Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

kontrola logu, otváranie reklamných okien v opere

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

kontrola logu, otváranie reklamných okien v opere

#1 Příspěvek od jelo »

Dobrý deň. Chcem vás požiadať o kontrolu logu. Na pc mi v opere vyskakujú reklamné okná a tiež rôzne ponuky na súťaže a dotazníky.Pravdepodobne sa to začalo vtedy keď chlapci začali hrať hry na ROBLOX.com . Spybot searchanddestroy mi nepomohol.
Ďakujem za rady.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:14, on 1. 6. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://unstopaccess.net/wpad.dat?87a807 ... 2830923859
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Launcher3045B] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 3045B
O4 - HKLM\..\Run: [3045B RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3045B] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 3045B,hide,\S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MagicPlusHelper] "C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe"
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Freenet] "S:\Freenet\FreenetTray.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Safi\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Safi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Unknown owner - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe

--
End of file - 12359 bytes
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: kontrola logu, otváranie reklamných okien v opere

#2 Příspěvek od Rudy »

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#3 Příspěvek od jelo »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by Safi (administrator) on SAFI-PC (01-06-2017 19:18:29)
Running from C:\Users\Safi\Desktop
Loaded Profiles: Safi (Available Profiles: Safi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-02] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Launcher3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-22] (Xerox)
HKLM-x32\...\Run: [3045B RUN] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [355840 2012-01-03] ()
HKLM-x32\...\Run: [StatusAutoRun3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [4476928 2012-01-03] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
HKLM-x32\...\Run: [FineReader7NewsReaderPro] => C:\Program Files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [278528 2003-12-10] (ABBYY (BIT Software))
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [Freenet] => "S:\Freenet\FreenetTray.exe"
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Safi\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Safi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4E7FBB0-879B-40E6-A45C-E7FA73267C29}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859

