VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola logu, otváranie reklamných okien v opere

https://forum.viry.cz:443/viewtopic.php?t=152252

Stránka 1 z 1

kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 10:48
od jelo
Dobrý deň. Chcem vás požiadať o kontrolu logu. Na pc mi v opere vyskakujú reklamné okná a tiež rôzne ponuky na súťaže a dotazníky.Pravdepodobne sa to začalo vtedy keď chlapci začali hrať hry na ROBLOX.com . Spybot searchanddestroy mi nepomohol.
Ďakujem za rady.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:14, on 1. 6. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://unstopaccess.net/wpad.dat?87a807 ... 2830923859
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Launcher3045B] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 3045B
O4 - HKLM\..\Run: [3045B RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3045B] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 3045B,hide,\S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MagicPlusHelper] "C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe"
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Freenet] "S:\Freenet\FreenetTray.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Safi\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Safi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Unknown owner - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe

--
End of file - 12359 bytes

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 17:00
od Rudy
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 18:22
od jelo
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by Safi (administrator) on SAFI-PC (01-06-2017 19:18:29)
Running from C:\Users\Safi\Desktop
Loaded Profiles: Safi (Available Profiles: Safi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-02] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Launcher3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-22] (Xerox)
HKLM-x32\...\Run: [3045B RUN] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [355840 2012-01-03] ()
HKLM-x32\...\Run: [StatusAutoRun3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [4476928 2012-01-03] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
HKLM-x32\...\Run: [FineReader7NewsReaderPro] => C:\Program Files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [278528 2003-12-10] (ABBYY (BIT Software))
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [Freenet] => "S:\Freenet\FreenetTray.exe"
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Safi\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Safi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4E7FBB0-879B-40E6-A45C-E7FA73267C29}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859

