Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#16 Příspěvek od Diallix »

Uplne odinstalujte Avast a vypnite windows defender.

Spustite horespomenuty program v rezime BruteFix. Po rebotoch sem napiste ci win. firewall ide spustit.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#17 Příspěvek od Citronidlo »

Avast je pryč, defender vypnout nešel, protože je nějak sám vypnutý...
A po brute fix je firewall stále nezapnutelný

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#18 Příspěvek od Diallix »

:arrow: Odinstalujte program: Spy Emergency

:arrow: V nudzovom rezime urobte tento krok:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

:arrow: Vlozte sem nove logy FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#19 Příspěvek od Citronidlo »

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by Citron (18-05-2021 08:32:50) Run:2
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully


The system needed a reboot.

==== End of Fixlog 08:32:50 ====

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#20 Příspěvek od Citronidlo »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (18-05-2021 08:35:51)
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\Vpn.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-05-17]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\avast software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4866784 2021-05-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2B300295-DE4C-47B6-B6FD-03EE330B5615} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {58FACA1B-BC3D-4432-B6FF-BB785DB4CA59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8584C000-3588-4148-9CAD-5CD73682A27F} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197792 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
Task: {9AEC25F4-BB8E-46C1-A660-01D6007B9A26} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-12] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-05-11] (Avast Software s.r.o. -> Avast Software)
Task: {B42F3BBD-C571-417E-BABE-D7DD11C15901} - System32\Tasks\{D70BC6AF-E0C4-43FD-9392-48BEFE22B3F0} => C:\windows\system32\pcalua.exe -a "C:\_Pal\Ovladače Notes\sp29371chipset.exe" -d "C:\_Pal\Ovladače Notes"
Task: {F170B2C4-376D-407F-B6E5-71A499EAB227} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {F7757E53-CAFB-49AF-803E-F2D9FFAE8564} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134768 2021-04-01] (HP Inc. -> HP Inc.)
Task: {FC23D22B-E49D-4AD5-B7E4-6E494402D412} - System32\Tasks\{3E67189C-563E-4F22-89C5-3FC762CA5FEC} => C:\windows\system32\pcalua.exe -a "C:\Users\Citron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8IN1IJU\sp52145.exe" -d C:\Users\Citron\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1536627339-1155438233-2228032490-1001] => localhost:8080
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{41F90C00-B694-4E96-9986-9C9F35FDC892}: [NameServer] 100.120.228.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1

FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 [2021-05-18]
FF Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-05-13]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 [2021-05-18]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-02-01]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-05-18]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://www.google.com/firefox?client=firefox-a ... S:official
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\h00in30b.default-release-2 [2021-05-18]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [403576 2021-04-01] (HP Inc. -> HP Inc.)
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [8615648 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-18 01:07 - 2021-05-18 01:07 - 000003268 _____ C:\windows\system32\Tasks\{3E67189C-563E-4F22-89C5-3FC762CA5FEC}
2021-05-18 01:06 - 2021-05-18 01:06 - 000000000 ____D C:\Intel
2021-05-18 00:56 - 2021-05-18 00:56 - 000003142 _____ C:\windows\system32\Tasks\{D70BC6AF-E0C4-43FD-9392-48BEFE22B3F0}
2021-05-18 00:41 - 2021-05-18 00:41 - 000000000 ____D C:\Program Files (x86)\GCC4243N_fw
2021-05-18 00:16 - 2021-05-18 00:16 - 000000000 ____D C:\Users\Citron\Downloads\HP Downloads
2021-05-18 00:15 - 2021-05-18 00:15 - 000000000 ____D C:\Users\Citron\AppData\Local\HP
2021-05-17 23:41 - 2021-05-18 00:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-17 23:03 - 2021-05-17 23:03 - 000000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-17 21:26 - 2021-05-18 08:31 - 000459766 _____ C:\windows\ntbtlog.txt
2021-05-17 20:47 - 2021-05-17 20:48 - 000262144 _____ C:\windows\Minidump\051721-25038-01.dmp
2021-05-17 20:47 - 2021-05-17 20:47 - 694772181 _____ C:\windows\MEMORY.DMP
2021-05-17 20:34 - 2021-05-17 20:34 - 002091008 _____ (www.viry.cz) C:\WindowsFirewallFix.exe
2021-05-17 20:22 - 2021-05-18 08:37 - 000014736 _____ C:\Users\Citron\Desktop\FRST.txt
2021-05-17 20:21 - 2021-05-17 20:21 - 000000000 ___HD C:\$AV_ASW
2021-05-17 19:36 - 2021-05-18 08:32 - 000001575 _____ C:\Users\Citron\Desktop\Fixlog.txt
2021-05-17 16:16 - 2021-05-18 08:36 - 000000000 ____D C:\FRST
2021-05-15 23:59 - 2021-05-18 00:25 - 000299912 _____ C:\windows\system32\FNTCACHE.DAT
2021-05-11 18:53 - 2021-05-11 18:55 - 000000000 ____D C:\AdwCleaner
2021-05-10 22:11 - 2021-05-10 22:11 - 000001879 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-04-21 15:48 - 2021-05-18 08:33 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-18 08:35 - 2013-09-20 18:44 - 000000000 ____D C:\Program Files\CCleaner
2021-05-18 08:34 - 2014-12-22 11:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-18 08:33 - 2012-07-11 17:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-05-18 08:33 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-18 07:36 - 2012-07-15 15:18 - 000000000 ____D C:\Users\Citron\AppData\Local\CrashDumps
2021-05-18 07:10 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-18 07:10 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-18 01:06 - 2011-02-02 21:56 - 000000000 ____D C:\swsetup
2021-05-18 00:57 - 2011-05-10 21:58 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-18 00:57 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2021-05-18 00:15 - 2011-05-10 21:35 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-05-18 00:14 - 2012-07-11 16:24 - 000065280 _____ C:\Users\Citron\AppData\Local\GDIPFONTCACHEV1.DAT
2021-05-18 00:13 - 2011-05-10 21:36 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-05-18 00:08 - 2012-07-11 16:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-17 23:50 - 2012-07-11 16:19 - 000000000 ____D C:\Users\Citron
2021-05-17 23:48 - 2012-07-11 17:28 - 000000000 ____D C:\Users\Citron\Desktop\Debordelizátory
2021-05-17 23:42 - 2016-11-18 13:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-05-17 23:41 - 2011-05-10 22:12 - 000669116 _____ C:\windows\system32\perfh005.dat
2021-05-17 23:41 - 2011-05-10 22:12 - 000141744 _____ C:\windows\system32\perfc005.dat
2021-05-17 23:41 - 2009-07-14 07:13 - 001584554 _____ C:\windows\system32\PerfStringBackup.INI
2021-05-17 23:37 - 2009-07-14 04:34 - 000000439 _____ C:\windows\win.ini
2021-05-17 23:03 - 2020-06-29 15:50 - 000000930 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-05-17 23:03 - 2020-06-29 15:50 - 000000930 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-05-17 23:03 - 2012-07-11 16:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-17 22:11 - 2017-12-06 16:42 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-17 22:11 - 2015-05-26 15:36 - 000000000 ____D C:\Program Files\avast software
2021-05-17 22:11 - 2014-12-22 11:09 - 000000000 ____D C:\Users\Citron\AppData\Roaming\AVAST Software
2021-05-17 22:09 - 2015-12-03 16:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-05-17 21:33 - 2009-07-14 07:08 - 000032574 _____ C:\windows\Tasks\SCHEDLGU.TXT
2021-05-17 20:53 - 2018-04-24 14:33 - 000004128 _____ C:\windows\system32\Tasks\CCleaner Update
2021-05-17 20:47 - 2014-08-31 22:17 - 000000000 ____D C:\windows\Minidump
2021-05-17 20:38 - 2009-07-27 16:26 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-05-17 20:20 - 2021-03-18 18:14 - 002299392 _____ (Farbar) C:\Users\Citron\Desktop\FRST64.exe
2021-05-16 19:30 - 2019-05-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-15 23:43 - 2018-05-30 07:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-05-15 23:16 - 2012-07-11 17:02 - 000000000 ____D C:\Programy
2021-05-15 17:46 - 2012-07-11 16:55 - 000000000 ____D C:\_Pal
2021-05-14 19:48 - 2018-04-26 15:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-05-07 07:19 - 2012-07-11 17:02 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Winamp
2021-05-02 14:54 - 2012-07-11 16:55 - 000000000 ____D C:\Fotky

==================== Files in the root of some directories ========

2012-07-11 16:33 - 2020-11-05 23:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 13:23 - 2020-06-29 15:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-05-16 10:49
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by Citron (18-05-2021 08:37:36)
Running from C:\Users\Citron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.11.5523.2244 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{08AF9DA8-B53F-4B31-835D-6EAAD99AC5B9}) (Version: 12.19.53.13 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-05-23 20:20 - 2010-05-23 20:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2011-02-07 20:43 - 2011-02-07 20:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2011-07-28 20:20 - 2011-07-28 20:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 12:56 - 2010-12-12 12:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001 -> DefaultScope {7B58ABB8-CB62-4BE2-B08A-26AFF8B4EB0F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001 -> {7B58ABB8-CB62-4BE2-B08A-26AFF8B4EB0F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-17 23:26 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-05-2021 16:14:43 Naplánovaný kontrolní bod
18-05-2021 00:14:05 Installed HP Support Solutions Framework
18-05-2021 00:30:57 Installed HP Support Solutions Framework

==================== Faulty Device Manager Devices ============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/18/2021 08:34:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: hpCMSrv.exe, verze: 4.1.10.1, časové razítko: 0x4d9b3ec3
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94abb
Kód výjimky: 0xe06d7363
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x64c
Čas spuštění chybující aplikace: 0x01d74bafb5f977e4
Cesta k chybující aplikaci: c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
Cesta k chybujícímu modulu: C:\windows\syswow64\KERNELBASE.dll
ID zprávy: 0fcb6822-b7a3-11eb-b57a-e4115b2d1f2a

Error: (05/18/2021 08:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: hpCMSrv.exe, verze: 4.1.10.1, časové razítko: 0x4d9b3ec3
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94abb
Kód výjimky: 0xe06d7363
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x65c
Čas spuštění chybující aplikace: 0x01d74baf32f25107
Cesta k chybující aplikaci: c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
Cesta k chybujícímu modulu: C:\windows\syswow64\KERNELBASE.dll
ID zprávy: 8ccb6566-b7a2-11eb-a181-e4115b2d1f2a

Error: (05/18/2021 07:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.18838, časové razítko: 0x59e1a862
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a16
Kód výjimky: 0xc0000374
Posun chyby: 0x000ce85b
ID chybujícího procesu: 0xce4
Čas spuštění chybující aplikace: 0x01d74ba7955a1162
Cesta k chybující aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Cesta k chybujícímu modulu: C:\windows\SysWOW64\ntdll.dll
ID zprávy: 07f11572-b79b-11eb-a8d3-e4115b2d1f2a

Error: (05/18/2021 07:35:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.18838, časové razítko: 0x59e1a862
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0xeeecbdf0
ID chybujícího procesu: 0x76c
Čas spuštění chybující aplikace: 0x01d74ba6167c71f7
Cesta k chybující aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: d1208696-b79a-11eb-a8d3-e4115b2d1f2a

Error: (05/18/2021 07:20:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.18838, časové razítko: 0x59e1a862
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x35356c36
ID chybujícího procesu: 0xfc
Čas spuštění chybující aplikace: 0x01d74ba4e4af4110
Cesta k chybující aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: b3e76b26-b798-11eb-a8d3-e4115b2d1f2a

Error: (05/18/2021 07:01:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: hpCMSrv.exe, verze: 4.1.10.1, časové razítko: 0x4d9b3ec3
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94abb
Kód výjimky: 0xe06d7363
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x66c
Čas spuštění chybující aplikace: 0x01d74ba2bb978fb5
Cesta k chybující aplikaci: c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
Cesta k chybujícímu modulu: C:\windows\syswow64\KERNELBASE.dll
ID zprávy: 17e9d21d-b796-11eb-a8d3-e4115b2d1f2a

Error: (05/17/2021 11:36:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 11:36:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (05/18/2021 08:34:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Connection Manager 4 Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/18/2021 08:34:17 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80070420. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.

Error: (05/18/2021 08:33:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Defender byla ukončena s následující chybou:
Uvedený modul nebyl nalezen.

Error: (05/18/2021 08:33:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spy Emergency Health Check neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/18/2021 08:33:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Mozilla Maintenance Service byla ukončena s následující chybou:
Nesprávná funkce.

Error: (05/18/2021 08:33:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Brána Windows Firewall závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/18/2021 08:33:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/18/2021 08:31:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{9E175B6D-F52A-11D8-B9A5-505054503030}


Windows Defender:
================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 4030.36 MB
Available physical RAM: 1312.88 MB
Total Virtual: 8058.9 MB
Available Virtual: 5236.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.39 GB) (Free:601.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#21 Příspěvek od Diallix »

Ok, ide vam spustit win.defenger? pri spusteni v okne zvolte tlacitko "aktualizovat"
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#22 Příspěvek od Citronidlo »

Bohužel, nepodařilo se spustit, prý vypršel časový limit a nahlásilo to chybu..
Stejně tak nejde spustit Firefox.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#23 Příspěvek od Diallix »

Spustite konzolu ako spravca -> Do vyhladavania napiste "cmd" -> opravym klik ->spustit ako spravca.

Do okna skopirujte prikaz dole:
sfc/scannow
Restartujte pocitac a skuste znovu spustit win. defenger.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#24 Příspěvek od Citronidlo »

Provedeno, Defender stále neraguje.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#25 Příspěvek od Diallix »

Dobre.

Pred tym ako tento problem budeme do hlbky riesit,prosim, urobte sken stymto programom: https://forum.viry.cz/viewtopic.php?f=24&t=155685

Vylucime infikovane zavedene moduly
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#26 Příspěvek od Citronidlo »

Koukám, že je to horší stav, než jsem si myslel, doufal jsem jen v malou chybku...
Scan níže.


.
.
----------- Inline Hook Scanner --------[3.9]---
Written by Diallix (C)
www.diallix.net
------------------------------------------------
.
.
...[Time/Date]: 14:15/18.4 2021
...[Running as Admin.]: Yes
.
.
=== Running Executable objects and their loaded modules ===


C:\Programy\Rainlendar2\Rainlendar2.exe
C:\Programy\Rainlendar2\libcurl.dll
C:\Programy\Rainlendar2\LIBEAY32.dll
C:\Programy\Rainlendar2\MSVCR100.dll
C:\Programy\Rainlendar2\SSLEAY32.dll
C:\Programy\Rainlendar2\lua51.dll
C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.dll
C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
C:\Programy\Rainlendar2\lfs.dll

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\AppPatch\AcGenral.DLL
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Program Files (x86)\internet explorer\ieproxy.dll
C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\windows\system32\IEUI.dll
C:\windows\system32\atiuxpag.dll
C:\Windows\SysWOW64\ieapfltr.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
C:\windows\system32\MSHTMLMedia.dll
C:\windows\system32\atiu9pag.dll
C:\windows\System32\UIAnimation.dll
C:\windows\SysWOW64\wdigest.dll
C:\Windows\SysWOW64\msmpeg2adec.dll
C:\Windows\SysWOW64\slc.dll
C:\Windows\SysWOW64\colorcnv.dll
C:\Windows\SysWOW64\EVR.dll
C:\windows\system32\api-ms-win-core-synch-l1-2-0.DLL

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\AppPatch\AcGenral.DLL
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Program Files (x86)\internet explorer\ieproxy.dll
C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\windows\system32\atiuxpag.dll
C:\windows\system32\IEUI.dll
C:\Windows\SysWOW64\ieapfltr.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
C:\windows\system32\T2EMBED.DLL
C:\windows\System32\UIAnimation.dll
C:\windows\system32\aticfx32.dll
C:\windows\system32\igd10umd32.dll
C:\windows\system32\atidxx32.dll
C:\Windows\SysWOW64\vbscript.dll
C:\windows\system32\MSRATING.dll

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\windows\AppPatch\AcGenral.DLL
C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Program Files (x86)\internet explorer\ieproxy.dll
C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\windows\system32\atiuxpag.dll
C:\windows\system32\IEUI.dll
C:\Windows\SysWOW64\ieapfltr.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\windows\system32\T2EMBED.DLL
C:\windows\System32\UIAnimation.dll

C:\Users\Citron\Desktop\inlinehookscanner.exe
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\22478b54e1cc995a45aafd8e6482de96\mscorlib.ni.dll
C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
.
.
[Total scanned objects]: 432.
.
.
[EOF]

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#27 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte:
@echo off

if exist %ProgramFiles(x86)%\Windows Defender\mpsvc.dll (
echo. File Exists
) else (echo. File Not Exists)
@pause
Subor ulozte ako "vsetky subory" a pomenujte ho na script.cmd . Nasledne ho spustite a napiste sem co vam vypise na obrazovku.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#28 Příspěvek od Citronidlo »

File Exist
pokračute stisknutím...

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#29 Příspěvek od Diallix »

:arrow: Vyhladajte najnovsie aktualizacie windowsu, tie stiahnite.

:arrow: Po tom chodte do nudzoveho rezimu a znovu aplikujte tento postup:
Spustite konzolu ako spravca -> Do vyhladavania napiste "cmd" -> opravym klik ->spustit ako spravca.

Do okna skopirujte prikaz dole:
sfc/scannow
Restartujte pocitac a skuste znovu spustit win. defenger.
:arrow: Resetujte pocitac a skuste spustit defenger manualne. Napiste sem co vam program zahlasi.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#30 Příspěvek od Citronidlo »

Mám jít přes Windows update v Ovládacích panelech?

Zamčeno