Internet Explorer:
==================
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF DefaultProfile: l9hp7tfi.default
FF ProfilePath: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default [2017-06-01]
FF NewTab: Mozilla\Firefox\Profiles\l9hp7tfi.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (NoScript) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-30]
FF Extension: (Seznam lištička) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-05-23]
FF SearchPlugin: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\ask-web-search.xml [2015-06-13]
FF SearchPlugin: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\google-avast.xml [2017-05-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin HKU\S-1-5-21-33039242-2988656641-3552343730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Safi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-05-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-05-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [95744 2012-01-03] () [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-05-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-05-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-05-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-05-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-05-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-02] (AVAST Software)
S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Hard Disk Manager 12 Professional\program\BioNTDrv.SYS [19792 2012-11-22] (Paragon Software GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [219328 2015-05-24] (TrueCrypt Foundation)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-22] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 19:18 - 2017-06-01 19:18 - 00021307 _____ C:\Users\Safi\Desktop\FRST.txt
2017-06-01 19:18 - 2017-06-01 19:18 - 00000000 ____D C:\FRST
2017-06-01 19:17 - 2017-06-01 19:17 - 00112640 _____ (forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe
2017-06-01 19:17 - 2017-06-01 19:17 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-01 19:15 - 2017-06-01 19:15 - 02431488 _____ (Farbar) C:\Users\Safi\Desktop\FRST64.exe
2017-06-01 11:51 - 2017-06-01 11:52 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-06-01 11:30 - 2017-06-01 11:47 - 00000000 ____D C:\Program Files\HijackThis
2017-06-01 11:01 - 2017-06-01 11:01 - 00000000 ___HD C:\$AV_ASW
2017-05-24 18:23 - 2017-05-24 18:34 - 00000000 ____D C:\RemoraUsbDiskGuard
2017-05-23 22:31 - 2017-05-23 22:20 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2017-05-23 22:31 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00000113 _____ C:\Windows\wininit.ini
2017-05-23 21:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-23 21:08 - 2017-06-01 19:16 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Seznam.cz
2017-05-23 21:08 - 2017-05-23 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-23 21:08 - 2017-05-23 21:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-05-23 21:07 - 2017-05-23 21:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-23 21:07 - 2017-05-23 21:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2017-05-23 21:07 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-15 22:03 - 2017-05-31 18:25 - 00000000 ____D C:\Users\Safi\AppData\LocalLow\Mozilla
2017-05-08 09:08 - 2017-05-08 09:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2017-05-02 19:24 - 2017-05-02 19:24 - 00000000 ____D C:\Users\Safi\AppData\Local\CEF
2017-05-02 17:49 - 2017-06-01 11:44 - 00001358 _____ C:\Users\Safi\Desktop\ROBLOX Player.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00001177 _____ C:\Users\Safi\Desktop\ROBLOX Studio.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-02 17:48 - 2017-05-02 18:00 - 00000000 ____D C:\Users\Safi\AppData\Local\Roblox
2017-05-02 17:48 - 2017-05-02 17:58 - 00000250 _____ C:\Users\Safi\AppData\LocalLow\rbxcsettings.rbx
2017-05-02 17:44 - 2017-05-02 17:44 - 01056760 _____ (ROBLOX Corporation) C:\Users\Safi\Downloads\roblox.exe
2017-05-02 17:34 - 2017-05-02 17:34 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-02 17:34 - 2017-05-02 17:34 - 00002154 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-05-02 17:34 - 2017-05-02 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-05-02 17:34 - 2017-05-02 17:33 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-02 17:34 - 2017-05-02 17:32 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-02 17:34 - 2017-05-02 17:31 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-02 17:17 - 2017-05-02 17:17 - 00383592 __RSH C:\gdrop
2017-05-02 17:17 - 2017-05-02 17:17 - 00171136 __RSH C:\xeldr
2017-05-02 17:17 - 2017-05-02 17:17 - 00008192 _____ C:\bootsect.lxe.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 19:16 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-01 19:16 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 19:11 - 2015-05-03 18:49 - 00000000 __SHD C:\Users\Safi\IntelGraphicsProfiles
2017-06-01 19:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 12:56 - 2015-05-12 23:15 - 00000000 ____D C:\Users\Safi\AppData\Roaming\vlc
2017-06-01 12:36 - 2015-10-25 22:07 - 00000527 _____ C:\Users\Safi\ticket1.xml
2017-06-01 11:34 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi\AppData\Local\VirtualStore
2017-05-31 18:37 - 2016-03-22 22:22 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458678129
2017-05-31 18:27 - 2015-05-04 18:19 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430756395
2017-05-31 18:27 - 2015-05-04 18:19 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-24 18:06 - 2015-09-24 20:18 - 00000000 ____D C:\Users\Safi\AppData\Roaming\YouTube Downloader
2017-05-23 22:31 - 2015-06-13 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 22:30 - 2015-11-10 23:16 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 22:21 - 2015-05-12 23:15 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-05-23 22:20 - 2015-11-10 23:02 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2015-11-10 23:01 - 00000000 ____D C:\Program Files\Java
2017-05-23 22:19 - 2015-11-08 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-23 21:41 - 2015-12-03 16:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-16 06:02 - 2015-05-11 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-15 20:56 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 20:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-10 15:37 - 2016-03-22 22:22 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-10 15:37 - 2016-03-22 22:22 - 00001329 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-10 15:37 - 2015-05-04 18:19 - 00001331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-10 15:37 - 2015-05-04 18:19 - 00001319 _____ C:\Users\Public\Desktop\Opera.lnk
2017-05-10 15:37 - 2015-05-03 22:30 - 00002649 _____ C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 12 Professional.lnk
2017-05-10 15:37 - 2015-05-03 18:22 - 00001621 _____ C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-09 21:33 - 2015-05-12 23:06 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 21:33 - 2015-05-11 21:46 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 21:33 - 2015-05-11 21:46 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 21:33 - 2015-05-11 21:46 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 17:14 - 2015-05-04 21:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 09:12 - 2016-03-26 22:12 - 00000000 ____D C:\Users\Safi\AppData\Roaming\PC Suite
2017-05-08 09:08 - 2016-03-26 22:12 - 00000000 ____D C:\ProgramData\PC Suite
2017-05-03 17:14 - 2015-05-04 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-02 19:24 - 2015-11-01 20:23 - 00000000 ____D C:\TEMP
2017-05-02 17:34 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-02 17:33 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-02 17:32 - 2016-03-22 22:22 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-02 17:32 - 2015-05-04 21:42 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-02 17:29 - 2015-11-22 20:57 - 00003368 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 17:29 - 2015-11-22 20:57 - 00003240 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 17:16 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi

==================== Files in the root of some directories =======

2015-08-26 20:53 - 2013-08-27 01:50 - 13758464 _____ () C:\Users\Safi\AppData\Roaming\Sandra.mdb
2015-09-01 18:16 - 2015-09-01 18:16 - 0000017 _____ () C:\Users\Safi\AppData\Local\resmon.resmoncfg
2015-05-03 19:00 - 2015-05-03 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-24 17:35 - 2017-05-24 17:35 - 0001536 _____ () C:\Users\Safi\AppData\Local\Temp\NOSEventMessages.dll
2017-05-24 17:40 - 2017-05-31 18:27 - 0534528 _____ () C:\Users\Safi\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-25 21:06

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (New Volume) (Fixed) (Total:159.42 GB) (Free:100.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:772.08 GB) (Free:146.49 GB) NTFS
Drive g: (Elements) (Fixed) (Total:931.48 GB) (Free:333.2 GB) NTFS

Available physical RAM: 4812.49 MB
Total physical RAM: 8053.05 MB
Percentage of memory in use: 40%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AF41C183)
Partition 1: (Active) - (Size=159.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=772.1 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: DB24BE4E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Safi\Desktop" je 308 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: kontrola logu, otváranie reklamných okien v opere

#4 Příspěvek od Rudy »

Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#5 Příspěvek od jelo »

Dúfam že som to urobil správne.


# AdwCleaner v6.047 - Logfile created 01/06/2017 at 20:15:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-31.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Safi - SAFI-PC
# Running from : C:\Users\Safi\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Safi\AppData\Local\DriverToolkit
[-] Folder deleted: C:\Users\Safi\AppData\Local\StormFall
[-] Folder deleted: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\PConverter_dz
[-] Folder deleted: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\InternetSpeedTracker_9t
[-] Folder deleted: C:\Program Files (x86)\DriverToolkit


***** [ Files ] *****

[-] File deleted: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\ask-web-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\Users\Public\Desktop\Opera.lnk
[-] Shortcut disinfected: C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 12 Professional.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 12 Professional\Paragon Hard Disk Manager™ 12 Professional.lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key deleted: HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\csastats
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\csastats


***** [ Web browsers ] *****

[-] Firefox preferences cleaned:
[-] Firefox preferences cleaned: "extensions.mywebsearch.prevKwdEnabled" - true
[-] Firefox preferences cleaned: "extensions.mywebsearch.prevKwdURL" - "hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&ind=2015061305&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ&searchfor="
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.BUTTON_STRUCTURE" - "[{\"b\":224542360,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224542361,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224542363,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224542367,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":224542370,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":224542373,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224542334,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":224542337,\"c\":\"mindspark.internetspeedtracker\",\"v\":\"1.1.7\",\"p\":\"L.2\"},{\"b\":224542338,\"c\":\"mindspark.tipstoboostspeed\",\"p\":\"L.3\"},{\"b\":224542339,\"c\":\"mindspark.ehow\",\"p\":\"L.3.0\"},{\"b\":224542340,\"c\":\"mindspark.wikihow\",\"p\":\"L.3.1\"},{\"b\":224542341,\"c\":\"mindspark.digitalunite\",\"p\":\"L.3.2\"},{\"b\":224974527,\"c\":\"mindspark.windstreamcommunications\",\"p\":\"L.3.3\"},{\"b\":224542343,\"c\":\"mindspark.auslogics\",\"p\":\"L.3.4\"},{\"b\":224542344,\"c\":\"mindspark.speedmatters\",\"p\":\"L.3.5\"},{\"b\":224542345,\"c\":\"mindspark.radio\",\"v\":\"1.0.3\",\"p\":\"L.4\"},{\"b\":224542346,\"c\":\"mindspark.weather\",\"v\":\"1.2.3\",\"p\":\"L.5\"},{\"b\":224542336,\"c\":\"mindspark.ask\",\"p\":\"R.0\"},{\"b\":224542377,\"c\":\"mindspark.wrench\",\"p\":\"R.1\"},{\"b\":224542383,\"c\":\"mindspark.tboptions\",\"p\":\"R.1.0\"},{\"b\":224542384,\"c\":\"mindspark.enabledisable\",\"p\":\"R.1.0.0\"},{\"b\":224542402,\"c\":\"mindspark.uninstall\",\"p\":\"R.1.0.1\"},{\"b\":224542411,\"c\":\"mindspark.help\",\"p\":\"R.1.0.2\"},{\"b\":224542417,\"c\":\"mindspark.version\",\"p\":\"R.1.0.3\"},{\"b\":224542425,\"c\":\"mindspark.notspyware\",\"p\":\"R.1.1\"},{\"b\":224542417,\"c\":\"mindspark.version\",\"p\":\"R.1.2\"}]"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.prev" - "Google"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.prev" - "Google"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.prev" - "about:home"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.tb" - "hxxp://home.tb.ask.com/index.jhtml?ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.page.prev" - 0
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.page.tb" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.version.last" - "43.0"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.competitorDNS" - "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/index.php\",\"p\":\" ... ":\"domain\"}],\"expires\":1439605972546,\"retrieveDateStr\":\"Sat Aug 08 2015 04:32:52 GMT+0200 (Central Europe Standard Time)\"}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.firstKnownVersion" - "7.18.7.19722"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.homepage" - "hxxp://home.tb.ask.com/index.jhtml?ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.hp.enabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.hp.guardType" - "HPR"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.hp.user.defined" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.initialized" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installKeysSource" - "Cookies"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installType" - "XPI"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.contextKey" - ""
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.dlpCountryCode" - "SK"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.installDate" - "2015061305"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.partnerId" - "^BBQ^xdm007^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.partnerSubId" - "COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.pixelUrl" - "hxxp://free.internetspeedtracker.com/install_pixels.jhtml?partner=^BBQ^xdm007^YYA^sk&sub_id=COKWwvT9jMYCFdLLtAod_XkAoQ&coId=8a9ac9294cfb49b5afce2a73d11c006c&tbGuid=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.success" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.toolbarId" - "D4AB9F9B-9674-4F9B-BBD4-39D0E1640251"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.isCompliantUninstallImplementation" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.lastActivePing" - "1451314761177"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.lastKnownVersion" - "7.23.7.43018"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.defaultSearch" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.homePageEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.keywordEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.tabEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.partnerPixelFired" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.searchHistory" - "teen sex mineplex login servery minihry sex teen foto nude party google minihry servery servery z minihramy no po\rkaj zajac! text gmail.com teen foto network.hxxp.sendRefererHeader"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.successUrl" - "hxxp://free.internetspeedtracker.com/installComplete.jhtml"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.toolbar.ownSearch" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.toolbar.versionChanged" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.toolbarCollapsed" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.BUTTON_STRUCTURE" - "[{\"b\":224511887,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224511888,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224511890,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224511894,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":224511897,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":224511900,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224511792,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":224511805,\"c\":\"mindspark.product\",\"p\":\"L.2\"},{\"b\":224511806,\"c\":\"mindspark.notspyware\",\"p\":\"L.2.0\"},{\"b\":224511813,\"c\":\"mindspark.help\",\"p\":\"L.2.1\"},{\"b\":224511819,\"c\":\"mindspark.version\",\"p\":\"L.2.2\"},{\"b\":225074811,\"c\":\"mindspark.convertfiles\",\"v\":\"1.1.1\",\"p\":\"L.3\"},{\"b\":224511828,\"c\":\"mindspark.shareviaemail\",\"p\":\"L.4\"},{\"b\":224511829,\"c\":\"mindspark.wetransfer\",\"p\":\"L.4.0\"},{\"b\":224511830,\"c\":\"mindspark.sendspace\",\"p\":\"L.4.1\"},{\"b\":224511831,\"c\":\"mindspark.mailbigfile\",\"p\":\"L.4.2\"},{\"b\":224511832,\"c\":\"mindspark.transferbigfiles\",\"p\":\"L.4.3\"},{\"b\":224511833,\"c\":\"mindspark.dropsend\",\"p\":\"L.4.4\"},{\"b\":224511834,\"c\":\"mindspark.measurementconverter\",\"v\":\"1.2.1\",\"p\":\"L.5\"},{\"b\":224511835,\"c\":\"mindspark.share\",\"p\":\"L.6\"},{\"b\":224511836,\"c\":\"mindspark.sendwiththecloud\",\"p\":\"L.6.0\"},{\"b\":224511837,\"c\":\"mindspark.dropbox\",\"p\":\"L.6.0.0\"},{\"b\":224511838,\"c\":\"mindspark.copy\",\"p\":\"L.6.0.1\"},{\"b\":224511839,\"c\":\"mindspark.box\",\"p\":\"L.6.0.2\"},{\"b\":224511840,\"c\":\"mindspark.microsoftonedrive\",\"p\":\"L.6.0.3\"},{\"b\":224511841,\"c\":\"mindspark.spideroak\",\"p\":\"L.6.0.4\"},{\"b\":224511842,\"c\":\"mindspark.sugarsync\",\"p\":\"L.6.0.5\"},{\"b\":224511843,\"c\":\"mindspark.sharewithsocialmedia\",\"p\":\"L.6.1\"},{\"b\":224511844,\"c\":\"mindspark.facebooklink\",\"p\":\"L.6.1.0\"},{\"b\":224511845,\"c\":\"mindspark.twitter\",\"p\":\"L.6.1.1\"},{\"b\":224511846,\"c\":\"mindspark.linkedin\",\"p\":\"L.6.1.2\"},{\"b\":224511847,\"c\":\"mindspark.pinterest\",\"p\":\"L.6.1.3\"},{\"b\":224511848,\"c\":\"mindspark.instagram\",\"p\":\"L.6.1.4\"},{\"b\":224511849,\"c\":\"mindspark.tumblr\",\"p\":\"L.6.1.5\"},{\"b\":224511850,\"c\":\"mindspark.photosharingsites\",\"p\":\"L.6.2\"},{\"b\":224511851,\"c\":\"mindspark.flickr\",\"p\":\"L.6.2.0\"},{\"b\":224511852,\"c\":\"mindspark.photobucket\",\"p\":\"L.6.2.1\"},{\"b\":224511853,\"c\":\"mindspark.smugmug\",\"p\":\"L.6.2.2\"},{\"b\":224511854,\"c\":\"mindspark.fotki\",\"p\":\"L.6.2.3\"},{\"b\":224511855,\"c\":\"mindspark.500px\",\"p\":\"L.6.2.4\"},{\"b\":224511856,\"c\":\"mindspark.deviantart\",\"p\":\"L.6.2.5\"},{\"b\":224511857,\"c\":\"mindspark.facebook\",\"p\":\"L.7\"},{\"b\":224511804,\"c\":\"mindspark.ask\",\"p\":\"R.0\"},{\"b\":224511904,\"c\":\"mindspark.wrench\",\"p\":\"R.1\"},{\"b\":224511910,\"c\":\"mindspark.tboptions\",\"p\":\"R.1.0\"},{\"b\":224511911,\"c\":\"mindspark.enabledisable\",\"p\":\"R.1.0.0\"},{\"b\":224511932,\"c\":\"mindspark.uninstall\",\"p\":\"R.1.0.1\"}]"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.defaultenginename.prev" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.defaultenginename.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.defaultenginename.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.selectedEngine.prev" - "Google"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.selectedEngine.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.selectedEngine.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.homepage.prev" - "hxxp://home.tb.ask.com/index.jhtml?ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.homepage.tb" - "hxxp://home.tb.ask.com/index.jhtml?ptb=3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A&n=782a0fec&p2=^BYC^xdm008^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.page.tb" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.version.last" - "53.0"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.coId" - "69e793a614754d479e62ca2dd1d746de"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.competitorDNS" - "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/index.php\",\"p\":\" ... ":\"domain\"}],\"expires\":1460837325024,\"retrieveDateStr\":\"Sat Apr 09 2016 22:08:45 GMT+0200 (Central Europe Standard Time)\"}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.firstKnownVersion" - "7.38.8.46577"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.homepage" - "hxxp://home.tb.ask.com/index.jhtml?ptb=3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A&n=782a0fec&p2=^BYC^xdm008^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.hp.enabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.hp.guardType" - "HPR"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.hp.user.defined" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.initialized" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installType" - "XPI"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.dlpCountryCode" - "SK"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.installDate" - "2016022508"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.partnerId" - "^BYC^xdm008^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.success" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.toolbarId" - "3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lastActivePing" - "1495382648703"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lastKnownVersion" - "7.38.8.46577"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lssState" - "{\"previousLocales\":[\"sk\",\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLocale\":\"en\",\"previousLocale\":\"en\"}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.defaultSearch" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.homePageEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.keywordEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.tabEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.productDeliveryOption.language" - "sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.productDeliveryOption.type" - "Toolbar"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.searchHistory" - "The PConverter toolbar offers convenient web search, homepage, and default search. More info. pixel gun teen pipina friv2 friv 2 friv 31 dopravný servis chillin.sk aablony slnko www.dracik.sk dracik.sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.startupTasks" - "{}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.successUrl" - "hxxp://www.pconverter.com/installComplete.jhtml"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.toolbar.versionChanged" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.toolbarCollapsed" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._dzMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Safi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l9hp7tfi.default\\\\PConverter_dz\\\\3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A.sqlite\",\"C:\\\\Users\\\\Safi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l9hp7tfi.default\\\\PConverter_dz\"]}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.hp.enabled.guid" - "pconverter@mindspark.com"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "pconverter@mindspark.com"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [21039 Bytes] - [01/06/2017 20:15:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [21943 Bytes] - [01/06/2017 20:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [21187 Bytes] ##########
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#6 Příspěvek od jelo »

po reštarte mi na ploche otvorilo ešte jedno okno s týmto textom:

Unable to start process 'szndesktop.exe default start' Error nr: 2 - The system cannot find the file specified.


-----
LightSpeed::UnableToStartProcessException::UnableToStartProcessException(364): Exception: Unable to start process 'szndesktop.exe default start' Error nr: 2 - The system cannot find the file specified.
(class LightSpeed::UnableToStartProcessException, LightSpeed::UnableToStartProcessException::UnableToStartProcessException)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: kontrola logu, otváranie reklamných okien v opere

#7 Příspěvek od Rudy »

Týká se softwaru od Seznamu. Pokud ho používáte, přeinstalujte. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#8 Příspěvek od jelo »

seznam.cz nepoužívam, takže som som ho odinštaloval a po reštarte už tá hláška nebola.

Tu je log z frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by Safi (administrator) on SAFI-PC (01-06-2017 21:24:58)
Running from C:\Users\Safi\Desktop
Loaded Profiles: Safi (Available Profiles: Safi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-02] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Launcher3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-22] (Xerox)
HKLM-x32\...\Run: [3045B RUN] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [355840 2012-01-03] ()
HKLM-x32\...\Run: [StatusAutoRun3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [4476928 2012-01-03] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
HKLM-x32\...\Run: [FineReader7NewsReaderPro] => C:\Program Files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [278528 2003-12-10] (ABBYY (BIT Software))
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [Freenet] => "S:\Freenet\FreenetTray.exe"
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4E7FBB0-879B-40E6-A45C-E7FA73267C29}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859

Internet Explorer:
==================
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF DefaultProfile: l9hp7tfi.default
FF ProfilePath: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default [2017-06-01]
FF NewTab: Mozilla\Firefox\Profiles\l9hp7tfi.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (NoScript) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-30]
FF Extension: (No Name) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF SearchPlugin: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\google-avast.xml [2017-05-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin HKU\S-1-5-21-33039242-2988656641-3552343730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Safi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-05-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-05-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [95744 2012-01-03] () [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-05-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-05-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-05-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-05-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-05-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-02] (AVAST Software)
S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Hard Disk Manager 12 Professional\program\BioNTDrv.SYS [19792 2012-11-22] (Paragon Software GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [219328 2015-05-24] (TrueCrypt Foundation)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-22] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 21:24 - 2017-06-01 21:24 - 00112640 _____ (forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe
2017-06-01 21:21 - 2017-06-01 21:21 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-01 20:13 - 2017-06-01 21:20 - 00000000 ____D C:\AdwCleaner
2017-06-01 20:12 - 2017-06-01 20:12 - 04110280 _____ C:\Users\Safi\Desktop\adwcleaner_6.047.exe
2017-06-01 19:33 - 2017-06-01 19:33 - 00081260 _____ C:\Users\Safi\Desktop\FRSTLauncher.zip
2017-06-01 19:27 - 2017-06-01 19:17 - 00112640 ____N (forum.viry.cz) C:\Users\Safi\Desktop\trz608.tmp
2017-06-01 19:18 - 2017-06-01 21:25 - 00020454 _____ C:\Users\Safi\Desktop\FRST.txt
2017-06-01 19:18 - 2017-06-01 21:24 - 00000000 ____D C:\FRST
2017-06-01 19:15 - 2017-06-01 19:15 - 02431488 _____ (Farbar) C:\Users\Safi\Desktop\FRST64.exe
2017-06-01 11:51 - 2017-06-01 11:52 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-06-01 11:30 - 2017-06-01 11:47 - 00000000 ____D C:\Program Files\HijackThis
2017-06-01 11:01 - 2017-06-01 11:01 - 00000000 ___HD C:\$AV_ASW
2017-05-24 18:23 - 2017-05-24 18:34 - 00000000 ____D C:\RemoraUsbDiskGuard
2017-05-23 22:31 - 2017-05-23 22:20 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2017-05-23 22:31 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00000113 _____ C:\Windows\wininit.ini
2017-05-23 21:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-23 21:08 - 2017-06-01 21:16 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Seznam.cz
2017-05-23 21:08 - 2017-06-01 21:16 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-05-23 21:08 - 2017-05-23 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-23 21:07 - 2017-05-23 21:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-23 21:07 - 2017-05-23 21:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2017-05-23 21:07 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-15 22:03 - 2017-05-31 18:25 - 00000000 ____D C:\Users\Safi\AppData\LocalLow\Mozilla
2017-05-08 09:08 - 2017-05-08 09:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2017-05-02 19:24 - 2017-05-02 19:24 - 00000000 ____D C:\Users\Safi\AppData\Local\CEF
2017-05-02 17:49 - 2017-06-01 11:44 - 00001358 _____ C:\Users\Safi\Desktop\ROBLOX Player.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00001177 _____ C:\Users\Safi\Desktop\ROBLOX Studio.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-02 17:48 - 2017-05-02 18:00 - 00000000 ____D C:\Users\Safi\AppData\Local\Roblox
2017-05-02 17:48 - 2017-05-02 17:58 - 00000250 _____ C:\Users\Safi\AppData\LocalLow\rbxcsettings.rbx
2017-05-02 17:44 - 2017-05-02 17:44 - 01056760 _____ (ROBLOX Corporation) C:\Users\Safi\Downloads\roblox.exe
2017-05-02 17:34 - 2017-05-02 17:34 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-02 17:34 - 2017-05-02 17:34 - 00002154 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-05-02 17:34 - 2017-05-02 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-05-02 17:34 - 2017-05-02 17:33 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-02 17:34 - 2017-05-02 17:32 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-02 17:34 - 2017-05-02 17:31 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-02 17:17 - 2017-05-02 17:17 - 00383592 __RSH C:\gdrop
2017-05-02 17:17 - 2017-05-02 17:17 - 00171136 __RSH C:\xeldr
2017-05-02 17:17 - 2017-05-02 17:17 - 00008192 _____ C:\bootsect.lxe.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 21:21 - 2015-05-03 18:49 - 00000000 __SHD C:\Users\Safi\IntelGraphicsProfiles
2017-06-01 21:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 21:20 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-01 21:20 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 20:15 - 2016-03-22 22:22 - 00001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-01 20:15 - 2016-03-22 22:22 - 00001002 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-06-01 20:15 - 2015-05-04 18:19 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-06-01 20:15 - 2015-05-04 18:19 - 00000992 _____ C:\Users\Public\Desktop\Opera.lnk
2017-06-01 20:15 - 2015-05-03 22:30 - 00001503 _____ C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 12 Professional.lnk
2017-06-01 20:15 - 2015-05-03 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 12 Professional
2017-06-01 20:15 - 2015-05-03 18:22 - 00000997 _____ C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-01 12:56 - 2015-05-12 23:15 - 00000000 ____D C:\Users\Safi\AppData\Roaming\vlc
2017-06-01 12:36 - 2015-10-25 22:07 - 00000527 _____ C:\Users\Safi\ticket1.xml
2017-06-01 11:34 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi\AppData\Local\VirtualStore
2017-05-31 18:37 - 2016-03-22 22:22 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458678129
2017-05-31 18:27 - 2015-05-04 18:19 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430756395
2017-05-31 18:27 - 2015-05-04 18:19 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-24 18:06 - 2015-09-24 20:18 - 00000000 ____D C:\Users\Safi\AppData\Roaming\YouTube Downloader
2017-05-23 22:31 - 2015-06-13 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 22:30 - 2015-11-10 23:16 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 22:21 - 2015-05-12 23:15 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-05-23 22:20 - 2015-11-10 23:02 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2015-11-10 23:01 - 00000000 ____D C:\Program Files\Java
2017-05-23 22:19 - 2015-11-08 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-23 21:41 - 2015-12-03 16:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-16 06:02 - 2015-05-11 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-15 20:56 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 20:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-09 21:33 - 2015-05-12 23:06 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 21:33 - 2015-05-11 21:46 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 21:33 - 2015-05-11 21:46 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 21:33 - 2015-05-11 21:46 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 17:14 - 2015-05-04 21:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 09:12 - 2016-03-26 22:12 - 00000000 ____D C:\Users\Safi\AppData\Roaming\PC Suite
2017-05-08 09:08 - 2016-03-26 22:12 - 00000000 ____D C:\ProgramData\PC Suite
2017-05-03 17:14 - 2015-05-04 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-02 19:24 - 2015-11-01 20:23 - 00000000 ____D C:\TEMP
2017-05-02 17:34 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-02 17:33 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-02 17:32 - 2016-03-22 22:22 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-02 17:32 - 2015-05-04 21:42 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-02 17:29 - 2015-11-22 20:57 - 00003368 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 17:29 - 2015-11-22 20:57 - 00003240 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 17:16 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi

==================== Files in the root of some directories =======

2015-08-26 20:53 - 2013-08-27 01:50 - 13758464 _____ () C:\Users\Safi\AppData\Roaming\Sandra.mdb
2015-09-01 18:16 - 2015-09-01 18:16 - 0000017 _____ () C:\Users\Safi\AppData\Local\resmon.resmoncfg
2015-05-03 19:00 - 2015-05-03 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-24 17:35 - 2017-05-24 17:35 - 0001536 _____ () C:\Users\Safi\AppData\Local\Temp\NOSEventMessages.dll
2017-05-24 17:40 - 2017-06-01 21:16 - 0534528 _____ () C:\Users\Safi\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-25 21:06

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (New Volume) (Fixed) (Total:159.42 GB) (Free:100.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:772.08 GB) (Free:146.49 GB) NTFS
Drive g: (Elements) (Fixed) (Total:931.48 GB) (Free:333.19 GB) NTFS

Available physical RAM: 5476.36 MB
Total physical RAM: 8053.05 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AF41C183)
Partition 1: (Active) - (Size=159.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=772.1 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: DB24BE4E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Safi\Desktop" je 312 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#9 Příspěvek od jelo »

Po použití adwcleaneru sa už tie otravné reklamné okná na opere neotvárajú. Malo by to byť OK.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: kontrola logu, otváranie reklamných okien v opere

#10 Příspěvek od Rudy »

OK, to jsem rád. Ještě bychom měli dočistit. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a807 ... 2830923859
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
FF Extension: (No Name) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION
C:\Users\Safi\Desktop\trz608.tmp
C:\ProgramData\DP45977C.lfl
C:\Users\Safi\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#11 Příspěvek od jelo »

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2017
Ran by Safi (01-06-2017 22:09:42) Run:1
Running from C:\Users\Safi\Desktop
Loaded Profiles: Safi (Available Profiles: Safi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a807 ... 2830923859
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
FF Extension: (No Name) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION
C:\Users\Safi\Desktop\trz608.tmp
C:\ProgramData\DP45977C.lfl
C:\Users\Safi\AppData\Local\Temp

EmptyTemp:
End
*****************

HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dd55924-f04a-11e5-bf55-005056c00008} => key removed successfully
HKCR\CLSID\{0dd55924-f04a-11e5-bf55-005056c00008} => key not found.
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a15e3887-7b43-11e5-9e09-74d435bd3488} => key removed successfully
HKCR\CLSID\{a15e3887-7b43-11e5-9e09-74d435bd3488} => key not found.
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a15e3888-7b43-11e5-9e09-74d435bd3488} => key removed successfully
HKCR\CLSID\{a15e3888-7b43-11e5-9e09-74d435bd3488} => key not found.
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => value removed successfully
HKCR\Wow6432Node\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => key not found.
C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js => moved successfully
C:\Program Files (x86)\mozilla firefox\955740.cfg => moved successfully
C:\Users\Safi\Desktop\trz608.tmp => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Safi\AppData\Local\Temp" folder move:

Could not move "C:\Users\Safi\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45421195 B
Java, Flash, Steam htmlcache => 8518 B
Windows/system/drivers => 164976894 B
Edge => 0 B
Chrome => 0 B
Firefox => 380203006 B
Opera => 504836676 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58438503 B
systemprofile32 => 69858 B
LocalService => 133753 B
NetworkService => 85204 B
Safi => 562087177 B

RecycleBin => 7132502 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-06-2017 22:11:32)

C:\Users\Safi\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:11:33 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: kontrola logu, otváranie reklamných okien v opere

#12 Příspěvek od Rudy »

Smazáno. Log je již OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
jelo
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 25 čer 2013 17:53

Re: kontrola logu, otváranie reklamných okien v opere

#13 Příspěvek od jelo »

To som rád že už je to v poriadku.Bez vašich rád by som to nadokázal. Aj keď si myslím že sa v počítačoch trocha vyznám a prácu s PC vcelku zvládam, tak počítačová bezpečnosť je pre mňa španielska dedina :-) . Veľmi pekne ďakujem za pomoc.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: kontrola logu, otváranie reklamných okien v opere

#14 Příspěvek od Rudy »

Pro takové jsme tady. :) Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“