Internet Explorer:
==================
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF DefaultProfile: l9hp7tfi.default
FF ProfilePath: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default [2017-06-01]
FF NewTab: Mozilla\Firefox\Profiles\l9hp7tfi.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (NoScript) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-30]
FF Extension: (Seznam lištička) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-05-23]
FF SearchPlugin: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\ask-web-search.xml [2015-06-13]
FF SearchPlugin: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\google-avast.xml [2017-05-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin HKU\S-1-5-21-33039242-2988656641-3552343730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Safi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-05-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-05-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [95744 2012-01-03] () [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-05-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-05-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-05-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-05-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-05-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-02] (AVAST Software)
S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Hard Disk Manager 12 Professional\program\BioNTDrv.SYS [19792 2012-11-22] (Paragon Software GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [219328 2015-05-24] (TrueCrypt Foundation)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-22] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 19:18 - 2017-06-01 19:18 - 00021307 _____ C:\Users\Safi\Desktop\FRST.txt
2017-06-01 19:18 - 2017-06-01 19:18 - 00000000 ____D C:\FRST
2017-06-01 19:17 - 2017-06-01 19:17 - 00112640 _____ (forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe
2017-06-01 19:17 - 2017-06-01 19:17 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-01 19:15 - 2017-06-01 19:15 - 02431488 _____ (Farbar) C:\Users\Safi\Desktop\FRST64.exe
2017-06-01 11:51 - 2017-06-01 11:52 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-06-01 11:30 - 2017-06-01 11:47 - 00000000 ____D C:\Program Files\HijackThis
2017-06-01 11:01 - 2017-06-01 11:01 - 00000000 ___HD C:\$AV_ASW
2017-05-24 18:23 - 2017-05-24 18:34 - 00000000 ____D C:\RemoraUsbDiskGuard
2017-05-23 22:31 - 2017-05-23 22:20 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2017-05-23 22:31 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00000113 _____ C:\Windows\wininit.ini
2017-05-23 21:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-23 21:08 - 2017-06-01 19:16 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Seznam.cz
2017-05-23 21:08 - 2017-05-23 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-23 21:08 - 2017-05-23 21:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-05-23 21:07 - 2017-05-23 21:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-23 21:07 - 2017-05-23 21:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2017-05-23 21:07 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-15 22:03 - 2017-05-31 18:25 - 00000000 ____D C:\Users\Safi\AppData\LocalLow\Mozilla
2017-05-08 09:08 - 2017-05-08 09:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2017-05-02 19:24 - 2017-05-02 19:24 - 00000000 ____D C:\Users\Safi\AppData\Local\CEF
2017-05-02 17:49 - 2017-06-01 11:44 - 00001358 _____ C:\Users\Safi\Desktop\ROBLOX Player.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00001177 _____ C:\Users\Safi\Desktop\ROBLOX Studio.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-02 17:48 - 2017-05-02 18:00 - 00000000 ____D C:\Users\Safi\AppData\Local\Roblox
2017-05-02 17:48 - 2017-05-02 17:58 - 00000250 _____ C:\Users\Safi\AppData\LocalLow\rbxcsettings.rbx
2017-05-02 17:44 - 2017-05-02 17:44 - 01056760 _____ (ROBLOX Corporation) C:\Users\Safi\Downloads\roblox.exe
2017-05-02 17:34 - 2017-05-02 17:34 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-02 17:34 - 2017-05-02 17:34 - 00002154 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-05-02 17:34 - 2017-05-02 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-05-02 17:34 - 2017-05-02 17:33 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-02 17:34 - 2017-05-02 17:32 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-02 17:34 - 2017-05-02 17:31 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-02 17:17 - 2017-05-02 17:17 - 00383592 __RSH C:\gdrop
2017-05-02 17:17 - 2017-05-02 17:17 - 00171136 __RSH C:\xeldr
2017-05-02 17:17 - 2017-05-02 17:17 - 00008192 _____ C:\bootsect.lxe.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 19:16 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-01 19:16 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 19:11 - 2015-05-03 18:49 - 00000000 __SHD C:\Users\Safi\IntelGraphicsProfiles
2017-06-01 19:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 12:56 - 2015-05-12 23:15 - 00000000 ____D C:\Users\Safi\AppData\Roaming\vlc
2017-06-01 12:36 - 2015-10-25 22:07 - 00000527 _____ C:\Users\Safi\ticket1.xml
2017-06-01 11:34 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi\AppData\Local\VirtualStore
2017-05-31 18:37 - 2016-03-22 22:22 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458678129
2017-05-31 18:27 - 2015-05-04 18:19 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430756395
2017-05-31 18:27 - 2015-05-04 18:19 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-24 18:06 - 2015-09-24 20:18 - 00000000 ____D C:\Users\Safi\AppData\Roaming\YouTube Downloader
2017-05-23 22:31 - 2015-06-13 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 22:30 - 2015-11-10 23:16 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 22:21 - 2015-05-12 23:15 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-05-23 22:20 - 2015-11-10 23:02 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2015-11-10 23:01 - 00000000 ____D C:\Program Files\Java
2017-05-23 22:19 - 2015-11-08 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-23 21:41 - 2015-12-03 16:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-16 06:02 - 2015-05-11 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-15 20:56 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 20:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-10 15:37 - 2016-03-22 22:22 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-10 15:37 - 2016-03-22 22:22 - 00001329 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-10 15:37 - 2015-05-04 18:19 - 00001331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-10 15:37 - 2015-05-04 18:19 - 00001319 _____ C:\Users\Public\Desktop\Opera.lnk
2017-05-10 15:37 - 2015-05-03 22:30 - 00002649 _____ C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 12 Professional.lnk
2017-05-10 15:37 - 2015-05-03 18:22 - 00001621 _____ C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-09 21:33 - 2015-05-12 23:06 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 21:33 - 2015-05-11 21:46 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 21:33 - 2015-05-11 21:46 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 21:33 - 2015-05-11 21:46 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 17:14 - 2015-05-04 21:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 09:12 - 2016-03-26 22:12 - 00000000 ____D C:\Users\Safi\AppData\Roaming\PC Suite
2017-05-08 09:08 - 2016-03-26 22:12 - 00000000 ____D C:\ProgramData\PC Suite
2017-05-03 17:14 - 2015-05-04 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-02 19:24 - 2015-11-01 20:23 - 00000000 ____D C:\TEMP
2017-05-02 17:34 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-02 17:33 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-02 17:32 - 2016-03-22 22:22 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-02 17:32 - 2015-05-04 21:42 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-02 17:29 - 2015-11-22 20:57 - 00003368 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 17:29 - 2015-11-22 20:57 - 00003240 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 17:16 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi

==================== Files in the root of some directories =======

2015-08-26 20:53 - 2013-08-27 01:50 - 13758464 _____ () C:\Users\Safi\AppData\Roaming\Sandra.mdb
2015-09-01 18:16 - 2015-09-01 18:16 - 0000017 _____ () C:\Users\Safi\AppData\Local\resmon.resmoncfg
2015-05-03 19:00 - 2015-05-03 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-24 17:35 - 2017-05-24 17:35 - 0001536 _____ () C:\Users\Safi\AppData\Local\Temp\NOSEventMessages.dll
2017-05-24 17:40 - 2017-05-31 18:27 - 0534528 _____ () C:\Users\Safi\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-25 21:06

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (New Volume) (Fixed) (Total:159.42 GB) (Free:100.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:772.08 GB) (Free:146.49 GB) NTFS
Drive g: (Elements) (Fixed) (Total:931.48 GB) (Free:333.2 GB) NTFS

Available physical RAM: 4812.49 MB
Total physical RAM: 8053.05 MB
Percentage of memory in use: 40%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AF41C183)
Partition 1: (Active) - (Size=159.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=772.1 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: DB24BE4E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Safi\Desktop" je 308 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 19:00
od Rudy
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 19:19
od jelo
Dúfam že som to urobil správne.


# AdwCleaner v6.047 - Logfile created 01/06/2017 at 20:15:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-31.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Safi - SAFI-PC
# Running from : C:\Users\Safi\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Safi\AppData\Local\DriverToolkit
[-] Folder deleted: C:\Users\Safi\AppData\Local\StormFall
[-] Folder deleted: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\PConverter_dz
[-] Folder deleted: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\InternetSpeedTracker_9t
[-] Folder deleted: C:\Program Files (x86)\DriverToolkit


***** [ Files ] *****

[-] File deleted: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\ask-web-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\Users\Public\Desktop\Opera.lnk
[-] Shortcut disinfected: C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 12 Professional.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 12 Professional\Paragon Hard Disk Manager™ 12 Professional.lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Safi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key deleted: HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\csastats
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\csastats


***** [ Web browsers ] *****

[-] Firefox preferences cleaned:
[-] Firefox preferences cleaned: "extensions.mywebsearch.prevKwdEnabled" - true
[-] Firefox preferences cleaned: "extensions.mywebsearch.prevKwdURL" - "hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&ind=2015061305&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ&searchfor="
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.BUTTON_STRUCTURE" - "[{\"b\":224542360,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224542361,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224542363,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224542367,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":224542370,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":224542373,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224542334,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":224542337,\"c\":\"mindspark.internetspeedtracker\",\"v\":\"1.1.7\",\"p\":\"L.2\"},{\"b\":224542338,\"c\":\"mindspark.tipstoboostspeed\",\"p\":\"L.3\"},{\"b\":224542339,\"c\":\"mindspark.ehow\",\"p\":\"L.3.0\"},{\"b\":224542340,\"c\":\"mindspark.wikihow\",\"p\":\"L.3.1\"},{\"b\":224542341,\"c\":\"mindspark.digitalunite\",\"p\":\"L.3.2\"},{\"b\":224974527,\"c\":\"mindspark.windstreamcommunications\",\"p\":\"L.3.3\"},{\"b\":224542343,\"c\":\"mindspark.auslogics\",\"p\":\"L.3.4\"},{\"b\":224542344,\"c\":\"mindspark.speedmatters\",\"p\":\"L.3.5\"},{\"b\":224542345,\"c\":\"mindspark.radio\",\"v\":\"1.0.3\",\"p\":\"L.4\"},{\"b\":224542346,\"c\":\"mindspark.weather\",\"v\":\"1.2.3\",\"p\":\"L.5\"},{\"b\":224542336,\"c\":\"mindspark.ask\",\"p\":\"R.0\"},{\"b\":224542377,\"c\":\"mindspark.wrench\",\"p\":\"R.1\"},{\"b\":224542383,\"c\":\"mindspark.tboptions\",\"p\":\"R.1.0\"},{\"b\":224542384,\"c\":\"mindspark.enabledisable\",\"p\":\"R.1.0.0\"},{\"b\":224542402,\"c\":\"mindspark.uninstall\",\"p\":\"R.1.0.1\"},{\"b\":224542411,\"c\":\"mindspark.help\",\"p\":\"R.1.0.2\"},{\"b\":224542417,\"c\":\"mindspark.version\",\"p\":\"R.1.0.3\"},{\"b\":224542425,\"c\":\"mindspark.notspyware\",\"p\":\"R.1.1\"},{\"b\":224542417,\"c\":\"mindspark.version\",\"p\":\"R.1.2\"}]"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.prev" - "Google"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.prev" - "Google"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.prev" - "about:home"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.tb" - "hxxp://home.tb.ask.com/index.jhtml?ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.page.prev" - 0
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.startup.page.tb" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.browser.version.last" - "43.0"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.competitorDNS" - "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/index.php\",\"p\":\" ... ":\"domain\"}],\"expires\":1439605972546,\"retrieveDateStr\":\"Sat Aug 08 2015 04:32:52 GMT+0200 (Central Europe Standard Time)\"}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.firstKnownVersion" - "7.18.7.19722"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.homepage" - "hxxp://home.tb.ask.com/index.jhtml?ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.hp.enabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.hp.guardType" - "HPR"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.hp.user.defined" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.initialized" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installKeysSource" - "Cookies"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installType" - "XPI"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.contextKey" - ""
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.dlpCountryCode" - "SK"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.installDate" - "2015061305"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.partnerId" - "^BBQ^xdm007^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.partnerSubId" - "COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.pixelUrl" - "hxxp://free.internetspeedtracker.com/install_pixels.jhtml?partner=^BBQ^xdm007^YYA^sk&sub_id=COKWwvT9jMYCFdLLtAod_XkAoQ&coId=8a9ac9294cfb49b5afce2a73d11c006c&tbGuid=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.success" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.installation.toolbarId" - "D4AB9F9B-9674-4F9B-BBD4-39D0E1640251"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.isCompliantUninstallImplementation" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.lastActivePing" - "1451314761177"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.lastKnownVersion" - "7.23.7.43018"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.defaultSearch" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.homePageEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.keywordEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.options.tabEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.partnerPixelFired" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.searchHistory" - "teen sex mineplex login servery minihry sex teen foto nude party google minihry servery servery z minihramy no po\rkaj zajac! text gmail.com teen foto network.hxxp.sendRefererHeader"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.successUrl" - "hxxp://free.internetspeedtracker.com/installComplete.jhtml"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.toolbar.ownSearch" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.toolbar.versionChanged" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._9tMembers_.toolbarCollapsed" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.BUTTON_STRUCTURE" - "[{\"b\":224511887,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224511888,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224511890,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224511894,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":224511897,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":224511900,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224511792,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":224511805,\"c\":\"mindspark.product\",\"p\":\"L.2\"},{\"b\":224511806,\"c\":\"mindspark.notspyware\",\"p\":\"L.2.0\"},{\"b\":224511813,\"c\":\"mindspark.help\",\"p\":\"L.2.1\"},{\"b\":224511819,\"c\":\"mindspark.version\",\"p\":\"L.2.2\"},{\"b\":225074811,\"c\":\"mindspark.convertfiles\",\"v\":\"1.1.1\",\"p\":\"L.3\"},{\"b\":224511828,\"c\":\"mindspark.shareviaemail\",\"p\":\"L.4\"},{\"b\":224511829,\"c\":\"mindspark.wetransfer\",\"p\":\"L.4.0\"},{\"b\":224511830,\"c\":\"mindspark.sendspace\",\"p\":\"L.4.1\"},{\"b\":224511831,\"c\":\"mindspark.mailbigfile\",\"p\":\"L.4.2\"},{\"b\":224511832,\"c\":\"mindspark.transferbigfiles\",\"p\":\"L.4.3\"},{\"b\":224511833,\"c\":\"mindspark.dropsend\",\"p\":\"L.4.4\"},{\"b\":224511834,\"c\":\"mindspark.measurementconverter\",\"v\":\"1.2.1\",\"p\":\"L.5\"},{\"b\":224511835,\"c\":\"mindspark.share\",\"p\":\"L.6\"},{\"b\":224511836,\"c\":\"mindspark.sendwiththecloud\",\"p\":\"L.6.0\"},{\"b\":224511837,\"c\":\"mindspark.dropbox\",\"p\":\"L.6.0.0\"},{\"b\":224511838,\"c\":\"mindspark.copy\",\"p\":\"L.6.0.1\"},{\"b\":224511839,\"c\":\"mindspark.box\",\"p\":\"L.6.0.2\"},{\"b\":224511840,\"c\":\"mindspark.microsoftonedrive\",\"p\":\"L.6.0.3\"},{\"b\":224511841,\"c\":\"mindspark.spideroak\",\"p\":\"L.6.0.4\"},{\"b\":224511842,\"c\":\"mindspark.sugarsync\",\"p\":\"L.6.0.5\"},{\"b\":224511843,\"c\":\"mindspark.sharewithsocialmedia\",\"p\":\"L.6.1\"},{\"b\":224511844,\"c\":\"mindspark.facebooklink\",\"p\":\"L.6.1.0\"},{\"b\":224511845,\"c\":\"mindspark.twitter\",\"p\":\"L.6.1.1\"},{\"b\":224511846,\"c\":\"mindspark.linkedin\",\"p\":\"L.6.1.2\"},{\"b\":224511847,\"c\":\"mindspark.pinterest\",\"p\":\"L.6.1.3\"},{\"b\":224511848,\"c\":\"mindspark.instagram\",\"p\":\"L.6.1.4\"},{\"b\":224511849,\"c\":\"mindspark.tumblr\",\"p\":\"L.6.1.5\"},{\"b\":224511850,\"c\":\"mindspark.photosharingsites\",\"p\":\"L.6.2\"},{\"b\":224511851,\"c\":\"mindspark.flickr\",\"p\":\"L.6.2.0\"},{\"b\":224511852,\"c\":\"mindspark.photobucket\",\"p\":\"L.6.2.1\"},{\"b\":224511853,\"c\":\"mindspark.smugmug\",\"p\":\"L.6.2.2\"},{\"b\":224511854,\"c\":\"mindspark.fotki\",\"p\":\"L.6.2.3\"},{\"b\":224511855,\"c\":\"mindspark.500px\",\"p\":\"L.6.2.4\"},{\"b\":224511856,\"c\":\"mindspark.deviantart\",\"p\":\"L.6.2.5\"},{\"b\":224511857,\"c\":\"mindspark.facebook\",\"p\":\"L.7\"},{\"b\":224511804,\"c\":\"mindspark.ask\",\"p\":\"R.0\"},{\"b\":224511904,\"c\":\"mindspark.wrench\",\"p\":\"R.1\"},{\"b\":224511910,\"c\":\"mindspark.tboptions\",\"p\":\"R.1.0\"},{\"b\":224511911,\"c\":\"mindspark.enabledisable\",\"p\":\"R.1.0.0\"},{\"b\":224511932,\"c\":\"mindspark.uninstall\",\"p\":\"R.1.0.1\"}]"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.defaultenginename.prev" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.defaultenginename.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.defaultenginename.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.selectedEngine.prev" - "Google"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.selectedEngine.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.search.selectedEngine.tb" - "Ask Web Search"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.homepage.prev" - "hxxp://home.tb.ask.com/index.jhtml?ptb=D4AB9F9B-9674-4F9B-BBD4-39D0E1640251&n=781b6539&p2=^BBQ^xdm007^YYA^sk&si=COKWwvT9jMYCFdLLtAod_XkAoQ"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.homepage.tb" - "hxxp://home.tb.ask.com/index.jhtml?ptb=3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A&n=782a0fec&p2=^BYC^xdm008^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.startup.page.tb" - 1
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.browser.version.last" - "53.0"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.coId" - "69e793a614754d479e62ca2dd1d746de"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.competitorDNS" - "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/index.php\",\"p\":\" ... ":\"domain\"}],\"expires\":1460837325024,\"retrieveDateStr\":\"Sat Apr 09 2016 22:08:45 GMT+0200 (Central Europe Standard Time)\"}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.firstKnownVersion" - "7.38.8.46577"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.homepage" - "hxxp://home.tb.ask.com/index.jhtml?ptb=3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A&n=782a0fec&p2=^BYC^xdm008^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.hp.enabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.hp.guardType" - "HPR"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.hp.user.defined" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.initialized" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installType" - "XPI"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.dlpCountryCode" - "SK"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.installDate" - "2016022508"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.partnerId" - "^BYC^xdm008^YYA^sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.success" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.installation.toolbarId" - "3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lastActivePing" - "1495382648703"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lastKnownVersion" - "7.38.8.46577"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lssState" - "{\"previousLocales\":[\"sk\",\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLocale\":\"en\",\"previousLocale\":\"en\"}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.defaultSearch" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.homePageEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.keywordEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.options.tabEnabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.productDeliveryOption.language" - "sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.productDeliveryOption.type" - "Toolbar"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.searchHistory" - "The PConverter toolbar offers convenient web search, homepage, and default search. More info. pixel gun teen pipina friv2 friv 2 friv 31 dopravný servis chillin.sk aablony slnko www.dracik.sk dracik.sk"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.startupTasks" - "{}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.successUrl" - "hxxp://www.pconverter.com/installComplete.jhtml"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.toolbar.versionChanged" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.toolbarCollapsed" - false
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._dzMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Safi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l9hp7tfi.default\\\\PConverter_dz\\\\3EB1D51C-B857-4D9F-9F10-D16DB3B3C15A.sqlite\",\"C:\\\\Users\\\\Safi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\l9hp7tfi.default\\\\PConverter_dz\"]}"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" - true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.hp.enabled.guid" - "pconverter@mindspark.com"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "pconverter@mindspark.com"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [21039 Bytes] - [01/06/2017 20:15:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [21943 Bytes] - [01/06/2017 20:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [21187 Bytes] ##########

