-12 10:34 - 000141200 _____ C:\Windows\system32\perfc005.dat
2017-10-17 19:39 - 2009-07-14 07:13 - 001583214 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-17 19:39 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-10-17 18:49 - 2017-03-13 18:22 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-17 18:49 - 2011-04-12 10:45 - 000000000 ____D C:\Windows\ShellNew
2017-10-17 18:49 - 2009-07-14 04:34 - 000000387 _____ C:\Windows\win.ini
2017-10-17 18:48 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-17 18:47 - 2016-02-20 23:33 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-10-17 18:47 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-10-16 20:39 - 2016-03-02 22:35 - 000000250 _____ C:\Users\test\AppData\LocalLow\rbxcsettings.rbx
2017-10-16 13:53 - 2016-11-03 15:09 - 000000000 ____D C:\Users\test\Desktop\photos
2017-10-16 13:52 - 2015-11-20 15:39 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-10-16 13:42 - 2017-08-28 18:58 - 000000000 ____D C:\Users\test\AppData\Roaming\EasyAntiCheat
2017-10-16 13:35 - 2017-05-15 05:10 - 000000000 ____D C:\Users\test\AppData\Roaming\OBS
2017-10-16 13:35 - 2017-04-28 23:07 - 000000000 ____D C:\Users\test\AppData\Roaming\vlc
2017-10-16 09:27 - 2015-11-21 02:50 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-16 09:27 - 2015-11-21 02:50 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-16 09:27 - 2015-11-21 02:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-16 09:27 - 2015-11-21 02:50 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-15 20:43 - 2016-12-18 00:53 - 000000000 ____D C:\Users\test\Documents\Assassin's Creed III
2017-10-15 20:32 - 2016-12-18 00:54 - 000281392 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-10-15 18:07 - 2016-01-30 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-10-15 13:10 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-15 13:09 - 2016-01-31 01:06 - 000189248 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-10-15 09:58 - 2016-11-04 23:20 - 000000000 ____D C:\Users\test\AppData\Local\Bluestacks
2017-10-14 22:43 - 2016-09-04 18:02 - 000000000 ____D C:\Riot Games
2017-10-14 11:45 - 2017-08-23 23:24 - 000000000 ____D C:\Users\test\AppData\Roaming\discord
2017-10-12 18:23 - 2017-03-18 13:54 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-12 18:22 - 2016-07-18 18:34 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-12 18:22 - 2016-02-04 20:11 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-12 18:21 - 2017-03-18 13:54 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-12 18:21 - 2017-03-18 13:54 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-12 18:21 - 2017-03-18 13:54 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-12 18:21 - 2017-03-18 13:54 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-12 18:21 - 2016-07-18 18:34 - 001020536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-10-11 15:38 - 2017-08-17 19:51 - 000000000 ____D C:\Users\test\AppData\Roaming\audacity
2017-10-11 06:55 - 2017-09-08 06:50 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-10-11 05:55 - 2017-08-05 16:43 - 000001708 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-10-10 20:20 - 2017-04-12 22:12 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2017-10-08 14:51 - 2017-07-26 19:50 - 000000000 ____D C:\Users\test\Desktop\inmk
2017-10-07 17:28 - 2017-01-08 18:22 - 000000000 ____D C:\Users\test\AppData\Roaming\.minecraft
2017-10-06 22:28 - 2017-03-18 11:43 - 000000000 ____D C:\Users\test\AppData\Local\Battle.net
2017-10-06 22:00 - 2017-03-21 18:05 - 000000000 ____D C:\Users\test\Documents\Overwatch
2017-10-06 21:58 - 2017-03-18 11:43 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-04 21:19 - 2017-03-21 17:08 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-10-03 17:21 - 2016-05-05 19:10 - 000000000 ____D C:\Users\test\AppData\Local\Downloaded Installations
2017-10-03 17:21 - 2015-11-22 00:29 - 000000000 ____D C:\Users\test\Documents\My Games
2017-10-03 15:59 - 2017-03-13 23:05 - 000000000 ____D C:\tmp
2017-09-29 17:17 - 2017-03-18 11:44 - 000000000 ____D C:\Users\test\AppData\Local\Blizzard Entertainment

==================== Files in the root of some directories =======

2016-11-01 20:50 - 2016-11-01 20:50 - 000066309 _____ () C:\Users\test\AppData\Roaming\icarus-dxdiag.xml
2015-12-13 17:50 - 2015-12-13 17:50 - 000000097 _____ () C:\Users\test\AppData\Roaming\LauncherSettings_live.cfg
2015-12-13 17:45 - 2015-12-13 17:45 - 000010496 _____ () C:\Users\test\AppData\Roaming\TheHunterSettings_live.bin
2015-12-13 17:42 - 2015-12-13 17:42 - 000000039 _____ () C:\Users\test\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-12-19 16:53 - 2016-08-06 20:24 - 000000910 _____ () C:\Users\test\AppData\Local\_settings.ini

Some files in TEMP:
====================
2017-10-15 09:57 - 2017-09-25 12:28 - 000965176 _____ (BlueStack Systems, Inc.) C:\Users\test\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-10-15 09:57 - 2017-09-25 12:27 - 000421400 _____ (CodeTitans) C:\Users\test\AppData\Local\Temp\JSON.dll
2017-06-19 21:06 - 2017-06-19 21:06 - 030950664 _____ () C:\Users\test\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-20 13:39

==================== End of FRST.txt ============================

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 18:08
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 18:56
od swuklecze
Dokončení AdwCleaner, log:

# AdwCleaner 7.0.3.1 - Logfile created on Mon Oct 23 17:45:56 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: SpyHunter 4 Service


***** [ Folders ] *****

Deleted: C:\Program Files\Common Files\AVG Secure Search
Deleted: C:\Users\test\AppData\Roaming\hadga
Deleted: C:\Program Files\Enigma Software Group
Deleted: C:\Users\test\AppData\Roaming\Enigma Software Group
Deleted: C:\sh4ldr


***** [ Files ] *****

Deleted: C:\Users\All Users\Documents\\report.dat
Deleted: C:\Users\Public\Documents\\report.dat
Deleted: C:\Users\All Users\Documents\\temp.dat
Deleted: C:\Users\Public\Documents\\temp.dat
Deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
Deleted: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk
Deleted: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk
Deleted: C:\Windows\SysNative\drivers\EsgScanner.sys
Deleted: C:\Users\test\Desktop\SpyHunter.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: SpyHunter4Startup


***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mpc.am
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plusnetwork.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.mpc.am
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.mpc.am
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.plusnetwork.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FCA42EE0-B528-44E8-916D-09DC51EBD4B7}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2455E91A-F595-43FB-820C-C7C6C9BF1652}
Deleted: [Key] - HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Gosearchq
Deleted: [Key] - HKCU\Software\Microsoft\Gosearchq
Deleted: [Key] - HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Gosearch
Deleted: [Key] - HKCU\Software\Microsoft\Gosearch
Deleted: [Key] - HKLM\SOFTWARE\hdcode
Deleted: [Key] - HKLM\SOFTWARE\torch
Deleted: [Key] - HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\torch
Deleted: [Key] - HKCU\Software\torch
Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
Deleted: [Key] - HKLM\SOFTWARE\WinZiper
Deleted: [Key] - HKLM\SOFTWARE\amule-custom
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Deleted: [Key] - HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Deleted: [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Deleted: [Key] - HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F4E2191-C9AA-4629-BE75-56786C6F6516}
Deleted: [Key] - HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\win
Deleted: [Key] - HKCU\Software\win
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FCA42EE0-B528-44E8-916D-09DC51EBD4B7}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2455E91A-F595-43FB-820C-C7C6C9BF1652}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
Deleted: [Key] - HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Xpom
Deleted: [Key] - HKCU\Software\Xpom
Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru
Deleted: [Key] - HKLM\SOFTWARE\ScreenShot
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plusnetwork.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.plusnetwork.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chrome.en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{03224F0D-25BA-49DF-A5C5-9F51BBDECEF5}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{28CCCE5D-4E36-4DDA-9C84-91CEFBDB03C3}
Deleted: [Key] - HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.001
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.7z
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.arj
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.bz2
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.bzip2
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.cab
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.cpio
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.deb
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.dmg
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.fat
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.gz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.gzip
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.hfs
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.iso
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.lha
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.lzh
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.lzma
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.ntfs
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.rar
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.rpm
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.squashfs
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.swm
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tar
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.taz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tbz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tbz2
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tgz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tpz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.txz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.vhd
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.wim
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.xar
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.xz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.z
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.zip


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [10260 B] - [2017/10/23 17:44:31]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 19:12
od Rudy
OK. Dejte nový log FRST.

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 19:34
od swuklecze
tady je nový: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2017 01
Ran by test (administrator) on TEST-PC (23-10-2017 20:31:28)
Running from C:\Users\test\Downloads
Loaded Profiles: test (Available Profiles: test)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Discord Inc.) C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Discord Inc.) C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-12] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2015-11-09] (VIA)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-17] (Valve Corporation)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Tanks (1)] => "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [WallpaperEngine] => "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [World of Warplanes] => "C:\Games\World_of_Warplanes\WargamingGameUpdater.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Gaijin.Net Agent] => "C:\Users\test\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\...\Run: [Discord] => C:\Users\test\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizace oznámení.lnk [2017-06-14]
ShortcutTarget: Aktualizace oznámení.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-06-14]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-06-14]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{40F5143E-E1E8-494E-B925-72839C3F31C7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AE568813-CC7A-4B9D-B4B4-8D4030A09294}: [NameServer] 77.234.40.79

Internet Explorer:
==================
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {3BF1670B-0D8A-4E20-B24B-CFD61F757B1A} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {9F976E67-9D9C-4F2B-BB92-BE375CC328CA} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {C0C85594-B862-4570-848F-E85A0AB6DD3A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-12] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: aiixix9q.default
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default [2017-10-23]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-23]
FF Extension: (Avast SafePrice) - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default\Extensions\sp@avast.com.xpi [2017-09-09]
FF Extension: (Avast Online Security) - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default\Extensions\wrc@avast.com.xpi [2017-09-09]
FF Extension: (Adblock Plus) - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\aiixix9q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-23]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default [2017-10-23]
CHR Extension: (Prezentace) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
CHR Extension: (Dokumenty) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR Extension: (Disk Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-23]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-23]
CHR Extension: (Adobe Acrobat) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-23]
CHR Extension: (Tabulky) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-23]
CHR Extension: (AdBlock) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-23]
CHR Extension: (Avast Online Security) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-23]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-23]
CHR HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [peefembmkccmkodbcpgilfjgkligpbba] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-12] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-17] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-10-08] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-10-15] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2015-11-09] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-15] (Microsoft Corporation)
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S2 OnfatU; "C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-12] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1020536 2017-10-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-12] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2017-03-18] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-12] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-23] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [50088 2017-02-08] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-10-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-23] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-28] (NVIDIA Corporation)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-08-30] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-08-30] (Windows (R) Win 7 DDK provider)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 cpuz138; \??\C:\Users\test\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-23 20:31 - 2017-10-23 20:31 - 000000000 ____D C:\Users\test\Downloads\FRST-OlderVersion
2017-10-23 19:54 - 2017-10-23 19:54 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-23 19:45 - 2017-10-23 19:45 - 000004545 _____ C:\Users\test\Desktop\Nový textový dokument (2).txt
2017-10-23 19:41 - 2017-10-23 19:45 - 000000000 ____D C:\AdwCleaner
2017-10-23 19:41 - 2017-10-23 19:41 - 008250832 _____ (Malwarebytes) C:\Users\test\Downloads\adwcleaner_7.0.3.1.exe
2017-10-23 18:15 - 2017-10-23 19:48 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 18:15 - 2017-10-23 19:48 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-23 18:15 - 2017-10-23 19:48 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-23 18:15 - 2017-10-23 18:15 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-23 17:48 - 2017-10-23 17:49 - 000078012 _____ C:\Users\test\Downloads\Addition.txt
2017-10-23 17:46 - 2017-10-23 20:32 - 000021536 _____ C:\Users\test\Downloads\FRST.txt
2017-10-23 17:44 - 2017-10-23 20:31 - 002403328 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2017-10-23 17:40 - 2017-10-23 19:54 - 000000000 ____D C:\Users\test\AppData\LocalLow\Mozilla
2017-10-23 17:39 - 2017-10-23 17:44 - 000000000 ____D C:\Users\test\AppData\Local\Mozilla
2017-10-23 17:39 - 2017-10-23 17:39 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-23 17:39 - 2017-10-23 17:39 - 000000884 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-10-23 17:39 - 2017-10-23 17:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-23 17:38 - 2017-10-23 17:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-23 17:12 - 2017-10-23 17:12 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-10-23 17:11 - 2017-10-23 18:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-23 17:11 - 2017-10-23 17:11 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-23 17:11 - 2017-10-23 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 16:07 - 2017-10-23 16:07 - 003934840 _____ (Google) C:\Users\test\Downloads\chrome_cleanup_tool.exe
2017-10-23 15:51 - 2017-10-23 15:51 - 000000000 _____ C:\autoexec.bat
2017-10-23 15:43 - 2017-10-23 15:43 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-23 15:43 - 2017-10-23 15:43 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-23 15:37 - 2017-10-23 15:37 - 000001730 __RSH C:\ProgramData\ntuser.pol
2017-10-23 15:34 - 2017-10-23 15:34 - 000000000 ____D C:\Users\test\Desktop\filmora
2017-10-23 13:53 - 2017-10-23 13:53 - 000000566 _____ C:\Users\test\Documents\starburn.txt
2017-10-23 13:42 - 2017-10-23 13:56 - 000000000 ____D C:\Users\test\Downloads\Wondershare Filmora v7.8.1.2 Final Ml_Rus
2017-10-23 13:41 - 2017-10-23 13:41 - 000013237 _____ C:\Users\test\Downloads\5168_Milovya.torrent
2017-10-21 19:13 - 2017-10-21 20:34 - 000000513 _____ C:\Users\test\Desktop\Nový textový dokument.txt
2017-10-17 19:38 - 2017-07-17 04:05 - 898750996 _____ C:\Users\test\Downloads\Mašinka-Tomáš-Král-železnice.cz.avi
2017-10-17 19:32 - 2017-10-17 19:32 - 000311632 _____ C:\Users\test\Downloads\Prezentace1.pdf
2017-10-17 18:53 - 2017-10-17 18:53 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2017-10-17 18:53 - 2017-10-17 18:53 - 000000000 ____D C:\Program Files (x86)\MSECache
2017-10-17 18:53 - 2017-10-17 18:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-17 18:37 - 2017-10-17 18:37 - 000000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2017-10-16 20:39 - 2017-10-16 20:39 - 000820792 _____ (Roblox Corporation) C:\Users\test\Downloads\RobloxPlayerLauncher.exe
2017-10-16 20:39 - 2017-10-16 20:39 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-10-15 13:09 - 2017-10-15 20:32 - 000281392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-10-15 13:09 - 2017-10-15 20:32 - 000076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\Desktop\Assassin's Creed III (Singleplayer).url
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\Desktop\Assassin's Creed III (Multiplayer).url
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed III (Singleplayer).url
2017-10-15 12:29 - 2017-10-15 12:29 - 000000232 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed III (Multiplayer).url
2017-10-15 12:27 - 2017-10-15 12:27 - 000001205 _____ C:\Users\test\Desktop\Uplay.lnk
2017-10-15 12:27 - 2017-10-15 12:27 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-10-15 11:55 - 2017-10-15 12:23 - 000000000 ____D C:\Users\test\Documents\Assassin's Creed Unity
2017-10-14 22:45 - 2017-10-14 22:45 - 000000672 _____ C:\Users\Public\Desktop\PBE.lnk
2017-10-14 22:45 - 2017-10-14 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PBE
2017-10-14 22:26 - 2017-10-15 09:53 - 000000000 ____D C:\Users\test\Downloads\Assassins.Creed.Unity.Gold.Edition.MULTi13-ElAmigos
2017-10-12 20:12 - 2017-10-12 20:12 - 000000222 _____ C:\Users\test\Desktop\Rocket League.url
2017-10-12 18:23 - 2017-10-12 18:22 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-12 14:49 - 2017-10-12 14:49 - 010698399 _____ C:\Users\test\Downloads\[JPz Central] Its Not Like I Like You!! (feat. Emirichu Static-P Amree).mp4
2017-10-08 21:17 - 2017-10-08 11:43 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-10-08 17:46 - 2017-10-16 08:43 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-10-08 01:26 - 2017-10-08 01:26 - 000000222 _____ C:\Users\test\Desktop\Dead by Daylight.url
2017-10-07 22:23 - 2017-10-07 22:23 - 000000222 _____ C:\Users\test\Desktop\Unturned.url
2017-10-05 18:27 - 2017-10-05 18:27 - 000000000 ____D C:\ProgramData\Wondershare
2017-10-05 18:26 - 2017-10-05 18:26 - 000000000 ____D C:\Users\test\AppData\Local\Wondershare
2017-10-05 18:24 - 2017-10-06 22:46 - 000000000 ____D C:\Users\test\Documents\Wondershare Filmora
2017-10-05 15:19 - 2017-10-05 15:19 - 001275430 _____ C:\Users\test\Downloads\2017-10-05-1517-30.flv
2017-10-03 17:21 - 2017-10-03 17:21 - 000000000 ____D C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2017-10-03 17:21 - 2017-10-03 17:21 - 000000000 ____D C:\Program Files (x86)\AMD
2017-10-03 17:21 - 2008-07-12 08:18 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-10-03 17:21 - 2008-07-12 08:18 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-10-03 17:21 - 2008-07-12 08:18 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-10-03 17:16 - 2017-10-03 17:16 - 000000221 _____ C:\Users\test\Desktop\Moonbase Alpha.url
2017-10-03 16:08 - 2017-10-03 17:52 - 000000000 ____D C:\Program Files\MAXON
2017-10-03 16:07 - 2017-10-03 16:38 - 000000000 ____D C:\Users\test\AppData\Roaming\MAXON
2017-10-02 21:38 - 2017-10-02 21:38 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-10-02 21:38 - 2017-10-02 21:38 - 000000000 ____D C:\Program Files\Blender Foundation
2017-10-01 15:50 - 2017-10-01 15:50 - 000000000 ____D C:\Users\test\AppData\Local\Apps\2.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-23 20:31 - 2016-02-04 20:33 - 000000000 ____D C:\FRST
2017-10-23 20:00 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-23 20:00 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-23 19:56 - 2015-11-20 15:32 - 000000000 ____D C:\Users\test\AppData\Roaming\Skype
2017-10-23 19:52 - 2016-07-17 13:53 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-23 19:47 - 2017-01-02 17:11 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-10-23 19:47 - 2015-11-19 17:50 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-10-23 19:47 - 2015-11-15 01:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-23 19:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-23 19:45 - 2016-08-24 13:30 - 000000000 ____D C:\Windows\system32\log
2017-10-23 19:33 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
2017-10-23 17:40 - 2017-07-02 00:13 - 000000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2017-10-23 17:09 - 2017-09-10 11:00 - 000003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468859727
2017-10-23 17:09 - 2017-06-14 20:33 - 000003512 _____ C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-10-23 17:09 - 2017-06-14 20:33 - 000003398 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2017-10-23 17:09 - 2017-05-25 13:44 - 000003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-test-PC-test
2017-10-23 17:09 - 2017-04-19 17:58 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2017-04-19 17:58 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-23 17:09 - 2016-09-03 12:34 - 000004512 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-23 17:09 - 2016-08-20 13:12 - 000009010 _____ C:\Windows\System32\Tasks\Gerkmiwegh Cache
2017-10-23 17:09 - 2016-05-11 06:14 - 000003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15d7bd5d2ebca
2017-10-23 17:09 - 2016-05-11 06:14 - 000003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8
2017-10-23 17:09 - 2016-02-04 20:13 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-10-23 17:09 - 2015-11-21 02:50 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-23 17:09 - 2015-11-15 00:14 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-10-23 17:09 - 2015-11-15 00:12 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{38DB25C1-6B48-4196-8799-61FE26F18AD5}
2017-10-23 16:08 - 2015-11-27 23:22 - 000000000 ____D C:\Users\test\AppData\Local\CrashDumps
2017-10-23 15:50 - 2015-11-15 00:59 - 000000000 ____D C:\Users\test
2017-10-23 15:43 - 2015-11-15 00:14 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-23 15:42 - 2015-11-15 01:00 - 000001397 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-23 15:37 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-10-23 15:37 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-10-23 13:53 - 2017-06-11 21:17 - 000000000 ____D C:\Users\test\AppData\Roaming\uTorrent
2017-10-22 22:02 - 2017-07-27 01:11 - 000000021 _____ C:\Users\test\Desktop\Animepreparedtowatch.txt
2017-10-22 21:51 - 2017-08-01 10:26 - 000001213 _____ C:\Users\test\Desktop\Anime i watched.txt
2017-10-20 15:18 - 2016-11-11 16:12 - 000000000 ____D C:\Users\test\Desktop\Songs
2017-10-20 13:21 - 2016-12-17 23:15 - 000000000 ____D C:\Users\test\AppData\Local\Ubisoft Game Launcher
2017-10-18 06:01 - 2009-07-14 06:45 - 000440080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-17 19:40 - 2017-04-13 16:37 - 000000000 ____D C:\Users\test\Desktop\other
2017-10-17 19:40 - 2015-11-15 01:26 - 000113928 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-17 19:39 - 2011-04-12 10:34 - 000668540 _____ C:\Windows\system32\perfh005.dat
2017-10-17 19:39 - 2011-04-12 10:34 - 000141200 _____ C:\Windows\system32\perfc005.dat
2017-10-17 19:39 - 2009-07-14 07:13 - 001583214 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-17 19:39 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-10-17 18:49 - 2017-03-13 18:22 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-17 18:49 - 2011-04-12 10:45 - 000000000 ____D C:\Windows\ShellNew
2017-10-17 18:49 - 2009-07-14 04:34 - 000000387 _____ C:\Windows\win.ini
2017-10-17 18:48 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-17 18:47 - 2016-02-20 23:33 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-10-17 18:47 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-10-16 20:39 - 2016-03-02 22:35 - 000000250 _____ C:\Users\test\AppData\LocalLow\rbxcsettings.rbx
2017-10-16 13:53 - 2016-11-03 15:09 - 000000000 ____D C:\Users\test\Desktop\photos
2017-10-16 13:52 - 2015-11-20 15:39 - 000000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-10-16 13:42 - 2017-08-28 18:58 - 000000000 ____D C:\Users\test\AppData\Roaming\EasyAntiCheat
2017-10-16 13:35 - 2017-05-15 05:10 - 000000000 ____D C:\Users\test\AppData\Roaming\OBS
2017-10-16 13:35 - 2017-04-28 23:07 - 000000000 ____D C:\Users\test\AppData\Roaming\vlc
2017-10-16 09:27 - 2015-11-21 02:50 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-16 09:27 - 2015-11-21 02:50 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-16 09:27 - 2015-11-21 02:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-16 09:27 - 2015-11-21 02:50 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-15 20:43 - 2016-12-18 00:53 - 000000000 ____D C:\Users\test\Documents\Assassin's Creed III
2017-10-15 20:32 - 2016-12-18 00:54 - 000281392 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-10-15 18:07 - 2016-01-30 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-10-15 13:10 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-15 13:09 - 2016-01-31 01:06 - 000189248 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-10-15 09:58 - 2016-11-04 23:20 - 000000000 ____D C:\Users\test\AppData\Local\Bluestacks
2017-10-14 22:43 - 2016-09-04 18:02 - 000000000 ____D C:\Riot Games
2017-10-14 11:45 - 2017-08-23 23:24 - 000000000 ____D C:\Users\test\AppData\Roaming\discord
2017-10-12 18:23 - 2017-03-18 13:54 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-12 18:22 - 2016-07-18 18:34 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-12 18:22 - 2016-07-18 18:34 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-12 18:22 - 2016-02-04 20:11 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-12 18:21 - 2017-03-18 13:54 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-12 18:21 - 2017-03-18 13:54 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-12 18:21 - 2017-03-18 13:54 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-12 18:21 - 2017-03-18 13:54 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-12 18:21 - 2016-07-18 18:34 - 001020536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-10-11 15:38 - 2017-08-17 19:51 - 000000000 ____D C:\Users\test\AppData\Roaming\audacity
2017-10-11 06:55 - 2017-09-08 06:50 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-10-11 05:55 - 2017-08-05 16:43 - 000001708 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-10-10 20:20 - 2017-04-12 22:12 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2017-10-08 14:51 - 2017-07-26 19:50 - 000000000 ____D C:\Users\test\Desktop\inmk
2017-10-07 17:28 - 2017-01-08 18:22 - 000000000 ____D C:\Users\test\AppData\Roaming\.minecraft
2017-10-06 22:28 - 2017-03-18 11:43 - 000000000 ____D C:\Users\test\AppData\Local\Battle.net
2017-10-06 22:00 - 2017-03-21 18:05 - 000000000 ____D C:\Users\test\Documents\Overwatch
2017-10-06 21:58 - 2017-03-18 11:43 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-04 21:19 - 2017-03-21 17:08 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-10-03 17:21 - 2016-05-05 19:10 - 000000000 ____D C:\Users\test\AppData\Local\Downloaded Installations
2017-10-03 17:21 - 2015-11-22 00:29 - 000000000 ____D C:\Users\test\Documents\My Games
2017-10-03 15:59 - 2017-03-13 23:05 - 000000000 ____D C:\tmp
2017-09-29 17:17 - 2017-03-18 11:44 - 000000000 ____D C:\Users\test\AppData\Local\Blizzard Entertainment

==================== Files in the root of some directories =======

2016-11-01 20:50 - 2016-11-01 20:50 - 000066309 _____ () C:\Users\test\AppData\Roaming\icarus-dxdiag.xml
2015-12-13 17:50 - 2015-12-13 17:50 - 000000097 _____ () C:\Users\test\AppData\Roaming\LauncherSettings_live.cfg
2015-12-13 17:45 - 2015-12-13 17:45 - 000010496 _____ () C:\Users\test\AppData\Roaming\TheHunterSettings_live.bin
2015-12-13 17:42 - 2015-12-13 17:42 - 000000039 _____ () C:\Users\test\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-12-19 16:53 - 2016-08-06 20:24 - 000000910 _____ () C:\Users\test\AppData\Local\_settings.ini

Some files in TEMP:
====================
2017-10-15 09:57 - 2017-09-25 12:28 - 000965176 _____ (BlueStack Systems, Inc.) C:\Users\test\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-10-15 09:57 - 2017-09-25 12:27 - 000421400 _____ (CodeTitans) C:\Users\test\AppData\Local\Temp\JSON.dll
2017-06-19 21:06 - 2017-06-19 21:06 - 030950664 _____ () C:\Users\test\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-20 13:39

==================== End of FRST.txt ============================

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 20:10
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
S2 OnfatU; "C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe" [X]
C:\Program Files (x86)\Onfat
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15d7bd5d2ebca
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8
C:\Users\test\AppData\Local\Temp

EmptyTemp:
End
Uložte do C:\Users\test\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 20:35
od swuklecze
Tady to je

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by test (23-10-2017 21:23:04) Run:2
Running from C:\Users\test\Downloads
Loaded Profiles: test (Available Profiles: test)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1906927588-4285542165-1585533686-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
S2 OnfatU; "C:\Program Files (x86)\Onfat\Update\OnfatUpdate.exe" [X]
C:\Program Files (x86)\Onfat
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15d7bd5d2ebca
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8
C:\Users\test\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1906927588-4285542165-1585533686-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\System\CurrentControlSet\Services\OnfatU => key removed successfully
OnfatU => service removed successfully
"C:\Program Files (x86)\Onfat" => not found.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15d7bd5d2ebca => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d273b5e9ef8 => moved successfully

"C:\Users\test\AppData\Local\Temp" folder move:

Could not move "C:\Users\test\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 66741584 B
Java, Flash, Steam htmlcache => 290467969 B
Windows/system/drivers => 13980129 B
Edge => 0 B
Chrome => 81929704 B
Firefox => 225349697 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
test => 44256975003 B

RecycleBin => 0 B
EmptyTemp: => 41.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-10-2017 21:27:13)

C:\Users\test\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:27:18 ====

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 20:55
od Rudy
Smazáno. Nastala nějaká změna?

Re: chromesearch.today v prohlížeči

Napsal: 23 říj 2017 21:01
od swuklecze
Ano! je to odstraněno, děkuji mockrát! :closed:

Re: chromesearch.today v prohlížeči

Napsal: 24 říj 2017 17:03
od Rudy
To jsem rád. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz