Právě je 17 zář 2019 02:22

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.



Odeslat nové téma Odpovědět na téma  [ Příspěvků: 19 ]  Přejít na stránku 1, 2  Další
Autor Zpráva
 Předmět příspěvku: Problém s načítáním stránek...
PříspěvekNapsal: 19 dub 2018 19:07 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
Zdravím...
po spuštění Firefoxu se mi stránky načítají až na podruhé nebo více pokusů...
*entrum.cz jsou tam hned ale třeba *ide.cz nejdou načíst ani napotřetí a musím několikrát enterem kliknout až se načtou...
co jsem zkusil :
1.vymazat mezipamět DNS určitého zrychlení načítání jsem si všiml jenže problém prvotního načtení přetrvává...
2.vypnout Proxy server...líp to funguje s vypnutým než zapnutým
3.vymazal jsem nedávnou historii ...taky bez efektu
4.Testoval jsem svůj NTB na malware, spyware a adware(adwcleaner) bez nálezů
5.Firefox je aktuální
6.čistil jsem i registry programem ccleaner...nic...
7. Ještě jedné zvláštnosti jsem si všiml...pokud už je i problémová stránka jednou načtena okno zavřeno druhé načtení téže stránky je bez problémů... až jakmile se zavře FF a znovu otevře objeví se stejný problém s načítáním...
8. po neúspěšném načtení se objevuje nejčastěji hlášení:Vypršel čas spojení...

prosím o radu...co s tím může být???


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 19 dub 2018 20:09 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109440
Bydliště: Plzeň
Zdravím!
Zkusíme jiné čističe. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize





Citace:
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;







Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 20 dub 2018 20:47 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
Po opravě (1) ještě horší... už nejde žádná stránka napoprvé i Vaši stránku viry.cz jsem musel zadávat několikrát
zde je LOG z (1) antivir nejspíš opravu přerušil ...mám postup (1) opakovat s vypnutým štítem antiviru?
-------------------------------------------------------------
Zoek.exe v5.0.0.2 Updated 19-April-2018(Online Version)
Tool run by Roman on p  20.04.2018 at 21:20:16,94.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Roman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.4.2018 21:26:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

Deleted from C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\0twr3423.default-1406787227367\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\0twr3423.default-1406787227367\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\prefs.js:
user_pref("browser.startup.homepage", "https://mail.centrum.cz/");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\0twr3423.default-1406787227367
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439
- __MSG_avastAppName__ - %ProfilePath%\extensions\sp@avast.com.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi
- short_ __MSG_short_name__ - %ProfilePath%\extensions\{ec89c250-b704-4e53-9ace-d6789fd601b6}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439
FC18E6D133877BE07C753552705A5B8C - c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In
81D6D6EE6226773449C5CBE9496EDAF6 - c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7KMOH_csCZ565

==== Reset Google Chrome ======================

C:\Users\Roman\AppData\Local\AVAST Software\Browser\User Data\Default\Preferences was reset successfully
C:\Users\Roman\AppData\Local\AVAST Software\Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Roman\AppData\Local\AVAST Software\Browser\User Data\Default\Web Data was reset successfully
C:\Users\Roman\AppData\Local\AVAST Software\Browser\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Roman\AppData\Local\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\cache2 emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++badoo.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++cz.pinterest.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++protected.news\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++twitter.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++web.whatsapp.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.amateri.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.facebook.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.pinterest.ch\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.pinterest.co.uk\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.youtube.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\r81zf54h.default-1431621669132\storage\default\https+++www.porndig.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Roman\AppData\Local\AVAST Software\Browser\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Roman\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Roman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on p  20.04.2018 at 21:32:36,52 ======================


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 20 dub 2018 21:08 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109440
Bydliště: Plzeň
Pokud se to zhoršilo, nebude problém v prohlížeči jako takovém (dělají to všechny prohlížeče, nebu jenom některý?). Zkuste Startmenu>spustit>(napsat) cmd>Enter. Do otevřeného okna napište:

Citace:


systém bude vysílat kontrolní pakety na uvedenou adresu, od níž se bude vracet odezva a zobrazovat se v okně. Odezva by neměla být větší, než 50ms a nesmí docházet k výpadkům paketů. Právě výpadky, nebo vysoký ping bývají příčinou tohoto jevu. Po cca minutě program zavřete a sem napište stav.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 20 dub 2018 21:17 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
cca v průměru 11ms
Zoek nejde přerušit zasekl se na Firefox extension... co s tím?


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 20 dub 2018 21:59 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
opět při přístupu na viry.cz zahlásilo vypršel čas spojení... pak server nenalezen pak teprve bleskurychle naběhly stránky viry.cz ...nevím co si o tom mám myslet...
je to ale nějaké krátké...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Roman (Administrator) on p  20.04.2018 at 22:50:07,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


user_pref(browser.onboarding.tour.onboarding-tour-singlesearch.completed, true);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  20.04.2018 at 22:54:31,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2018 08:45 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109440
Bydliště: Plzeň
Občas se stane, že Zoek se sám neukončí. Je to jeho bug. Ukončit ho musíte sám. Junkware nic nenašel. Problém je na všech prohlížečích, nebo jen na některém?

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2018 10:27 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
po restartu
po kliknutí na ikonu IE
...se asi 15vteřin nic neděje pak začíná otevírat okno zhruba za 20vteřin je IE použitelný
IE:/ otevření stránky počet pokusu
centrum.cz napoprvé delší načítání
google napoprvé
seznam.cz napoprvé
duelovky.cz napoprvé dlouhé načítání

lide.cz nelze zobrazit ani po 10pokusu
stránka se chová jako by byla načtena ale nic neobsahuje...
youtube.com napoprvé ...prý zablokovaný javaskript nejde nic přehrát
aukro.cz stránka částečně načtená a motá se tam ten had v kruhu
facebook napoprvé vypadky spojení dlouhé načítání
viry.cz napoprvé stránka se zobrazuje s chybami dlouhé načítání

po restartu
po kliknutí na ikonu FF
... se asi 20vteřin nic neděje pak otevře domovskou stránku centrumu a je použitelný
opětovné spuštění bývá od asi 5 do 20vteřin
FF:
centrum.cz načteno napodruhé delší doba načítání
google napoprvé
seznam napoprvé
duelovky napoprvé dlouhé načítání

lide.cz napoprvé ale načítání i 10vteřin a víc
youtube napoprvé ,dlouhé načítání 15vteřin a více přehrává všechno
aukro napoprvé bez problémů
facebook : ruční zadání nejde načíst
pokud kliknu na záložku načte do 5vteřin
viry načte ale s chybami...pokud použiju záložku tak v celku hned a bez chyb

subjektivně se jeví na používání se záložkami lepší FF než IE
google chrome nemám na svém PC instalovaný aspon tu nevidím nikde ikonu


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2018 10:35 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
ted se dívám že FF se přenastavil na Automatické zjištění konfigurace proxy serverů...
já jsem jej ale včera určitě vypínal ...


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2018 19:16 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109440
Bydliště: Plzeň
Zlusíme PC vyčistit. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2018 08:35 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
Patmel2 a commview už roky nepoužívám nevím co dělají v registrech...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
Ran by Roman (administrator) on ROMAN-PC (22-04-2018 09:07:45)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Roman\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-08] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-23] (NVIDIA Corporation)
HKLM\...\Run: [UpdatePRCShortCut1] => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
HKLM\...\Run: [HotKeysCmds1] => C:\Windows\system32\hkcmd.exe [411056 2015-06-01] (Intel Corporation)
HKLM\...\Run: [Persistence1] => C:\Windows\system32\igfxpers.exe [453552 2015-06-01] (Intel Corporation)
HKLM\...\Run: [IgfxTray1] => C:\Windows\system32\igfxtray.exe [183216 2015-06-01] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_Dolby1] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-07] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-04] (Lenovo)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [258936 2012-02-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 83.240.0.214 83.240.0.135
Tcpip\..\Interfaces\{1F004AE9-736A-4A9E-A206-DE238301C1BF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD39D036-017D-4A2E-B4A8-4BC12D6F774B}: [DhcpNameServer] 83.240.0.214 83.240.0.135

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-683440959-2606681586-737459993-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-683440959-2606681586-737459993-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-683440959-2606681586-737459993-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-683440959-2606681586-737459993-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7KMOH_csCZ565
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-17] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-17] (AVAST Software)

FireFox:
========
FF DefaultProfile: 778j7se6.default-1497116886439
FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 [2018-04-22]
FF Homepage: Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 -> hxxp://mail.centrum.cz/?utm_source=cent ... campaign=A
FF NewTab: Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 -> about:newtab
FF Extension: (Avast SafePrice) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\sp@avast.com.xpi [2018-03-07]
FF Extension: (Avast Online Security) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\wrc@avast.com.xpi [2017-10-06]
FF Extension: (Adblock Hyper - Blokování reklam) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\{ec89c250-b704-4e53-9ace-d6789fd601b6}.xpi [2017-12-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-06-21] ( )
FF Plugin HKU\S-1-5-21-683440959-2606681586-737459993-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-07] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-07] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-02] (Broadcom Corporation.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-21] (Nitro PDF Software)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-24] (Lenovo)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-07] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-02] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-02] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-02] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-02] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-07] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-07] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-07] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-07-31] (Highresolution Enterprises [www.highrez.co.uk])
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2015-04-17] (ITE )
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-24] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 portio; C:\Windows\System32\DRIVERS\WP800IO.sys [8664 2007-09-05] (WinPic800) [File not signed]
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2002-10-16] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-03-27] ()
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-22 09:07 - 2018-04-22 09:08 - 000018216 _____ C:\Users\Roman\Desktop\FRST.txt
2018-04-22 09:06 - 2018-04-22 09:07 - 000000000 ____D C:\FRST
2018-04-22 09:05 - 2018-04-22 09:05 - 000112640 _____ (forum.viry.cz) C:\Users\Roman\Desktop\FRSTLauncher.exe
2018-04-22 09:04 - 2018-04-22 09:04 - 002404352 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2018-04-21 15:26 - 2018-04-22 09:07 - 000002958 _____ C:\Windows\System32\Tasks\{DBA6A7E7-AD58-4BAC-B458-D2AD7CF64774}
2018-04-21 15:26 - 2018-04-22 09:07 - 000002958 _____ C:\Windows\System32\Tasks\{C333A024-D2D3-4785-8F1C-D8AC05B107D2}
2018-04-21 15:26 - 2018-04-22 09:07 - 000002958 _____ C:\Windows\System32\Tasks\{0F731421-C889-4536-A6DC-90BED2CB20EE}
2018-04-21 15:21 - 2018-04-21 15:24 - 000000000 ____D C:\ProgramData\BOINC
2018-04-21 15:21 - 2018-04-21 15:22 - 000000000 ____D C:\Users\Roman\AppData\Roaming\BOINC
2018-04-21 15:21 - 2018-04-21 15:21 - 000000000 ____D C:\Windows\Downloaded Installations
2018-04-21 15:21 - 2018-04-21 15:21 - 000000000 ____D C:\Users\Roman\AppData\Roaming\NVIDIA
2018-04-21 15:21 - 2018-04-21 15:21 - 000000000 ____D C:\Users\Roman\.VirtualBox
2018-04-21 15:17 - 2018-04-21 15:17 - 000000000 ____D C:\Users\Roman\AppData\Local\{A7299175-8381-FDCD-EE19-D825CA7124BD}
2018-04-20 21:52 - 2018-04-20 21:52 - 000000000 ____D C:\zoek
2018-04-20 21:48 - 2018-04-20 21:53 - 000000581 _____ C:\runcheck.txt
2018-04-20 21:30 - 2018-04-20 21:30 - 000000000 ___HD C:\$AV_ASW
2018-04-20 21:20 - 2018-04-20 21:20 - 000000000 ____D C:\zoek_backup
2018-04-19 20:10 - 2018-04-19 20:10 - 007256272 _____ (Malwarebytes) C:\Users\Roman\Downloads\adwcleaner_7.1.0.0.exe
2018-04-18 21:49 - 2018-04-18 21:45 - 000994130 _____ C:\Users\Roman\Desktop\CMFD30_LCD.zip
2018-04-07 13:47 - 2018-04-07 13:47 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-05 19:15 - 2018-04-05 19:15 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-04-05 19:15 - 2018-04-05 19:15 - 000002469 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-04-05 19:14 - 2018-04-05 19:14 - 000003428 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-04-05 19:14 - 2018-04-05 19:14 - 000003300 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-04-05 19:13 - 2018-04-05 19:13 - 000000000 ____D C:\Users\Roman\AppData\Local\AVAST Software
2018-04-05 19:13 - 2018-04-05 19:13 - 000000000 ____D C:\Program Files (x86)\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-22 09:07 - 2018-03-17 18:55 - 000004528 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-22 09:07 - 2018-01-13 14:18 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-22 09:07 - 2017-07-15 09:55 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-22 09:07 - 2016-11-16 19:42 - 000000000 ____D C:\Users\Roman\AppData\LocalLow\Mozilla
2018-04-22 09:07 - 2015-12-03 22:39 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-04-22 09:03 - 2009-07-14 06:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-22 09:03 - 2009-07-14 06:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-22 08:54 - 2012-08-08 09:52 - 000130463 _____ C:\Windows\system32\fastboot.set
2018-04-22 08:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-21 15:47 - 2012-08-08 08:43 - 000669116 _____ C:\Windows\system32\perfh005.dat
2018-04-21 15:47 - 2012-08-08 08:43 - 000141744 _____ C:\Windows\system32\perfc005.dat
2018-04-21 15:47 - 2009-07-14 07:13 - 001584554 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-21 15:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-21 15:41 - 2013-12-06 20:31 - 000074728 _____ C:\Users\Roman\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-21 15:40 - 2009-07-14 06:45 - 000344208 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-21 15:21 - 2013-12-06 20:28 - 000000000 ____D C:\Users\Roman
2018-04-21 09:23 - 2018-03-04 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-04-21 09:23 - 2017-03-15 19:36 - 000001317 _____ C:\Users\Public\Desktop\Skype.lnk
2018-04-20 23:12 - 2017-03-01 19:39 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-19 20:12 - 2017-07-15 09:40 - 000000000 ____D C:\AdwCleaner
2018-04-16 23:41 - 2009-07-14 07:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-14 08:02 - 2014-03-29 23:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-14 07:03 - 2013-12-06 22:36 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-14 07:03 - 2013-12-06 22:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-14 07:03 - 2013-12-06 22:36 - 000004398 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-14 07:03 - 2013-12-06 22:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-14 07:03 - 2012-08-08 09:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-12 18:52 - 2013-12-06 21:12 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-08 15:08 - 2017-04-14 20:54 - 000000000 ____D C:\Users\Roman\Documents\eagle
2018-04-07 13:47 - 2017-12-21 18:42 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-07 13:47 - 2017-11-09 19:31 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-07 13:47 - 2014-04-19 20:13 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-07 13:47 - 2014-01-04 02:30 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-07 13:47 - 2013-12-06 21:12 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-07 13:47 - 2013-12-06 21:12 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-07 13:47 - 2013-12-06 21:12 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-07 13:47 - 2013-12-06 21:12 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-07 13:47 - 2013-12-06 21:12 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-05 19:44 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-04-05 19:18 - 2013-12-06 21:09 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-29 20:29 - 2016-11-15 20:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-29 20:29 - 2013-12-06 22:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-08-19 21:23 - 2014-08-19 21:23 - 000003584 _____ () C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-08 19:38 - 2014-05-05 00:47 - 000007597 _____ () C:\Users\Roman\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-04-20 21:48 - 2018-04-20 21:48 - 000476672 _____ () C:\Users\Roman\AppData\Local\Temp\7za.exe
2018-04-21 15:14 - 2018-04-21 15:27 - 001780792 _____ ( ) C:\Users\Roman\AppData\Local\Temp\commview_for_wifi_0481576961.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000020480 _____ (E Dev) C:\Users\Roman\AppData\Local\Temp\DaS_21.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000388608 _____ (Trend Micro Inc.) C:\Users\Roman\AppData\Local\Temp\hijackthis.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000030720 _____ (NirSoft) C:\Users\Roman\AppData\Local\Temp\NirCmd.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000256512 _____ () C:\Users\Roman\AppData\Local\Temp\PEVZ.EXE
2018-04-20 21:48 - 2018-04-20 21:48 - 000069632 _____ () C:\Users\Roman\AppData\Local\Temp\remove.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000098816 _____ () C:\Users\Roman\AppData\Local\Temp\sed.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000057344 _____ (Optimum X) C:\Users\Roman\AppData\Local\Temp\shortcut.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000533851 _____ () C:\Users\Roman\AppData\Local\Temp\sr.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000161792 _____ (SteelWerX) C:\Users\Roman\AppData\Local\Temp\swreg.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000217088 _____ (SteelWerX) C:\Users\Roman\AppData\Local\Temp\swxcacls.exe
2018-04-20 21:48 - 2018-04-20 21:48 - 000024064 _____ () C:\Users\Roman\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Roman\Desktop" je 10 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelligent Touchpad
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant
C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnekeyStudio
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray
"C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by Roman (22-04-2018 09:08:48)
Running from C:\Users\Roman\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-06 18:28:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-683440959-2606681586-737459993-500 - Administrator - Disabled)
Guest (S-1-5-21-683440959-2606681586-737459993-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683440959-2606681586-737459993-1003 - Limited - Enabled)
Roman (S-1-5-21-683440959-2606681586-737459993-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
ASIX UP v.3-30 (HKLM-x32\...\ASIX UP_is1) (Version: - ASIX s.r.o.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 64.0.387.186 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Balíček ovladače systému Windows - Segger (jlink) USB (01/26/2017 2.70.08.0) (HKLM\...\D12F44630DF6CA437A5B43B0F1A4C5A54E130B0D) (Version: 01/26/2017 2.70.08.0 - Segger)
Balíček ovladače systému Windows - SEGGER (JLinkCDC_x64) Ports (08/28/2014 6.0.2601.5) (HKLM\...\ED80E3D3A350D18BFD3D3D8DAED8E2B19105763A) (Version: 08/28/2014 6.0.2601.5 - SEGGER)
Borland C++Builder 6 (HKLM-x32\...\{2864C41B-EF2D-4640-95A2-526276524519}) (Version: 6.0 - Borland Software Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
EAGLE 5.11.0 (HKLM-x32\...\EAGLE 5.11.0) (Version: 5.11.0 - CadSoft Computer GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mikroC (remove only) (HKLM-x32\...\mikroC) (Version: - )
mikroPascal (remove only) (HKLM-x32\...\mikroPascal) (Version: - )
mikroPascal for AVR (remove only) (HKLM-x32\...\mikroPascal for AVR) (Version: - )
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
MPLAB X IDE v4.05 (HKLM-x32\...\MPLAB X IDE v4.05 v4.05) (Version: v4.05 - Microchip)
MPLAB XC16 C Compiler (HKLM-x32\...\MPLAB XC16 C Compiler v1.33) (Version: v1.33 - Microchip)
MPLAB XC32 Compiler (HKLM-x32\...\MPLAB XC32 Compiler v1.44) (Version: v1.44 - Microchip)
MPLAB XC8 C Compiler (HKLM-x32\...\MPLAB XC8 C Compiler v1.44) (Version: v1.44 - Microchip)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Ovladače grafiky 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
OpenOffice 4.1.4 (HKLM-x32\...\{6CA4F7F3-B909-4292-B791-AAA959155DE0}) (Version: 4.14.9788 - Apache Software Foundation)
Ovládací panel NVIDIA 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 345.20 - NVIDIA Corporation) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Skype verze 8.19 (HKLM-x32\...\Skype_is1) (Version: 8.19 - Skype Technologies S.A.)
State of War (HKLM-x32\...\State of War) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
Windows Driver Package - ASIX s.r.o. ASIX Development Tools Driver Package (07/10/2015 2.12.06) (HKLM\...\63179435CD5991EB4724264B890E0ED379471EE7) (Version: 07/10/2015 2.12.06 - ASIX s.r.o.)
Windows Driver Package - ASIX s.r.o. ASIX Development Tools Driver Package (09/28/2016 2.12.24) (HKLM\...\5378E6D0AF40C93BBB4559D6D163139BADD54A56) (Version: 09/28/2016 2.12.24 - ASIX s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-07] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-07] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-08-08] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-07] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [NPShellExtension] -> {D7ECBD0E-B8E3-4a0c-9E84-514298EFA583} => C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll [2012-06-21] ()
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-07] (AVAST Software)
ContextMenuHandlers3: [IkeyShlExt] -> {F1E551D1-822B-40e6-B4D8-A9B4A48AA07A} => C:\Windows\system32\SimpleExt.dll [2012-08-08] ()
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-07] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A9A16C4-C566-48ED-97FD-4A7B797528E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {2FC9A750-9B5B-4EAA-B757-F3B7EB5945F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {39964426-A2DF-44CF-8184-89767D3BBC60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-14] (Adobe Systems Incorporated)
Task: {63FE8DE6-D57B-4F18-BBD6-0EBE9B81E23F} - System32\Tasks\{C333A024-D2D3-4785-8F1C-D8AC05B107D2} => C:\Users\Roman\Downloads\commview_for_wifi.exe
Task: {93D90012-EFC7-4797-A971-90D0E4893095} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {A429D1E2-A164-4A93-B270-38D8337DF3E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {B75D31B9-CA73-40A5-A6ED-839C179DD280} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {B9D35FB0-4608-415F-9CEF-2C59A974B1C8} - System32\Tasks\{0F731421-C889-4536-A6DC-90BED2CB20EE} => C:\Users\Roman\Downloads\commview_for_wifi.exe
Task: {C729DE2E-153C-4B6C-8EB7-6482C5E9DC8D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-05] (AVAST Software)
Task: {D5B67F00-F23B-48F8-A7C1-4B3AEA644DB4} - System32\Tasks\{3888D6C9-FF23-4BEE-B9F0-0F85B70A86BE} => C:\MeProgramy\PATMEL-2\PAtmel II.exe [2000-06-12] (D72)
Task: {DEDB057F-4D59-4F15-A2DC-27F71A1ACD8D} - System32\Tasks\{DBA6A7E7-AD58-4BAC-B458-D2AD7CF64774} => C:\Users\Roman\Downloads\commview_for_wifi.exe
Task: {E7F4E7FB-2053-4E65-B7F8-392D2FD22620} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-05] (AVAST Software)
Task: {EB058A3C-BC05-433E-B298-B48788895A33} - System32\Tasks\{7E97F875-7619-4918-AAB1-B8AE23BC214B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Lenovo\Boot Optimizer\DeleteUninstall.exe" -d "C:\Program Files (x86)\Lenovo\Boot Optimizer"
Task: {F25424E4-4EBF-4FFB-8AEC-E113FF68339C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-07] (AVAST Software)
Task: {F363389C-DA12-4806-ACB1-DCDAC8C76A2D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-08-08 09:19 - 2015-02-04 22:29 - 000115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-08 09:50 - 2012-08-08 09:50 - 001508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-08-08 09:50 - 2012-08-08 09:50 - 000628064 _____ () C:\Windows\system32\SimpleExt.dll
2012-06-21 13:23 - 2012-06-21 13:23 - 000108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2012-08-08 09:30 - 2012-02-08 04:03 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2008-12-20 12:20 - 2012-08-08 09:52 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-20 01:22 - 2012-08-08 09:52 - 001516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-09 00:36 - 2012-08-08 09:52 - 000011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\cs-CZ\EMWpfUI.resources.dll
2008-12-20 12:20 - 2012-08-08 09:52 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-02-06 04:38 - 2012-02-06 04:38 - 000258936 _____ () C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe
2012-05-05 13:16 - 2015-06-01 22:00 - 000102912 _____ () C:\Windows\system32\IccLibDll_x64.dll
2018-03-06 23:58 - 2018-03-06 23:58 - 000083784 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-22 08:50 - 2018-04-22 08:50 - 005817488 _____ () C:\Program Files\AVAST Software\Avast\defs\18042200\algo.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000763608 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000911064 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000969944 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000501464 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2013-12-07 20:39 - 2015-02-23 10:44 - 000010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-06-28 08:28 - 2011-06-28 08:28 - 000042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2018-03-02 22:22 - 2018-03-02 22:22 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-07 13:47 - 2018-04-07 13:47 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2012-08-08 09:30 - 2012-02-08 03:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4790 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-04-20 21:52 - 000000841 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-683440959-2606681586-737459993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 83.240.0.214 - 83.240.0.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Intelligent Touchpad => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OnekeyStudio => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6D014DEC-A2C5-4995-8BE3-584F89BED619}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{511220C7-6FE3-469E-9342-7B31C15B43E1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4AB3BFA7-F5E8-49DA-BAB0-BF56820DA0C7}] => (Allow) LPort=2869
FirewallRules: [{672D39F5-5497-4838-9C24-0505855D2D82}] => (Allow) LPort=1900
FirewallRules: [{27BDB785-6C1D-459E-BA81-43EC041108D0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6B8705A8-1F40-435A-983F-0EB88EAD91FD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A4237FF2-88A1-4282-A51B-64DE1253886F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{435580A1-E9DF-4F55-910A-3CD8305F6DE4}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{A7120233-09C2-4DB3-8BC6-9EAD6211DC4D}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{8CD5A8B6-4568-4FBA-B23A-906340B6439C}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{0BC86A65-947E-4630-8691-C8F60948361D}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{2534CB2A-36C1-4C04-8C34-015E5FF6FC49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{14440D45-10C1-4161-B9BE-B5534F1146E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6D690019-471C-448C-961F-4F6D386478D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F07C5053-29A5-4329-95FC-5A3027463983}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1BCB4B38-000C-4037-A2ED-E2F1BF551388}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0E30B0B5-CBAD-4357-92E5-D513C7C7576C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7C2695A0-8C9B-437F-8E27-29F969AE79F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{010BA73D-0163-4CA0-AEEE-9B1EDF7376A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E0D3B6BE-9517-45A4-8D91-9BC3510A9095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD5C6A9F-A570-410E-89A4-B144B6C2B9C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{642EF558-4E2E-4A81-A3E3-989C1242AB69}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [UDP Query User{4FBAE129-654C-469E-B31D-5F2B1808F654}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [TCP Query User{0872E1DA-B38E-4E70-A3E7-5D1738A0CB69}C:\program files (x86)\icq7.7\icq.exe] => (Allow) C:\program files (x86)\icq7.7\icq.exe
FirewallRules: [UDP Query User{E0B07BF2-E711-4749-B20B-C3E521B8D32E}C:\program files (x86)\icq7.7\icq.exe] => (Allow) C:\program files (x86)\icq7.7\icq.exe
FirewallRules: [TCP Query User{418B447E-E4FB-4F5E-AB50-C8B64CB379EE}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [UDP Query User{6BB3BD3B-C72A-49EE-AFC0-30043AA8674D}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [{A393008D-2DA9-406A-A7D8-EB21188EEE0C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5D840A0B-404C-41C1-B4A2-000040A4CB3E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1A6DC258-F77B-46D4-BDCF-5486D44C1BDE}C:\games\dune-2000\dune 2000\dune2000.dat] => (Block) C:\games\dune-2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{5BF82198-ECA5-4A59-820C-594BB8C6D30A}C:\games\dune-2000\dune 2000\dune2000.dat] => (Block) C:\games\dune-2000\dune 2000\dune2000.dat
FirewallRules: [{0D494844-8D6E-4142-8282-592ACFB1C796}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A9A5BEF4-28D8-4D07-B35D-3F13FFA4F4E7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FA75B347-D548-44C1-8E16-DC6C9DFF2253}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{303EE573-6FC8-4B28-8B8D-A93A625C505E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8A079D9E-9E18-4231-9156-3B3257C8FF8D}C:\games\dune-2000\dune 2000\dune2000.dat] => (Block) C:\games\dune-2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{07D8685D-8BC0-47B5-B6E3-9C1DB91FBE19}C:\games\dune-2000\dune 2000\dune2000.dat] => (Block) C:\games\dune-2000\dune 2000\dune2000.dat
FirewallRules: [TCP Query User{559C282C-3770-4269-9C40-56C5ACB297DB}C:\program files (x86)\microchip\mplabx\v4.05\sys\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\microchip\mplabx\v4.05\sys\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{13FB9306-FE1C-4F50-B17F-D4FAAB8A2E73}C:\program files (x86)\microchip\mplabx\v4.05\sys\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\microchip\mplabx\v4.05\sys\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{4D31415A-9553-42D0-98D2-E56EA9F58A73}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{32F3EDAB-9BCE-4C13-A5C8-7E75187B1C1D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{760FAB95-A4D7-4979-8F9C-E6165AB252D1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2018 10:45 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109440
Bydliště: Plzeň
Teď spusťte tuto utilitu:

Citace:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2018 11:09 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-22-2018
# Duration: 00:00:03
# OS: Windows 7 Home Premium
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2018 12:00 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109440
Bydliště: Plzeň
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Citace:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Roman\AppData\Local\{A7299175-8381-FDCD-EE19-D825CA7124BD}
C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Roman\AppData\Local\Temp
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [0]

EmptyTemp:
Hosts:
End


Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2018 12:55 
Offline
Návštěvník
Návštěvník

Registrován: 08 lis 2014 17:07
Příspěvky: 81
FF: opět dlouhé neunosné načítání centrumu(domovská stránka) t>20s
FF: forum viry.cz(ze záložky) nebylo možné načíst napoprvé... a i druhé načtení bylo neunosně dlouhé t>20s
IE jsem ani neměl chut otevírat a zkoušet...

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by Roman (22-04-2018 13:38:17) Run:1
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Roman\AppData\Local\{A7299175-8381-FDCD-EE19-D825CA7124BD}
C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Roman\AppData\Local\Temp
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [0]

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
C:\Users\Roman\AppData\Local\{A7299175-8381-FDCD-EE19-D825CA7124BD} => moved successfully
C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Roman\AppData\Local\Temp" folder move:

Could not move "C:\Users\Roman\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => not found
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9998132 B
Java, Flash, Steam htmlcache => 1476 B
Windows/system/drivers => 61122302 B
Edge => 0 B
Chrome => 0 B
Firefox => 396287627 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Roman => 469487808 B

RecycleBin => 0 B
EmptyTemp: => 901.5 MB temporary data Removed.

================================


Nahoru
 Profil  
Odpovědět s citací  
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Odpovědět na téma  [ Příspěvků: 19 ]  Přejít na stránku 1, 2  Další

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?