Reklamy všade, pomoc!

[Lenias]

Dobrý deň,

Včera mi Avast vyhodil hrozbu ohľadom nejakého súboru čo našiel a od tej chvíle sa mi v prehliadači samovolne otvárajú okná s reklamami, presmerováva ma to zo stránok na ktorých som, na nejaké iné alebo sa mi na okraji stránky zobrazí reklama či vybehnú okienka blízko odkazov na ktoré sa dá kliknúť, proste len aby ma to opäť presmerovalo na nejakú otravnú stránku ktorá ma nezaujíma. Takto sa mi dokáže otvoriť stránka s nejakými produktami aj 8-10x a fakt to otravuje. Za vyriešenie by som bola veľmi vďačná. Ak sa to bude teda nejakým spôsobom riešiť tak nie som znalec, tak ak by išlo o nejaké zložitejšie úkony tak by to mohlo byť podrobnejšie Ďakujem.

Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lenias (administrator) on LENIAS-PC (05-03-2016 17:19:05)
Running from C:\Users\Lenias\Desktop
Loaded Profiles: Lenias (Available Profiles: Lenias)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Java Inc.) C:\Users\Lenias\AppData\Local\Java Updater.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4791\Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Blizzard Entertainment) D:\Battle.net\Battle.net.6734\Battle.net.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Lenias\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-15] (AVAST Software)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3454632 2015-06-01] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [2946096 2015-12-17] (Blizzard Entertainment)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\Run: [Java Updater] => C:\Users\Lenias\AppData\Local\Java Updater.exe [868352 2015-12-21] (Java Inc.)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe [1162944 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {0687fdf3-4e25-11e5-8d09-7824afbc8843} - F:\LGAutoRun.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {399c1e7b-b184-11e5-8d14-7824afbc8843} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {a675a903-119b-11e5-820b-7824afbc8843} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-15] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{89AAF263-1D79-41C7-A329-581CF2B41B13}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{89AAF263-1D79-41C7-A329-581CF2B41B13}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-15] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-15] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-04] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4246877573-3695488236-2413355652-1000: @my.com/Games -> C:\Users\Lenias\AppData\Local\MyComGames\NPMyComDetector.dll [2016-02-03] (MY.COM B.V.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-15]

Chrome:
=======
CHR Profile: C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-05]
CHR Extension: (Dokumenty Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Disk Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabuľky Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-15] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-11-22] (BitRaider, LLC)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [23504 2014-12-25] (Micro-Star Int'l Co., Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736360 2015-06-01] (Micro-Star INT'L CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-15] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-11-22] (BitRaider)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-07-22] (Duplex Secure Ltd.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 17:19 - 2016-03-05 17:19 - 00014266 _____ C:\Users\Lenias\Desktop\FRST.txt
2016-03-05 17:18 - 2016-03-05 17:19 - 00000000 ____D C:\FRST
2016-03-05 17:17 - 2016-03-05 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Lenias\Desktop\FRSTLauncher.exe
2016-03-05 17:16 - 2016-03-05 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lenias\Downloads\Nepotvrdené 590024.crdownload
2016-03-05 17:15 - 2016-03-05 17:15 - 00112640 _____ (forum.viry.cz) C:\Users\Lenias\Downloads\Nepotvrdené 652101.crdownload
2016-03-05 17:14 - 2016-03-05 17:14 - 02374144 _____ (Farbar) C:\Users\Lenias\Desktop\FRST64.exe
2016-03-04 15:32 - 2016-03-04 15:32 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-03 19:47 - 2016-03-03 19:47 - 00000000 ____D C:\ProgramData\1236171b-2413-0
2016-03-03 19:42 - 2016-03-03 19:42 - 00003730 _____ C:\Windows\System32\Tasks\{2762C59A-ACD1-6DDE-1A17-3612839FE126}
2016-03-03 19:42 - 2016-03-03 19:42 - 00000000 ____D C:\ProgramData\de4ef1a9
2016-03-03 19:42 - 2016-03-03 19:42 - 00000000 ____D C:\ProgramData\1236171b-2607-0
2016-03-03 19:42 - 2016-03-03 19:42 - 00000000 ____D C:\ProgramData\{208117dd-612c-1}
2016-03-03 19:42 - 2016-03-03 19:42 - 00000000 ____D C:\ProgramData\{1c009971-412c-0}
2016-02-07 22:55 - 2016-02-07 22:56 - 01754427 _____ C:\Users\Lenias\Downloads\journeymap-1.8-5.1.3-unlimited.jar
2016-02-06 20:10 - 2016-02-07 01:14 - 00000111 _____ C:\Users\Lenias\Desktop\Zvacsenie RAM v MC.txt
2016-02-06 15:06 - 2016-02-06 15:06 - 99846383 _____ C:\Users\Lenias\Downloads\Mody 1.8.rar
2016-02-06 13:12 - 2016-03-04 15:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-06 13:12 - 2016-03-04 15:33 - 00000000 ____D C:\Program Files\Java
2016-02-06 00:04 - 2016-02-06 00:04 - 00556842 _____ C:\Users\Lenias\Downloads\Lots of Food-1.9.0.jar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 17:13 - 2015-06-05 16:07 - 00000000 ____D C:\Users\Lenias\AppData\Local\Battle.net
2016-03-05 16:50 - 2015-11-16 12:15 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-05 16:41 - 2015-06-05 15:58 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-05 15:19 - 2015-06-06 13:19 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-05 15:08 - 2015-11-16 12:14 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-05 14:37 - 2009-07-14 05:45 - 00025248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-05 14:37 - 2009-07-14 05:45 - 00025248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-05 14:35 - 2010-11-21 10:27 - 00660030 _____ C:\Windows\system32\perfh005.dat
2016-03-05 14:35 - 2010-11-21 10:27 - 00140680 _____ C:\Windows\system32\perfc005.dat
2016-03-05 14:35 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-05 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-05 14:29 - 2015-06-05 15:58 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 14:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 16:19 - 2015-06-05 16:12 - 00000000 ____D C:\Users\Lenias\AppData\Roaming\TS3Client
2016-03-04 15:33 - 2015-12-21 11:45 - 00000000 ____D C:\Users\Lenias\.oracle_jre_usage
2016-03-04 15:33 - 2015-12-21 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-03 19:42 - 2016-02-01 15:22 - 00000000 ____D C:\ProgramData\d4aa6144-4085-1
2016-03-03 19:42 - 2016-02-01 15:22 - 00000000 ____D C:\ProgramData\d4aa6144-0117-0
2016-03-03 15:07 - 2015-11-16 12:14 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1447672443
2016-03-02 20:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-02 19:09 - 2015-06-06 13:18 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-02-19 14:57 - 2016-01-30 08:38 - 00000000 ____D C:\Users\Lenias\Desktop\Texture Pack
2016-02-19 00:42 - 2015-06-05 15:59 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 20:52 - 2015-06-05 16:07 - 00000000 ____D C:\Users\Lenias\AppData\Roaming\Battle.net
2016-02-17 20:52 - 2015-06-05 16:01 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-17 10:33 - 2015-06-13 09:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-07 22:57 - 2016-02-03 21:54 - 00000000 ____D C:\Users\Lenias\AppData\Roaming\.minecraft
2016-02-06 15:06 - 2016-02-02 20:22 - 00000000 ____D C:\Users\Lenias\Downloads\Mody 1.8
2016-02-05 12:54 - 2015-06-05 15:58 - 00000000 ____D C:\Users\Lenias\AppData\Local\Deployment

==================== Files in the root of some directories =======

2015-12-21 11:39 - 2015-12-21 11:39 - 0868352 ____H (Java Inc.) C:\Users\Lenias\AppData\Local\Java Updater.exe
2015-06-05 15:11 - 2015-06-05 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-29 11:59

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:488.18 GB) (Free:423.47 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:443.23 GB) (Free:278.01 GB) NTFS

Available physical RAM: 5209.45 MB
Total physical RAM: 8135.22 MB
Percentage of memory in use: 35%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 57F76B39)
Partition 1: (Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Lenias\Desktop" je 8710 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Lenias]

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 17:53:33
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Lenias - LENIAS-PC
# Running from : C:\Users\Lenias\Desktop\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\1236171b-2413-0
[-] Folder Deleted : C:\ProgramData\1236171b-2607-0
[-] Folder Deleted : C:\ProgramData\d4aa6144-0117-0
[-] Folder Deleted : C:\ProgramData\d4aa6144-4085-1
[-] Folder Deleted : C:\ProgramData\de4ef1a9
[-] Folder Deleted : C:\ProgramData\{1c009971-412c-0}
[-] Folder Deleted : C:\ProgramData\{208117dd-612c-1}

***** [ Files ] *****

[-] File Deleted : C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage
[-] File Deleted : C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : {2762C59A-ACD1-6DDE-1A17-3612839FE126}

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{de4ef1a9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{89AAF263-1D79-41C7-A329-581CF2B41B13} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{89AAF263-1D79-41C7-A329-581CF2B41B13} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{89AAF263-1D79-41C7-A329-581CF2B41B13} [NameServer]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2799 bytes] - [05/03/2016 17:53:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2827 bytes] - [05/03/2016 17:52:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2945 bytes] ##########

[Lenias]

Ten súbor čo včera Avast označil bol DNS unlocker ak by to pomohlo, problém stále pretrváva.

[Rudy]

Dejte nový log FRST.

[Lenias]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lenias (administrator) on LENIAS-PC (05-03-2016 18:32:53)
Running from C:\Users\Lenias\Desktop
Loaded Profiles: Lenias (Available Profiles: Lenias)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Java Inc.) C:\Users\Lenias\AppData\Local\Java Updater.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(forum.viry.cz) C:\Users\Lenias\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-15] (AVAST Software)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3454632 2015-06-01] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [2946096 2015-12-17] (Blizzard Entertainment)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\Run: [Java Updater] => C:\Users\Lenias\AppData\Local\Java Updater.exe [868352 2015-12-21] (Java Inc.)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {0687fdf3-4e25-11e5-8d09-7824afbc8843} - F:\LGAutoRun.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {399c1e7b-b184-11e5-8d14-7824afbc8843} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {a675a903-119b-11e5-820b-7824afbc8843} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-15] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{89AAF263-1D79-41C7-A329-581CF2B41B13}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-15] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-15] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-04] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4246877573-3695488236-2413355652-1000: @my.com/Games -> C:\Users\Lenias\AppData\Local\MyComGames\NPMyComDetector.dll [2016-02-03] (MY.COM B.V.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-15]

Chrome:
=======
CHR Profile: C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-05]
CHR Extension: (Dokumenty Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Disk Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabuľky Google) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-15] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-11-22] (BitRaider, LLC)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [23504 2014-12-25] (Micro-Star Int'l Co., Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736360 2015-06-01] (Micro-Star INT'L CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-15] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-11-22] (BitRaider)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-07-22] (Duplex Secure Ltd.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 18:32 - 2016-03-05 18:32 - 00112640 _____ (forum.viry.cz) C:\Users\Lenias\Desktop\FRSTLauncher.exe
2016-03-05 18:32 - 2016-03-05 18:32 - 00029696 _____ C:\Users\Lenias\AppData\Local\MSGBOX.EXE
2016-03-05 18:32 - 2016-03-05 18:32 - 00015327 _____ C:\Users\Lenias\Desktop\LM.bat
2016-03-05 17:52 - 2016-03-05 17:53 - 00000000 ____D C:\AdwCleaner
2016-03-05 17:52 - 2016-03-05 17:52 - 01518592 _____ C:\Users\Lenias\Desktop\adwcleaner_5.037.exe
2016-03-05 17:19 - 2016-03-05 18:33 - 00013122 _____ C:\Users\Lenias\Desktop\FRST.txt
2016-03-05 17:18 - 2016-03-05 18:32 - 00000000 ____D C:\FRST
2016-03-05 17:14 - 2016-03-05 17:14 - 02374144 _____ (Farbar) C:\Users\Lenias\Desktop\FRST64.exe
2016-03-04 15:32 - 2016-03-04 15:32 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-02-07 22:55 - 2016-02-07 22:56 - 01754427 _____ C:\Users\Lenias\Downloads\journeymap-1.8-5.1.3-unlimited.jar
2016-02-06 20:10 - 2016-02-07 01:14 - 00000111 _____ C:\Users\Lenias\Desktop\Zvacsenie RAM v MC.txt
2016-02-06 15:06 - 2016-02-06 15:06 - 99846383 _____ C:\Users\Lenias\Downloads\Mody 1.8.rar
2016-02-06 13:12 - 2016-03-04 15:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-06 13:12 - 2016-03-04 15:33 - 00000000 ____D C:\Program Files\Java
2016-02-06 00:04 - 2016-02-06 00:04 - 00556842 _____ C:\Users\Lenias\Downloads\Lots of Food-1.9.0.jar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 18:30 - 2015-06-05 16:12 - 00000000 ____D C:\Users\Lenias\AppData\Roaming\TS3Client
2016-03-05 18:25 - 2015-06-05 16:07 - 00000000 ____D C:\Users\Lenias\AppData\Local\Battle.net
2016-03-05 18:02 - 2009-07-14 05:45 - 00025248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-05 18:02 - 2009-07-14 05:45 - 00025248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-05 18:00 - 2010-11-21 10:27 - 00660030 _____ C:\Windows\system32\perfh005.dat
2016-03-05 18:00 - 2010-11-21 10:27 - 00140680 _____ C:\Windows\system32\perfc005.dat
2016-03-05 18:00 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-05 18:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-05 17:59 - 2015-11-16 12:14 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-05 17:55 - 2015-06-06 13:19 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-05 17:54 - 2015-06-05 15:58 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 17:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-05 17:50 - 2015-11-16 12:15 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-05 17:41 - 2015-06-05 15:58 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 15:33 - 2015-12-21 11:45 - 00000000 ____D C:\Users\Lenias\.oracle_jre_usage
2016-03-04 15:33 - 2015-12-21 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-03 15:07 - 2015-11-16 12:14 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1447672443
2016-03-02 20:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-02 19:09 - 2015-06-06 13:18 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-02-19 14:57 - 2016-01-30 08:38 - 00000000 ____D C:\Users\Lenias\Desktop\Texture Pack
2016-02-19 00:42 - 2015-06-05 15:59 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 20:52 - 2015-06-05 16:07 - 00000000 ____D C:\Users\Lenias\AppData\Roaming\Battle.net
2016-02-17 20:52 - 2015-06-05 16:01 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-17 10:33 - 2015-06-13 09:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-07 22:57 - 2016-02-03 21:54 - 00000000 ____D C:\Users\Lenias\AppData\Roaming\.minecraft
2016-02-06 15:06 - 2016-02-02 20:22 - 00000000 ____D C:\Users\Lenias\Downloads\Mody 1.8
2016-02-05 12:54 - 2015-06-05 15:58 - 00000000 ____D C:\Users\Lenias\AppData\Local\Deployment

==================== Files in the root of some directories =======

2015-12-21 11:39 - 2015-12-21 11:39 - 0868352 ____H (Java Inc.) C:\Users\Lenias\AppData\Local\Java Updater.exe
2016-03-05 18:32 - 2016-03-05 18:32 - 0029696 _____ () C:\Users\Lenias\AppData\Local\MSGBOX.EXE
2015-06-05 15:11 - 2015-06-05 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Lenias\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-29 11:59

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {0687fdf3-4e25-11e5-8d09-7824afbc8843} - F:\LGAutoRun.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {399c1e7b-b184-11e5-8d14-7824afbc8843} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {a675a903-119b-11e5-820b-7824afbc8843} - F:\SISetup.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\ProgramData\DP45977C.lfl
C:\Users\Lenias\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Lenias]

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lenias (2016-03-05 20:05:35) Run:1
Running from C:\Users\Lenias\Desktop
Loaded Profiles: Lenias (Available Profiles: Lenias)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {0687fdf3-4e25-11e5-8d09-7824afbc8843} - F:\LGAutoRun.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {399c1e7b-b184-11e5-8d14-7824afbc8843} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\...\MountPoints2: {a675a903-119b-11e5-820b-7824afbc8843} - F:\SISetup.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\ProgramData\DP45977C.lfl
C:\Users\Lenias\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0687fdf3-4e25-11e5-8d09-7824afbc8843}" => key removed successfully
HKCR\CLSID\{0687fdf3-4e25-11e5-8d09-7824afbc8843} => key not found.
"HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{399c1e7b-b184-11e5-8d14-7824afbc8843}" => key removed successfully
HKCR\CLSID\{399c1e7b-b184-11e5-8d14-7824afbc8843} => key not found.
"HKU\S-1-5-21-4246877573-3695488236-2413355652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a675a903-119b-11e5-820b-7824afbc8843}" => key removed successfully
HKCR\CLSID\{a675a903-119b-11e5-820b-7824afbc8843} => key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Lenias\AppData\Local\Temp" folder move:

Could not move "C:\Users\Lenias\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-05 20:07:00)

C:\Users\Lenias\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:07:00 ====

[Rudy]

OK. Nastala nějaká změna?

[Lenias]

Bohužial žiadna, reklamy stále naskakujú

[Lenias]

Ale pozerám, že ma to redirectuje a otravuje reklamami len v Chrome...V Opere ani Exploreri mi zatial žiadna reklama nevyskočila tam kde mi na 100% v Chrome vyskočí...možno poľahčujúca okolnosť?

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Lenias]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 5. 3. 2016
Čas skenování: 23:14
Protokol: MAM.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.05.05
Databáze rootkitů: v2016.02.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lenias

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 332267
Uplynulý čas: 5 min, 17 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, , [da4ffb89e2b723133e7b201114f040c0],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Dobré: (8.8.8.8), Špatné: (82.163.142.7 95.211.158.134),,[33f663210c8da09698d95bae65a0ae52]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 14
PUP.Optional.PastaLeads, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage, , [d851d8aca1f862d43211280b6a9ab44c],
PUP.Optional.PastaLeads, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage-journal, , [87a20e766f2a3afc74cf7bb8de26c040],
PUP.Optional.PastaLeads, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [44e5fd87b2e7d264dd66b77ca0648e72],
PUP.Optional.PastaLeads, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [d356e3a16e2b41f5a59e3ef57f85b749],
PUP.Optional.BestPriceNinja, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [101950342a6fa393e9a4de8c8a7a33cd],
PUP.Optional.BestPriceNinja, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [2cfd1b698f0a5fd794f970fa14f0e51b],
PUP.Optional.BestPriceNinja, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [68c1c3c162370d291b72ec7eaa5acc34],
PUP.Optional.BestPriceNinja, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [dd4c6d17a6f34de9a4e9462419eb0af6],
PUP.Optional.eShopComp, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, , [0c1dd0b4f8a13bfbec8836394fb5fc04],
PUP.Optional.eShopComp, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, , [3bee93f1d0c90333dd972b4454b09070],
PUP.Optional.eShopComp, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [79b020644a4f082e6b092e41788c2ad6],
PUP.Optional.eShopComp, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [37f2bfc557423bfbe391ed82b05458a8],
PUP.Optional.CrossRider, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [f039dda758413600e0f3f57dc3417d83],
PUP.Optional.CrossRider, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [b376b3d127727eb8874c2949de2629d7],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Rudy]

Nalezené položky smažte.

[Lenias]

Nájdené položky som zmazala, PC sa reštartoval, urobila som hneď scan č.2 ktorý bol čistý, zapla som Chrome a šla na tento thread na fore, Malwarebytes program stále bežal a začal blokovať nežiadúce stránky, takže reálne tým reklamám zabránil vyskočiť, ale stále tu sú. Vypla som Malwarebytes a znova otvorila len tento topic, reklamy vybiehajú tak ako pred tým, urobila som teda scan č.3 výsledky posielam a žiadne ďalšie mazanie som nerobila okrem toho úplne prvého.

Scan č.2 hneď po zmazaní nájdených vecí zo scanu č.1 a po reštarte PC:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6. 3. 2016
Čas skenování: 11:19
Protokol: MAM2.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.06.02
Databáze rootkitů: v2016.02.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lenias

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 332555
Uplynulý čas: 5 min, 12 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Scan č.3. po otvorení fóra, zatvorenie fóra, vypnutie Malwarebytes, otvorenie fóra, zatvorenie Chrome, zapnutie Malwarebytes - Scan

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6. 3. 2016
Čas skenování: 11:28
Protokol: MAM3.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.06.02
Databáze rootkitů: v2016.02.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lenias

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 332359
Uplynulý čas: 2 min, 34 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 8
PUP.Optional.PastaLeads, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [e0aaec985742cc6ad3d5fc373fc528d8],
PUP.Optional.PastaLeads, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [65254c38bfdaee48377156dd91731ee2],
PUP.Optional.BestPriceNinja, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [5634e2a2f0a9cd6941b1ef7b4fb52ed2],
PUP.Optional.BestPriceNinja, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [1278612384159b9bb042e684f60e16ea],
PUP.Optional.eShopComp, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [55351e66bfda4ee8c811026dad57c53b],
PUP.Optional.eShopComp, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [eb9f087ceaaf89adfedbb6b9907430d0],
PUP.Optional.CrossRider, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [f397166e4f4a9b9b82b6a8cb2cd834cc],
PUP.Optional.CrossRider, C:\Users\Lenias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [4545b6ce7a1fe55170c8a9ca996bdd23],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)