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 19:21
od jelo
po reštarte mi na ploche otvorilo ešte jedno okno s týmto textom:

Unable to start process 'szndesktop.exe default start' Error nr: 2 - The system cannot find the file specified.


-----
LightSpeed::UnableToStartProcessException::UnableToStartProcessException(364): Exception: Unable to start process 'szndesktop.exe default start' Error nr: 2 - The system cannot find the file specified.
(class LightSpeed::UnableToStartProcessException, LightSpeed::UnableToStartProcessException::UnableToStartProcessException)

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 20:01
od Rudy
Týká se softwaru od Seznamu. Pokud ho používáte, přeinstalujte. Dejte nový log FRST.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 20:28
od jelo
seznam.cz nepoužívam, takže som som ho odinštaloval a po reštarte už tá hláška nebola.

Tu je log z frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by Safi (administrator) on SAFI-PC (01-06-2017 21:24:58)
Running from C:\Users\Safi\Desktop
Loaded Profiles: Safi (Available Profiles: Safi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-02] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Launcher3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-22] (Xerox)
HKLM-x32\...\Run: [3045B RUN] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [355840 2012-01-03] ()
HKLM-x32\...\Run: [StatusAutoRun3045B] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [4476928 2012-01-03] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
HKLM-x32\...\Run: [FineReader7NewsReaderPro] => C:\Program Files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [278528 2003-12-10] (ABBYY (BIT Software))
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [Freenet] => "S:\Freenet\FreenetTray.exe"
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-02] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D4E7FBB0-879B-40E6-A45C-E7FA73267C29}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://unstopaccess.net/wpad.dat?87a80770008c23355b1376068dcadd2830923859

Internet Explorer:
==================
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF DefaultProfile: l9hp7tfi.default
FF ProfilePath: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default [2017-06-01]
FF NewTab: Mozilla\Firefox\Profiles\l9hp7tfi.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\l9hp7tfi.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\l9hp7tfi.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (NoScript) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-30]
FF Extension: (No Name) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF SearchPlugin: C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\searchplugins\google-avast.xml [2017-05-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin HKU\S-1-5-21-33039242-2988656641-3552343730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Safi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-05-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-05-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [95744 2012-01-03] () [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-05-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-05-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-05-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-05-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-05-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-02] (AVAST Software)
S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Hard Disk Manager 12 Professional\program\BioNTDrv.SYS [19792 2012-11-22] (Paragon Software GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [219328 2015-05-24] (TrueCrypt Foundation)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-22] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 21:24 - 2017-06-01 21:24 - 00112640 _____ (forum.viry.cz) C:\Users\Safi\Desktop\FRSTLauncher.exe
2017-06-01 21:21 - 2017-06-01 21:21 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-01 20:13 - 2017-06-01 21:20 - 00000000 ____D C:\AdwCleaner
2017-06-01 20:12 - 2017-06-01 20:12 - 04110280 _____ C:\Users\Safi\Desktop\adwcleaner_6.047.exe
2017-06-01 19:33 - 2017-06-01 19:33 - 00081260 _____ C:\Users\Safi\Desktop\FRSTLauncher.zip
2017-06-01 19:27 - 2017-06-01 19:17 - 00112640 ____N (forum.viry.cz) C:\Users\Safi\Desktop\trz608.tmp
2017-06-01 19:18 - 2017-06-01 21:25 - 00020454 _____ C:\Users\Safi\Desktop\FRST.txt
2017-06-01 19:18 - 2017-06-01 21:24 - 00000000 ____D C:\FRST
2017-06-01 19:15 - 2017-06-01 19:15 - 02431488 _____ (Farbar) C:\Users\Safi\Desktop\FRST64.exe
2017-06-01 11:51 - 2017-06-01 11:52 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-06-01 11:30 - 2017-06-01 11:47 - 00000000 ____D C:\Program Files\HijackThis
2017-06-01 11:01 - 2017-06-01 11:01 - 00000000 ___HD C:\$AV_ASW
2017-05-24 18:23 - 2017-05-24 18:34 - 00000000 ____D C:\RemoraUsbDiskGuard
2017-05-23 22:31 - 2017-05-23 22:20 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2017-05-23 22:31 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00000113 _____ C:\Windows\wininit.ini
2017-05-23 21:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-23 21:08 - 2017-06-01 21:16 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Seznam.cz
2017-05-23 21:08 - 2017-06-01 21:16 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-05-23 21:08 - 2017-05-23 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-23 21:07 - 2017-05-23 21:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-23 21:07 - 2017-05-23 21:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2017-05-23 21:07 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-23 21:07 - 2017-05-23 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-23 21:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-15 22:03 - 2017-05-31 18:25 - 00000000 ____D C:\Users\Safi\AppData\LocalLow\Mozilla
2017-05-08 09:08 - 2017-05-08 09:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2017-05-02 19:24 - 2017-05-02 19:24 - 00000000 ____D C:\Users\Safi\AppData\Local\CEF
2017-05-02 17:49 - 2017-06-01 11:44 - 00001358 _____ C:\Users\Safi\Desktop\ROBLOX Player.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00001177 _____ C:\Users\Safi\Desktop\ROBLOX Studio.lnk
2017-05-02 17:48 - 2017-06-01 11:44 - 00000000 ____D C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-02 17:48 - 2017-05-02 18:00 - 00000000 ____D C:\Users\Safi\AppData\Local\Roblox
2017-05-02 17:48 - 2017-05-02 17:58 - 00000250 _____ C:\Users\Safi\AppData\LocalLow\rbxcsettings.rbx
2017-05-02 17:44 - 2017-05-02 17:44 - 01056760 _____ (ROBLOX Corporation) C:\Users\Safi\Downloads\roblox.exe
2017-05-02 17:34 - 2017-05-02 17:34 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-02 17:34 - 2017-05-02 17:34 - 00002154 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-05-02 17:34 - 2017-05-02 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-05-02 17:34 - 2017-05-02 17:33 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-02 17:34 - 2017-05-02 17:33 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-02 17:34 - 2017-05-02 17:32 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-02 17:34 - 2017-05-02 17:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-02 17:34 - 2017-05-02 17:31 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-02 17:17 - 2017-05-02 17:17 - 00383592 __RSH C:\gdrop
2017-05-02 17:17 - 2017-05-02 17:17 - 00171136 __RSH C:\xeldr
2017-05-02 17:17 - 2017-05-02 17:17 - 00008192 _____ C:\bootsect.lxe.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 21:21 - 2015-05-03 18:49 - 00000000 __SHD C:\Users\Safi\IntelGraphicsProfiles
2017-06-01 21:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 21:20 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-01 21:20 - 2009-07-14 06:45 - 00014768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 20:15 - 2016-03-22 22:22 - 00001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-01 20:15 - 2016-03-22 22:22 - 00001002 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-06-01 20:15 - 2015-05-04 18:19 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-06-01 20:15 - 2015-05-04 18:19 - 00000992 _____ C:\Users\Public\Desktop\Opera.lnk
2017-06-01 20:15 - 2015-05-03 22:30 - 00001503 _____ C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 12 Professional.lnk
2017-06-01 20:15 - 2015-05-03 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 12 Professional
2017-06-01 20:15 - 2015-05-03 18:22 - 00000997 _____ C:\Users\Safi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-01 12:56 - 2015-05-12 23:15 - 00000000 ____D C:\Users\Safi\AppData\Roaming\vlc
2017-06-01 12:36 - 2015-10-25 22:07 - 00000527 _____ C:\Users\Safi\ticket1.xml
2017-06-01 11:34 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi\AppData\Local\VirtualStore
2017-05-31 18:37 - 2016-03-22 22:22 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458678129
2017-05-31 18:27 - 2015-05-04 18:19 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430756395
2017-05-31 18:27 - 2015-05-04 18:19 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-24 18:06 - 2015-09-24 20:18 - 00000000 ____D C:\Users\Safi\AppData\Roaming\YouTube Downloader
2017-05-23 22:31 - 2015-06-13 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 22:30 - 2015-11-10 23:16 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-23 22:24 - 2015-05-11 22:17 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 22:21 - 2015-05-12 23:15 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-05-23 22:20 - 2015-11-10 23:02 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-05-23 22:20 - 2015-11-10 23:01 - 00000000 ____D C:\Program Files\Java
2017-05-23 22:19 - 2015-11-08 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-23 21:41 - 2015-12-03 16:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-16 06:02 - 2015-05-11 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-15 20:56 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 20:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-09 21:33 - 2015-05-12 23:06 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 21:33 - 2015-05-11 21:46 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 21:33 - 2015-05-11 21:46 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 21:33 - 2015-05-11 21:46 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 21:33 - 2015-05-11 21:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 17:14 - 2015-05-04 21:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 09:12 - 2016-03-26 22:12 - 00000000 ____D C:\Users\Safi\AppData\Roaming\PC Suite
2017-05-08 09:08 - 2016-03-26 22:12 - 00000000 ____D C:\ProgramData\PC Suite
2017-05-03 17:14 - 2015-05-04 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-02 19:24 - 2015-11-01 20:23 - 00000000 ____D C:\TEMP
2017-05-02 17:34 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-05-02 17:34 - 2015-05-04 21:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-02 17:33 - 2015-05-04 21:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.149373929665107
2017-05-02 17:33 - 2015-05-04 21:42 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-02 17:33 - 2015-05-04 21:42 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-02 17:32 - 2016-03-22 22:22 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-02 17:32 - 2015-05-04 21:42 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-02 17:29 - 2015-11-22 20:57 - 00003368 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 17:29 - 2015-11-22 20:57 - 00003240 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 17:16 - 2015-05-03 18:21 - 00000000 ____D C:\Users\Safi

==================== Files in the root of some directories =======

2015-08-26 20:53 - 2013-08-27 01:50 - 13758464 _____ () C:\Users\Safi\AppData\Roaming\Sandra.mdb
2015-09-01 18:16 - 2015-09-01 18:16 - 0000017 _____ () C:\Users\Safi\AppData\Local\resmon.resmoncfg
2015-05-03 19:00 - 2015-05-03 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-24 17:35 - 2017-05-24 17:35 - 0001536 _____ () C:\Users\Safi\AppData\Local\Temp\NOSEventMessages.dll
2017-05-24 17:40 - 2017-06-01 21:16 - 0534528 _____ () C:\Users\Safi\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-25 21:06

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (New Volume) (Fixed) (Total:159.42 GB) (Free:100.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:772.08 GB) (Free:146.49 GB) NTFS
Drive g: (Elements) (Fixed) (Total:931.48 GB) (Free:333.19 GB) NTFS

Available physical RAM: 5476.36 MB
Total physical RAM: 8053.05 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AF41C183)
Partition 1: (Active) - (Size=159.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=772.1 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: DB24BE4E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Safi\Desktop" je 312 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 20:46
od jelo
Po použití adwcleaneru sa už tie otravné reklamné okná na opere neotvárajú. Malo by to byť OK.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 21:06
od Rudy
OK, to jsem rád. Ještě bychom měli dočistit. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a807 ... 2830923859
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
FF Extension: (No Name) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION
C:\Users\Safi\Desktop\trz608.tmp
C:\ProgramData\DP45977C.lfl
C:\Users\Safi\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 21:13
od jelo
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2017
Ran by Safi (01-06-2017 22:09:42) Run:1
Running from C:\Users\Safi\Desktop
Loaded Profiles: Safi (Available Profiles: Safi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\Run: [] => [X]
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {0dd55924-f04a-11e5-bf55-005056c00008} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3887-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\...\MountPoints2: {a15e3888-7b43-11e5-9e09-74d435bd3488} - H:\Lenovo_Suite.exe
AutoConfigURL: [S-1-5-21-33039242-2988656641-3552343730-1000] => hxxp://unstopaccess.net/wpad.dat?87a807 ... 2830923859
Toolbar: HKLM-x32 - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
FF Extension: (No Name) - C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js [2017-05-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\955740.cfg [2017-05-10] <==== ATTENTION
C:\Users\Safi\Desktop\trz608.tmp
C:\ProgramData\DP45977C.lfl
C:\Users\Safi\AppData\Local\Temp

EmptyTemp:
End
*****************

HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dd55924-f04a-11e5-bf55-005056c00008} => key removed successfully
HKCR\CLSID\{0dd55924-f04a-11e5-bf55-005056c00008} => key not found.
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a15e3887-7b43-11e5-9e09-74d435bd3488} => key removed successfully
HKCR\CLSID\{a15e3887-7b43-11e5-9e09-74d435bd3488} => key not found.
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a15e3888-7b43-11e5-9e09-74d435bd3488} => key removed successfully
HKCR\CLSID\{a15e3888-7b43-11e5-9e09-74d435bd3488} => key not found.
HKU\S-1-5-21-33039242-2988656641-3552343730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => value removed successfully
HKCR\Wow6432Node\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => key not found.
C:\Users\Safi\AppData\Roaming\Mozilla\Firefox\Profiles\l9hp7tfi.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\955740.js => moved successfully
C:\Program Files (x86)\mozilla firefox\955740.cfg => moved successfully
C:\Users\Safi\Desktop\trz608.tmp => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Safi\AppData\Local\Temp" folder move:

Could not move "C:\Users\Safi\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45421195 B
Java, Flash, Steam htmlcache => 8518 B
Windows/system/drivers => 164976894 B
Edge => 0 B
Chrome => 0 B
Firefox => 380203006 B
Opera => 504836676 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58438503 B
systemprofile32 => 69858 B
LocalService => 133753 B
NetworkService => 85204 B
Safi => 562087177 B

RecycleBin => 7132502 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-06-2017 22:11:32)

C:\Users\Safi\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:11:33 ====

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 21:18
od Rudy
Smazáno. Log je již OK.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 01 čer 2017 21:27
od jelo
To som rád že už je to v poriadku.Bez vašich rád by som to nadokázal. Aj keď si myslím že sa v počítačoch trocha vyznám a prácu s PC vcelku zvládam, tak počítačová bezpečnosť je pre mňa španielska dedina :-) . Veľmi pekne ďakujem za pomoc.

Re: kontrola logu, otváranie reklamných okien v opere

Napsal: 02 čer 2017 15:58
od Rudy
Pro takové jsme tady. :) Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz