VIRY.CZ

Ahoj, nedávno mi můj kamarád dával zdílení obrazovek na skype a já si všiml že má viry, tak jsem ho požádal o scan FRST, píšu za něj protože on nevěří této stránce tady to je:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by martin (administrator) on MARTIN-PC (15-05-2018 19:05:56)
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available Profiles: martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google) C:\Users\martin\AppData\Local\Google\Chrome\User Data\SwReporter\23.131.2\software_reporter_tool.exe
(Google) C:\Users\martin\AppData\Local\Google\Chrome\User Data\SwReporter\23.131.2\software_reporter_tool.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() D:\SteamLibrary\steamapps\common\CPUCores\cpucores.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google) C:\Users\martin\AppData\Local\Google\Chrome\User Data\SwReporter\23.131.2\software_reporter_tool.exe
(Google) C:\Users\martin\AppData\Local\Google\Chrome\User Data\SwReporter\23.131.2\software_reporter_tool.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
() C:\Users\martin\Desktop\Sweet.Home.My.Sexy.Roommates\Sweet Home - My Sexy Roommates\SweetHome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-12] (AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [PlaysTV] => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-15] (Valve Corporation)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1070056 2018-04-25] (Blizzard Entertainment)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [MurGee.com Auto Clicker] => C:\Users\martin\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-10-27] (MurGee.com)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Discord] => C:\Users\martin\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [EvolveClient] => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [OneClick] => C:\Users\martin\AppData\Local\OneClick\OneClickApp.64.exe [5822136 2017-08-14] (OneClick)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [amigo] => C:\Users\martin\AppData\Local\Amigo\Application\amigo.exe [1104872 2018-01-24] (Mail.Ru) <==== ATTENTION
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [mrupdsrv] => C:\Users\martin\AppData\Local\Mail.Ru\Update Service\mrupdsrv.exe [1314008 2017-08-21] (Mail.Ru)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [BloodyPad] => "C:\Program Files (x86)\BloodyIllumine\BloodyIllumine\BloodyIllumine.exe" Minimum
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [MailRuUpdater] => C:\Users\martin\AppData\Local\Mail.Ru\MailRuUpdater.exe [3477176 2018-05-14] (Mail.Ru) <==== ATTENTION
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [MicrosoftRuntime] => C:\Users\martin\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [884 2018-02-03] ()
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (Disc Soft Ltd)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16226032 2018-01-15] ()
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [World of Tanks] => D:\WOT\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\MountPoints2: {51a47e81-21c8-11e7-9fa7-74e54367005d} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SPACEW~1.SCR
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUSH Wallpaper.lnk [2017-06-29]
ShortcutTarget: PUSH Wallpaper.lnk -> C:\Program Files\PUSH Entertainment\Space Wormhole 3D\pushlivewallpaper.exe (No File)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-11-25]
ShortcutTarget: Twitch.lnk -> C:\Users\martin\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3A8C4585-5A54-4292-8D48-27AE8950D344}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FD7CFE7D-B3A9-4F77-958E-C1E7118C64BA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130964967635621484&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811141
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = hxxp://www.default-search.net/search?sid=578&a ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = hxxp://www.default-search.net/search?sid=578&a ... earchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=v ... earchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {8B675808-7235-4D37-9094-4F5D5A279558} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-ob&q={searchTerms}&r=565
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = hxxp://www.default-search.net/search?sid=578&a ... earchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll => No File
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\martin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-02-16] (Mail.Ru)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2018-05-15]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://mail.ru/cnt/10445?gp=811141
FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:newtab
FF Extension: (Bing Search) - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-02-17] [Legacy]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru.xpi [2018-02-16]
FF Extension: (Поиск Mail.Ru) - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru.xpi [2018-02-16]
FF Extension: (Пульт) - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-02-16]
FF SearchPlugin: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bing-.xml [2016-02-17]
FF SearchPlugin: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dsrlte1.xml [2015-09-25]
FF SearchPlugin: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\seznam-avast.xml [2016-11-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-159035887-1765306370-2699142008-1000: @my.com/Games -> C:\Users\martin\AppData\Local\MyComGames\NPMyComDetector.dll [2016-04-20] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-159035887-1765306370-2699142008-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
CHR NewTab: Default -> Not-active:"chrome-extension://lhemechcanjmilllmccjbjldonmnnjjj/visual-bookmarks.html"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default [2018-05-15]
CHR Extension: (Prezentace) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (Mail.Ru) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2018-02-16]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Allin1Convert) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhdkleldahgplgplciiapcbladjelbe [2015-03-28]
CHR Extension: (Avast SafePrice) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-10]
CHR Extension: (Tabulky) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Allin1Convert) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-03-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-10]
CHR Extension: (Avast Online Security) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-19]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2018-02-16]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhemechcanjmilllmccjbjldonmnnjjj [2018-02-16]
CHR Extension: (Tampermonkey) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchbmglgiiijnmpdhcbepaefgljhigdi [2016-01-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odijcgafkhpobjlnfdgiacpdenpmbgme [2017-09-25]
CHR Extension: (Mail.Ru) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkdcinmmljblpnkohlipaiodlonpinf [2017-09-25]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [odijcgafkhpobjlnfdgiacpdenpmbgme] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phkdcinmmljblpnkohlipaiodlonpinf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pmpoaahleccaibbhfjfimigepmfmmbbk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Air Globe) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\clknpmdbolddgnpknkalhepifhenajff [2015-04-29]
OPR Extension: (Tampermonkey) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-02-16]
OPR Extension: (ScriptGate) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-02-16]
OPR Extension: (Sense) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\knlpigpfaognbholppaembpfphilacie [2015-04-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-12] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-24] ()
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-07-20] (Byte Technologies LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-19] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-04-17] (Hi-Rez Studios) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-08-17] (Copyright (c) 2017 Plays.tv, LLC)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Amazon Assistant Service; "C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe" [X]
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [X]
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S3 EvoSvc; "C:\Program Files\Echobit\Evolve\EvoSvc.exe" -service -logfile "C:\ProgramData\Echobit\Evolve\EvoSvc.log"
S3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe" [X]
S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-12] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-14] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-14] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-14] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-14] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-12] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-12] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-12] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-12] (Disc Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2017-09-05] (Echobit, LLC)
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [14748416 2012-03-26] (Intel Corporation) [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-10-01] (BigNox Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S2 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S2 SPDRIVER_1.42.0.1808; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1808\jsdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Zdravím!
Mail.ru ke opravdu neregulérní stránka. Nejprve spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

tady to je:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-14.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-15-2018
# Duration: 00:00:55
# OS: Windows 7 Home Premium
# Scanned: 40858
# Detected: 291


***** [ Services ] *****

PUP.Adware.Heuristic SPDRIVER_1.42.0.1808
PUP.Optional.Assistant Amazon Assistant Service
PUP.Optional.ByteFence rtop
PUP.Optional.ByteFence ByteFenceService

***** [ Folders ] *****

PUP.Optional.AmazonBrowserSettings C:\Users\martin\AppData\Local\Amazon Browser Settings
PUP.Optional.Amigo C:\Users\martin\AppData\Local\Amigo
PUP.Optional.BrowserWeb C:\Users\martin\AppData\Local\BrowserWeb
PUP.Optional.ByteFence C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.ByteFence C:\ProgramData\ByteFence
PUP.Optional.ByteFence C:\Program Files\ByteFence
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
PUP.Optional.Legacy C:\Users\martin\AppData\Local\globalUpdate
PUP.Optional.Mail.Ru C:\ProgramData\Mail.Ru
PUP.Optional.Mail.Ru C:\Users\martin\AppData\Local\Mail.Ru
PUP.Optional.OpenCandy C:\Users\martin\AppData\Roaming\OpenCandy
PUP.Optional.PayByAds C:\Users\martin\AppData\Local\Pay-By-Ads
PUP.Optional.UpdateChecker C:\Users\martin\AppData\Local\BrowserHelper
Rogue.ForcedExtension C:\ProgramData\apn

***** [ Files ] *****

PUP.Optional.Amigo C:\Users\martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk
PUP.Optional.Amigo C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk
PUP.Optional.Legacy C:\Users\martin\Favorites\Mail.Ru ????? - ????????? ??? ???????!.url
PUP.Optional.Legacy C:\Users\martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\?????????????.lnk
PUP.Optional.Legacy C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????????????.lnk
PUP.Optional.Legacy C:\Users\martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\?????????.lnk
PUP.Optional.Legacy C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????????.lnk
PUP.Optional.Legacy C:\Users\martin\Favorites\Mail.Ru.url

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy C:\Users\martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk

***** [ Tasks ] *****

PUP.Optional.ByteFence C:\Windows\System32\Tasks\ByteFence
PUP.Optional.Legacy C:\Windows\System32\Tasks\DistromaticUpdater-logon
PUP.Optional.Legacy C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly
PUP.Optional.Legacy C:\Windows\System32\Tasks\DistromaticUpdater-periodic
PUP.Optional.Legacy C:\Windows\System32\Tasks\DistromaticSearchProtect-logon
PUP.Optional.Legacy C:\Windows\System32\Tasks\ByteFence Scan
PUP.Optional.Legacy C:\Windows\System32\Tasks\MixVideoPlayer Update
PUP.Optional.Legacy C:\Windows\System32\Tasks\SMupdate1
PUP.Optional.Legacy C:\Windows\System32\Tasks\YTDownloader
PUP.Optional.WinYahoo C:\Windows\System32\Tasks\Yahoo! Search Updater

***** [ Registry ] *****

PUP.Optional.AirGlobe HKCU\Software\Air Globe
PUP.Optional.Amazon1Button HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKU\S-1-5-18\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKU\S-1-5-20\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKU\S-1-5-19\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKU\.DEFAULT\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.Amazon1Button HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.Amazon1Button HKLM\Software\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
PUP.Optional.Amazon1Button HKLM\Software\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
PUP.Optional.Amazon1Button HKLM\Software\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
PUP.Optional.Amigo HKCU\Software\Microsoft\Windows\CurrentVersion\Run|amigo
PUP.Optional.AppEnable.A HKLM\Software\Wow6432Node\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
PUP.Optional.AppEnable.A HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
PUP.Optional.AppEnable.A HKLM\Software\Wow6432Node\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
PUP.Optional.AppEnable.A HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
PUP.Optional.AppEnable.A HKLM\Software\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
PUP.Optional.AppEnable.A HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
PUP.Optional.Ask HKU\S-1-5-18\Software\AskPartnerNetwork
PUP.Optional.Ask HKU\.DEFAULT\Software\AskPartnerNetwork
PUP.Optional.Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKLM\Software\Wow6432Node\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKLM\Software\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
PUP.Optional.BrowseFox.A HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
PUP.Optional.BrowserWeb HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|BrowserWeb.exe
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
PUP.Optional.ByteFence HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence HKCU\Software\ByteFence
PUP.Optional.ByteFence HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\ByteFence
PUP.Optional.ByteFence HKLM\Software\ByteFence
PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CB6EAD5-CD8C-4CA1-B7EC-01649ED585D0}
PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB6EAD5-CD8C-4CA1-B7EC-01649ED585D0}
PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence
PUP.Optional.ByteFence HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
PUP.Optional.ByteFence HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
PUP.Optional.ByteFence HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
PUP.Optional.CrossRider HKCU\Software\AppDataLow\Software\Crossrider
PUP.Optional.CrossRider HKLM\Software\Wow6432Node\AppDataLow\Software\Crossrider
PUP.Optional.CrossRider HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.CrossRider HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
PUP.Optional.EoRezo HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
PUP.Optional.Goobzo HKCU\Software\YTDownloader
PUP.Optional.Goobzo HKLM\Software\Wow6432Node\YTDownloader
PUP.Optional.Goobzo HKLM\Software\YTDownloader
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.KeepMySearch HKCU\Software\Classes\keepmysearch
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MailRuUpdater
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
PUP.Optional.Legacy HKLM\Software\Wow6432Node\MaxPower
PUP.Optional.Legacy HKCU\Software\Earth Networks
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
PUP.Optional.Legacy HKLM\Software\Wow6432Node\TData
PUP.Optional.Legacy HKCU\Software\OB
PUP.Optional.Legacy HKCU\Software\InstalledBrowserExtensions
PUP.Optional.Legacy HKLM\Software\Wow6432Node\InstalledBrowserExtensions
PUP.Optional.Legacy HKLM\Software\InstalledBrowserExtensions
PUP.Optional.Legacy HKCU\Software\GlobalUpdate
PUP.Optional.Legacy HKLM\Software\Wow6432Node\GlobalUpdate
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
PUP.Optional.Legacy HKCU\Software\distromatic
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Applications\MixVideoPlayer.exe
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\SysMenu.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\iedll.dll
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\iedll.dll
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6AD694A-8B59-4D84-B020-A05D081EBD70}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AD694A-8B59-4D84-B020-A05D081EBD70}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3A4C36D-FCB0-4B8E-A4A2-B262F671F65A}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3A4C36D-FCB0-4B8E-A4A2-B262F671F65A}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6C0D435-E242-4239-86BC-EFEAC84E16D2}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6C0D435-E242-4239-86BC-EFEAC84E16D2}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA0A0C9F-A17A-45CC-8790-3312B821589E}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA0A0C9F-A17A-45CC-8790-3312B821589E}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA27D880-7A64-4368-ACE0-F77D8977FDEA}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA27D880-7A64-4368-ACE0-F77D8977FDEA}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBFBF93F-BF9E-4A44-9DD0-D88F611196FA}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBFBF93F-BF9E-4A44-9DD0-D88F611196FA}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MixVideoPlayer Update
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8307F03-5E16-4C0E-B265-6483567D245C}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8307F03-5E16-4C0E-B265-6483567D245C}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6092D441-3403-4D63-A2E2-4BA2286D8C6F}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6092D441-3403-4D63-A2E2-4BA2286D8C6F}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F732CAEB-1970-48FB-9489-A10292EA2C92}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MailRuUpdater
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52E54428-1777-4498-B4B6-36ED552865CF}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52E54428-1777-4498-B4B6-36ED552865CF}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C021362-604A-4BA4-AF7E-720D0E7F0B7C}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C021362-604A-4BA4-AF7E-720D0E7F0B7C}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WarThunder24
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WarThunder sun
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WarThunder sat
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Linkey HKLM\Software\Wow6432Node\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
PUP.Optional.Linkey HKLM\Software\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
PUP.Optional.Linkey HKLM\Software\Wow6432Node\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
PUP.Optional.Linkey HKLM\Software\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
PUP.Optional.Linkey.AppFlsh HKCU\Software\Linkey
PUP.Optional.Linkey.AppFlsh HKLM\Software\Linkey
PUP.Optional.Mail.Ru HKCU\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.Mail.Ru HKCU\Software\Mail.Ru
PUP.Optional.Mail.Ru HKLM\Software\Wow6432Node\Mail.Ru
PUP.Optional.Mail.Ru HKCU\Software\Xpom
PUP.Optional.Mail.Ru HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host
PUP.Optional.Mail.Ru HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
PUP.Optional.Mail.Ru HKLM\Software\Classes\IESearchPlugin.MailRuBHO
PUP.Optional.MixVideoPlayer HKLM\Software\Wow6432Node\MixVideoPlayer
PUP.Optional.MyStart HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}
PUP.Optional.MyStart HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.SettingsManager HKLM\Software\Wow6432Node\SmdmF
PUP.Optional.Uniblue HKLM\Software\Classes\pc-mechanic
PUP.Optional.WinYahoo HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1713E77E-112A-4464-9B38-9820E0CA9AB0}
PUP.Optional.WinYahoo HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1713E77E-112A-4464-9B38-9820E0CA9AB0}
PUP.Optional.WinYahoo HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater
PUP.Optional.Yontoo HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo
PUP.Optional.Yontoo HKCU\Software\Amigo
PUP.Optional.Yontoo HKLM\Software\Wow6432Node\Sense
PUP.Optional.YourSearching.ShrtCln HKLM\Software\Wow6432Node\yoursearchingSoftware

***** [ Chromium (and derivatives) ] *****

PUP.Optional.AmazonBrowserBar Amazon Assistant for Chrome
PUP.Optional.DefaultSearch.ShrtCln Default-Search
PUP.Optional.Legacy ???????? ???????? Mail.Ru
PUP.Optional.Legacy Allin1Convert
PUP.Optional.Legacy MSN Homepage & Bing Search Engine
PUP.Optional.Linkey.AppFlsh Linkey
PUP.Optional.Mail.Ru ???????? ???????? Mail.Ru
PUP.Optional.Mail.Ru ?????????? ???????? Mail.Ru
PUP.Optional.Mail.Ru ????? Mail.Ru
PUP.Optional.Mail.Ru ?????
PUP.Optional.Mail.Ru ???????? ???????? Mail.Ru
PUP.Optional.Mail.Ru ????? Mail.Ru
PUP.Optional.RussAd ?????
PUP.Optional.SearchApp Search App By Ask v2

***** [ Chromium URLs ] *****

PUP.Optional.Legacy yoursearching
PUP.Optional.Legacy http://mail.ru/cnt/10445?gp=811141
PUP.Optional.Legacy http://mail.ru/cnt/10445?gp=811141
PUP.Optional.Legacy ????? Mail.Ru
PUP.Optional.Legacy yoursearching
PUP.Optional.SofTonicAssistant Softonic EN
PUP.Optional.SofTonicAssistant Softonic EN

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy ????? Mail.Ru
PUP.Optional.Legacy ???????? ???????? Mail.Ru
PUP.Optional.Mail.Ru __MSG_extName__
PUP.Optional.Mail.Ru __MSG_extName__

***** [ Firefox URLs ] *****

PUP.Optional.Legacy suggests.go.mail.ru
PUP.Optional.Legacy http://mail.ru/cnt/10445?gp=811141



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

V ADW ještě klikněte na mazání, restartujte a dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by martin (administrator) on MARTIN-PC (15-05-2018 21:15:27)
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available Profiles: martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Discord Inc.) C:\Users\martin\AppData\Local\Discord\app-0.0.301\Discord.exe
(OneClick) C:\Users\martin\AppData\Local\OneClick\OneClickApp.64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\martin\AppData\Local\OneClick\OneClickBandHandler.64.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\martin\AppData\Local\Discord\app-0.0.301\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6160\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.10047\Battle.net Helper.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.10047\Battle.net Helper.exe
() C:\Program Files (x86)\Hearthstone\Hearthstone.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-12] (AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [PlaysTV] => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-15] (Valve Corporation)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1070056 2018-04-25] (Blizzard Entertainment)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [MurGee.com Auto Clicker] => C:\Users\martin\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-10-27] (MurGee.com)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Discord] => C:\Users\martin\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [EvolveClient] => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [OneClick] => C:\Users\martin\AppData\Local\OneClick\OneClickApp.64.exe [5822136 2017-08-14] (OneClick)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [mrupdsrv] => "C:\Users\martin\AppData\Local\Mail.Ru\Update Service\mrupdsrv.exe" --u
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [BloodyPad] => "C:\Program Files (x86)\BloodyIllumine\BloodyIllumine\BloodyIllumine.exe" Minimum
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [MicrosoftRuntime] => C:\Users\martin\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [884 2018-02-03] ()
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (Disc Soft Ltd)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16226032 2018-01-15] ()
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\Run: [World of Tanks] => D:\WOT\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\MountPoints2: {51a47e81-21c8-11e7-9fa7-74e54367005d} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SPACEW~1.SCR
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUSH Wallpaper.lnk [2017-06-29]
ShortcutTarget: PUSH Wallpaper.lnk -> C:\Program Files\PUSH Entertainment\Space Wormhole 3D\pushlivewallpaper.exe (No File)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-11-25]
ShortcutTarget: Twitch.lnk -> C:\Users\martin\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A8C4585-5A54-4292-8D48-27AE8950D344}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FD7CFE7D-B3A9-4F77-958E-C1E7118C64BA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130964967635621484&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = hxxp://www.default-search.net/search?sid=578&a ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = hxxp://www.default-search.net/search?sid=578&a ... earchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=v ... earchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {8B675808-7235-4D37-9094-4F5D5A279558} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-ob&q={searchTerms}&r=565
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2578} URL = hxxp://www.default-search.net/search?sid=578&a ... earchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2018-05-15]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:newtab
FF Extension: (Bing Search) - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-02-17] [Legacy]
FF SearchPlugin: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bing-.xml [2016-02-17]
FF SearchPlugin: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dsrlte1.xml [2015-09-25]
FF SearchPlugin: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\seznam-avast.xml [2016-11-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-159035887-1765306370-2699142008-1000: @my.com/Games -> C:\Users\martin\AppData\Local\MyComGames\NPMyComDetector.dll [2016-04-20] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-159035887-1765306370-2699142008-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default [2018-05-15]
CHR Extension: (Prezentace) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Allin1Convert) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhdkleldahgplgplciiapcbladjelbe [2015-03-28]
CHR Extension: (Avast SafePrice) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-10]
CHR Extension: (Tabulky) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Allin1Convert) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-03-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-10]
CHR Extension: (Avast Online Security) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-19]
CHR Extension: (Tampermonkey) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchbmglgiiijnmpdhcbepaefgljhigdi [2016-01-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [odijcgafkhpobjlnfdgiacpdenpmbgme] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phkdcinmmljblpnkohlipaiodlonpinf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pmpoaahleccaibbhfjfimigepmfmmbbk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Air Globe) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\clknpmdbolddgnpknkalhepifhenajff [2015-04-29]
OPR Extension: (Tampermonkey) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-02-16]
OPR Extension: (ScriptGate) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-02-16]
OPR Extension: (Sense) - C:\Users\martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\knlpigpfaognbholppaembpfphilacie [2015-04-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-12] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-24] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-19] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-04-17] (Hi-Rez Studios) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-08-17] (Copyright (c) 2017 Plays.tv, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [X]
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S3 EvoSvc; "C:\Program Files\Echobit\Evolve\EvoSvc.exe" -service -logfile "C:\ProgramData\Echobit\Evolve\EvoSvc.log"
S3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe" [X]
S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-12] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-14] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-14] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-14] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-14] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-12] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-12] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-12] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-12] (Disc Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2017-09-05] (Echobit, LLC)
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [14748416 2012-03-26] (Intel Corporation) [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-10-01] (BigNox Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S2 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-15 20:15 - 2018-05-15 20:17 - 000000420 _____ C:\Users\martin\Desktop\Nový textový dokument.txt
2018-05-15 20:12 - 2018-05-15 20:19 - 000000000 ____D C:\AdwCleaner
2018-05-15 20:12 - 2018-05-15 20:12 - 007271632 _____ (Malwarebytes) C:\Users\martin\Desktop\adwcleaner_7.1.1.exe
2018-05-15 18:59 - 2018-05-15 21:18 - 000029975 _____ C:\Users\martin\Desktop\FRST.txt
2018-05-15 18:59 - 2018-05-15 19:07 - 000000000 ____D C:\FRST
2018-05-15 18:59 - 2018-05-15 18:59 - 002404864 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2018-05-15 18:40 - 2018-05-15 18:41 - 000000000 ____D C:\Users\martin\AppData\Roaming\CPUCores
2018-05-15 18:37 - 2018-05-15 18:37 - 000000222 _____ C:\Users\martin\Desktop\CPUCores Maximize Your FPS.url
2018-05-11 16:47 - 2018-05-11 17:03 - 000000000 ____D C:\Users\martin\AppData\Local\Ori and the Blind Forest DE
2018-05-11 16:45 - 2018-05-11 16:45 - 000000866 _____ C:\Users\Public\Desktop\Ori and The Blind Forest - Definitive Edition.lnk
2018-05-11 16:36 - 2018-05-11 16:39 - 000000000 ____D C:\Users\martin\Desktop\Ori.and.the.Blind.Forest.Definitive.Edition.GOG
2018-05-10 21:50 - 2018-05-10 21:50 - 000000000 ____D C:\Users\martin\Desktop\Sweet.Home.My.Sexy.Roommates
2018-05-10 12:18 - 2018-05-10 12:19 - 000000000 ____D C:\Users\martin\Desktop\GREMS
2018-05-10 12:17 - 2018-05-10 12:17 - 000000000 ____D C:\GOG Games
2018-05-09 22:09 - 2018-05-09 22:09 - 000000000 ____D C:\Users\martin\AppData\LocalLow\DefaultCompany
2018-05-09 19:41 - 2018-05-09 19:41 - 000000000 ____D C:\Users\martin\AppData\Roaming\SCP Secret Laboratory
2018-05-09 19:40 - 2018-05-09 19:40 - 000000000 ____D C:\Users\martin\AppData\LocalLow\Hubert Moszka
2018-05-02 19:32 - 2018-05-02 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-05-02 19:19 - 2018-05-02 19:19 - 000000000 ____D C:\Users\martin\AppData\Local\RadeonInstaller
2018-04-30 21:34 - 2018-04-30 21:34 - 000000000 ____D C:\Users\martin\AppData\Local\Cat_Goes_Fishing
2018-04-29 15:45 - 2018-04-30 16:44 - 000000000 ____D C:\Users\martin\Documents\NHL09
2018-04-29 15:42 - 2018-04-29 15:42 - 000000000 ____D C:\Users\martin\AppData\Roaming\NHL 09
2018-04-27 21:34 - 2018-04-27 21:34 - 000000000 ____D C:\ProgramData\ATI
2018-04-27 18:50 - 2018-04-27 18:50 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-27 18:43 - 2018-04-27 18:47 - 000000000 ____D C:\Program Files\AMD
2018-04-27 18:43 - 2018-04-27 18:43 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-04-26 15:13 - 2018-04-26 15:13 - 000000000 ____D C:\ProgramData\Curse Client
2018-04-22 12:51 - 2018-05-01 17:11 - 000000587 _____ C:\Users\martin\Desktop\World of Tanks.lnk
2018-04-16 18:04 - 2018-04-16 18:04 - 000000000 ____D C:\Users\martin\AppData\Local\CrashReportClient

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-15 21:19 - 2015-07-13 10:38 - 000000000 ____D C:\Users\martin\AppData\Local\Battle.net
2018-05-15 21:18 - 2015-03-22 13:20 - 000000000 ____D C:\Users\martin\AppData\Roaming\Skype
2018-05-15 20:51 - 2009-07-14 06:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-15 20:51 - 2009-07-14 06:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-15 20:48 - 2017-12-07 21:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-05-15 20:45 - 2017-11-25 18:35 - 000000000 ____D C:\Users\martin\AppData\Roaming\Twitch
2018-05-15 20:45 - 2015-03-24 15:57 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-15 20:41 - 2017-04-25 21:21 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-05-15 20:41 - 2016-01-22 18:44 - 000000000 ____D C:\ProgramData\VMware
2018-05-15 20:41 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-15 17:19 - 2015-12-03 16:18 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-05-11 22:37 - 2018-03-27 18:30 - 000000000 ____D C:\Users\martin\Desktop\štým
2018-05-10 18:57 - 2016-05-15 15:29 - 000000000 ____D C:\Users\martin\AppData\Roaming\uTorrent
2018-05-10 17:41 - 2017-12-07 22:03 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-05-10 12:29 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-10 12:28 - 2018-02-11 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-05-10 12:21 - 2017-06-29 08:55 - 000000000 ____D C:\Users\martin\Desktop\Nová složka
2018-05-06 11:38 - 2017-08-14 13:02 - 000000000 ____D C:\Users\martin\AppData\Roaming\discord
2018-05-04 21:04 - 2018-03-19 20:44 - 000000000 ____D C:\ProgramData\Epic
2018-05-02 19:23 - 2015-03-22 11:37 - 000000000 ____D C:\AMD
2018-05-02 19:13 - 2016-05-11 15:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-02 16:28 - 2017-08-14 13:03 - 000000000 ____D C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-02 16:28 - 2017-08-14 13:01 - 000000000 ____D C:\Users\martin\AppData\Local\Discord
2018-05-02 16:26 - 2017-09-25 09:19 - 000000000 ____D C:\Users\martin\AppData\Local\OneClick
2018-05-01 17:11 - 2015-10-28 15:38 - 000000000 ____D C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2018-04-29 20:27 - 2015-07-13 19:34 - 000000000 ____D C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-04-27 21:33 - 2009-07-14 07:08 - 000032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-27 18:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-27 18:43 - 2015-03-22 11:39 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\martin\eEJEsA.exe
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\huZqYIIO.exe
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\IIioUGBf.exe
2016-10-28 09:53 - 2016-10-28 09:53 - 000000120 _____ () C:\Users\martin\AppData\Roaming\31af5a66.dat
2016-06-14 16:44 - 2016-06-14 16:44 - 000007602 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2018-02-16 22:28 - 2018-02-16 22:28 - 000000002 _____ () C:\Users\martin\AppData\Local\WMI.ini

Some files in TEMP:
====================
2017-12-07 21:21 - 2018-02-12 15:33 - 055465976 _____ (Mail.Ru) C:\Users\martin\AppData\Local\Temp\amigo_setup.exe
2013-08-05 08:15 - 2013-08-05 08:15 - 004292136 _____ (www.Bandisoft.com) C:\Users\martin\AppData\Local\Temp\bdfilters.dll
2017-12-14 19:51 - 2017-12-14 19:51 - 000000088 _____ () C:\Users\martin\AppData\Local\Temp\be8f2df94983ab4bcc14c421736a637e.dll
2017-07-03 09:00 - 2017-07-03 09:00 - 000008720 _____ () C:\Users\martin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-04-13 16:54 - 2017-05-01 20:52 - 000000088 _____ () C:\Users\martin\AppData\Local\Temp\e4345b012ac85266a6bbd19df505c12e.dll
2017-09-17 17:27 - 2017-09-17 17:28 - 019870784 _____ (Rockstar Games.) C:\Users\martin\AppData\Local\Temp\GTA_V_Launcher_1_0_1180_2.exe
2016-05-27 21:38 - 2016-06-03 22:09 - 000166856 _____ (Development Media 73) C:\Users\martin\AppData\Local\Temp\Gtw32.exe
2018-02-16 22:27 - 2018-02-16 22:27 - 002575544 _____ () C:\Users\martin\AppData\Local\Temp\r28okntui6.exe
2018-05-01 19:37 - 2018-05-11 16:27 - 058834376 _____ (Skype Technologies S.A.) C:\Users\martin\AppData\Local\Temp\SkypeSetup.exe
2016-11-17 08:40 - 2016-11-21 14:57 - 004521856 _____ (PS Media s.r.o.) C:\Users\martin\AppData\Local\Temp\ssins.exe
2018-04-27 18:17 - 2018-04-27 18:19 - 250421584 _____ (AMD Inc.) C:\Users\martin\AppData\Local\Temp\tmp35BF.exe
2017-03-22 20:39 - 2017-03-22 20:39 - 000057344 _____ () C:\Users\martin\AppData\Local\Temp\x6yghs52.dll
2017-04-13 09:44 - 2017-04-13 09:44 - 000057344 _____ () C:\Users\martin\AppData\Local\Temp\zxa41ocb.dll
2016-10-10 16:00 - 2016-10-10 16:00 - 037421560 _____ () C:\Users\martin\AppData\Local\Temp\{B6419C69-30F4-46A4-AF8A-986355983FAA}-GoogleEarth-Win-Bundle-7.1.7.2606.exe
2016-05-11 19:48 - 2016-05-11 19:47 - 000534528 _____ () C:\Users\martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-22 18:02

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\MountPoints2: {51a47e81-21c8-11e7-9fa7-74e54367005d} - F:\Lenovo_Suite.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen= ... ch_5153&q={searchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {8B675808-7235-4D37-9094-4F5D5A279558} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-ob&q={searchTerms}&r=565
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
HR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
C:\Users\martin\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Omluvám se, včera jsem tu nemohl být, tady to je

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by martin (17-05-2018 15:33:26) Run:1
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available Profiles: martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-159035887-1765306370-2699142008-1000\...\MountPoints2: {51a47e81-21c8-11e7-9fa7-74e54367005d} - F:\Lenovo_Suite.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen= ... ch_5153&q={searchTerms}
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {8B675808-7235-4D37-9094-4F5D5A279558} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-ob&q={searchTerms}&r=565
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-159035887-1765306370-2699142008-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BDF1FB156-9D5C-46C1-B46E-280E1502EA2E%7D&gp=811142
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
HR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
C:\Users\martin\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51a47e81-21c8-11e7-9fa7-74e54367005d}" => removed successfully
HKLM\Software\Classes\CLSID\{51a47e81-21c8-11e7-9fa7-74e54367005d} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => not found
"HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => removed successfully
HKLM\Software\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => not found
"HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B675808-7235-4D37-9094-4F5D5A279558}" => removed successfully
HKLM\Software\Classes\CLSID\{8B675808-7235-4D37-9094-4F5D5A279558} => not found
"HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => not found
"HKU\S-1-5-21-159035887-1765306370-2699142008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => removed successfully
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => removed successfully
"HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully
"HKLM\Software\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
"HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\livecall" => removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\msnim" => removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\wlmailhtml" => removed successfully
HKLM\Software\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\wlpg" => removed successfully
HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0" => removed successfully
HR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp => Error: No automatic fix found for this entry.
"Chrome StartupUrls" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\BBSvc" => removed successfully
BBSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\sbmntr" => removed successfully
sbmntr => service removed successfully

"C:\Users\martin\AppData\Local\Temp" folder move:

Could not move "C:\Users\martin\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43491611 B
Java, Flash, Steam htmlcache => 88254151 B
Windows/system/drivers => 234810091 B
Edge => 0 B
Chrome => 418544331 B
Firefox => 375217911 B
Opera => 664576 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 79020088 B
systemprofile32 => 7805585 B
LocalService => 0 B
NetworkService => 48736 B
martin => 5123023135 B

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-05-2018 15:44:08)

==> ATTENTION: System is not rebooted.
C:\Users\martin\AppData\Local\Temp => Could not move

==== End of Fixlog 15:44:10 ====

Smazáno. Mělo by to být pryč.