Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Prosím o kontrolu logu

#1 Příspěvek od Citronidlo »

PC jde relativně dobře, ale poslední dobou problémy se startem firewallu Avast a antiviru jako takového. Viry nenalezeny (avast), malware také ne, Adw Cleaner nic nenašel.

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [118496 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-05-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\avast software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C603DF9-05A8-4AD4-BE41-5AE7B461FD3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4699872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4866784 2021-05-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2B300295-DE4C-47B6-B6FD-03EE330B5615} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {347F0D5F-D21C-4D9F-ABAF-3D49D2EE52B4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {3B25F035-EAF6-4AAB-9C87-7700703FF7B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-15] (Avast Software s.r.o. -> Avast Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AEC25F4-BB8E-46C1-A660-01D6007B9A26} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-12] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-05-11] (Avast Software s.r.o. -> Avast Software)
Task: {CE8D697F-1B52-41A0-B731-13995F876671} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197792 2021-05-11] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1536627339-1155438233-2228032490-1001] => localhost:8080
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{D4360F23-D04C-4BB7-B907-CF8D32829D23}: [NameServer] 100.120.220.1

FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 [2021-05-17]
FF Homepage: Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 -> about:blank
FF Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-05-13]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 [2021-05-15]
FF Homepage: Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 -> about:blank
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-02-01]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-05-15]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://www.google.com/firefox?client=firefox-a ... S:official
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1281760 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [356064 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-12] (Avast Software s.r.o. -> AVAST Software)
S4 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
S4 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S4 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S4 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [8615648 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S4 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation -> Xobni Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [212192 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [365024 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [250336 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99288 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41296 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [180448 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522896 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2021-05-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [107792 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [850632 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467720 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215352 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326992 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 JMCR; system32\DRIVERS\jmcr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 16:17 - 2021-05-17 16:18 - 000018104 _____ C:\Users\Citron\Desktop\FRST.txt
2021-05-17 16:17 - 2021-05-17 16:17 - 000000000 ____D C:\Users\Citron\Desktop\FRST-OlderVersion
2021-05-17 16:16 - 2021-05-17 16:17 - 000000000 ____D C:\FRST
2021-05-15 23:59 - 2021-05-15 23:59 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2021-05-15 23:45 - 2021-05-15 23:34 - 000339680 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2021-05-15 23:37 - 2021-05-16 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2021-05-15 23:34 - 2021-05-16 08:39 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-05-15 23:34 - 2021-05-15 23:34 - 000850632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000522896 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000467720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000365024 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000326992 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000250336 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000215352 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000212192 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000180448 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000099288 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000082872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000041296 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2021-05-11 18:53 - 2021-05-11 18:55 - 000000000 ____D C:\AdwCleaner
2021-05-10 22:11 - 2021-05-10 22:11 - 000001879 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-05-06 21:54 - 2021-05-06 21:54 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-04-21 15:48 - 2021-05-17 16:13 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 16:17 - 2021-03-18 18:14 - 002299392 _____ (Farbar) C:\Users\Citron\Desktop\FRST64.exe
2021-05-17 16:16 - 2016-11-18 13:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-05-17 16:16 - 2012-07-11 16:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-17 16:11 - 2013-09-20 18:44 - 000000000 ____D C:\Program Files\CCleaner
2021-05-17 16:10 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-17 16:10 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-17 15:58 - 2014-12-22 11:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-17 15:58 - 2012-07-11 17:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-05-17 15:56 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-16 19:30 - 2019-05-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-16 09:52 - 2020-06-29 15:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-05-15 23:43 - 2018-05-30 07:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-05-15 23:37 - 2014-12-22 11:09 - 000000000 ____D C:\Users\Citron\AppData\Roaming\AVAST Software
2021-05-15 23:34 - 2017-12-06 16:42 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-15 23:34 - 2015-12-03 16:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-05-15 23:34 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2021-05-15 23:20 - 2018-04-24 14:33 - 000004128 _____ C:\windows\system32\Tasks\CCleaner Update
2021-05-15 23:16 - 2012-07-11 17:02 - 000000000 ____D C:\Programy
2021-05-15 17:46 - 2012-07-11 16:55 - 000000000 ____D C:\_Pal
2021-05-14 19:48 - 2018-04-26 15:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-05-07 07:19 - 2012-07-11 17:02 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Winamp
2021-05-07 07:03 - 2021-02-02 09:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-07 07:03 - 2012-07-11 16:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-02 14:54 - 2012-07-11 16:55 - 000000000 ____D C:\Fotky

==================== Files in the root of some directories ========

2012-07-11 16:33 - 2020-11-05 23:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 13:23 - 2020-06-29 15:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-05-16 10:49
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Citron (17-05-2021 16:19:12)
Running from C:\Users\Citron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.11.5523.2244 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-29 15:51 - 2007-11-02 16:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 15:51 - 2007-11-02 16:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 15:51 - 2007-09-04 15:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2020-06-29 15:51 - 2011-08-15 18:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2011-02-07 20:43 - 2011-02-07 20:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2011-07-28 20:20 - 2011-07-28 20:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 12:56 - 2010-12-12 12:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [105]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-15 23:15 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 100.120.220.1 - 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bluetooth Device Manager => 3
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: FLCDLOCK => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Power Assistant Service => 2
MSCONFIG\Services: HP ProtectTools Service => 3
MSCONFIG\Services: HPFSService => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: McAfee Endpoint Encryption Agent => 3
MSCONFIG\Services: uArcCapture => 2
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFE78C0F-A8D4-4891-95B5-64FF6E45F2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56BD7C38-2B1C-4E88-A002-7E5FFD8CB975}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F4A647FE-6DB4-4C76-8C9E-996FD659191F}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E8735C39-2A5E-4B92-9353-076C65203934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A8BBF25-841F-4DAD-871C-D650D654D485}] => (Allow) C:\Programy\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{B45139AA-B604-4E88-AD7C-D39E53F3D9EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{59AE5393-1AA5-41EE-838A-14166FCE6F26}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{91EEFF27-64DA-4337-81FA-A304ABC14D6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B4365BE-7BA5-411D-B6BA-F83229ABBFE2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

10-05-2021 16:14:43 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (05/17/2021 03:57:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/17/2021 03:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast SecureLine VPN neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/17/2021 03:57:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Avast SecureLine VPN bylo dosaženo časového limitu (30000 ms).

Error: (05/16/2021 08:37:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/16/2021 12:00:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.


Windows Defender:
================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 76%
Total physical RAM: 4030.36 MB
Available physical RAM: 964.7 MB
Total Virtual: 8058.9 MB
Available Virtual: 4777.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.39 GB) (Free:600.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#2 Příspěvek od Diallix »

Dobry den.

Log FRST nie je cely - chyba hlavicka a uvod. Dajte ho tu, prosim, este raz.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#3 Příspěvek od Citronidlo »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Citron (17-05-2021 19:02:42)
Running from C:\Users\Citron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.11.5523.2244 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-29 15:51 - 2007-11-02 16:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 15:51 - 2007-11-02 16:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 15:51 - 2007-09-04 15:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2020-06-29 15:51 - 2011-08-15 18:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2011-02-07 20:43 - 2011-02-07 20:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2011-07-28 20:20 - 2011-07-28 20:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 12:56 - 2010-12-12 12:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [105]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-15 23:15 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 100.120.220.1 - 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bluetooth Device Manager => 3
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: FLCDLOCK => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Power Assistant Service => 2
MSCONFIG\Services: HP ProtectTools Service => 3
MSCONFIG\Services: HPFSService => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: McAfee Endpoint Encryption Agent => 3
MSCONFIG\Services: uArcCapture => 2
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFE78C0F-A8D4-4891-95B5-64FF6E45F2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56BD7C38-2B1C-4E88-A002-7E5FFD8CB975}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F4A647FE-6DB4-4C76-8C9E-996FD659191F}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E8735C39-2A5E-4B92-9353-076C65203934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A8BBF25-841F-4DAD-871C-D650D654D485}] => (Allow) C:\Programy\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{B45139AA-B604-4E88-AD7C-D39E53F3D9EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{59AE5393-1AA5-41EE-838A-14166FCE6F26}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{91EEFF27-64DA-4337-81FA-A304ABC14D6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B4365BE-7BA5-411D-B6BA-F83229ABBFE2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

10-05-2021 16:14:43 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (05/17/2021 03:57:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/17/2021 03:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast SecureLine VPN neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/17/2021 03:57:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Avast SecureLine VPN bylo dosaženo časového limitu (30000 ms).

Error: (05/16/2021 08:37:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/16/2021 12:00:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.


Windows Defender:
================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 4030.36 MB
Available physical RAM: 1037.63 MB
Total Virtual: 8058.9 MB
Available Virtual: 4730.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.39 GB) (Free:600.38 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#4 Příspěvek od Diallix »

Dal ste tu addtional. Vlozte sem, prosim, FRST log.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#5 Příspěvek od Citronidlo »

omlouvám se, asni nemám dobrý den...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (17-05-2021 19:01:14)
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\Vpn.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> The OpenVPN Project) C:\Program Files\avast software\SecureLine VPN\OpenVPN\openvpn.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [118496 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-05-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\avast software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C603DF9-05A8-4AD4-BE41-5AE7B461FD3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4699872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4866784 2021-05-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2B300295-DE4C-47B6-B6FD-03EE330B5615} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {347F0D5F-D21C-4D9F-ABAF-3D49D2EE52B4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {3B25F035-EAF6-4AAB-9C87-7700703FF7B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-15] (Avast Software s.r.o. -> Avast Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AEC25F4-BB8E-46C1-A660-01D6007B9A26} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-12] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-05-11] (Avast Software s.r.o. -> Avast Software)
Task: {CE8D697F-1B52-41A0-B731-13995F876671} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197792 2021-05-11] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1536627339-1155438233-2228032490-1001] => localhost:8080
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{D4360F23-D04C-4BB7-B907-CF8D32829D23}: [NameServer] 100.120.220.1

FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 [2021-05-17]
FF Homepage: Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 -> about:blank
FF Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-05-13]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 [2021-05-15]
FF Homepage: Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 -> about:blank
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-02-01]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-05-15]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://www.google.com/firefox?client=firefox-a ... S:official
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1281760 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [356064 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12414176 2021-03-12] (Avast Software s.r.o. -> AVAST Software)
S4 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
S4 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S4 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S4 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [8615648 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S4 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation -> Xobni Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [212192 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [365024 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [250336 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99288 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41296 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [180448 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522896 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2021-05-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [107792 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [850632 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467720 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215352 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326992 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 JMCR; system32\DRIVERS\jmcr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 16:19 - 2021-05-17 16:21 - 000036549 _____ C:\Users\Citron\Desktop\Addition.txt
2021-05-17 16:17 - 2021-05-17 19:02 - 000020612 _____ C:\Users\Citron\Desktop\FRST.txt
2021-05-17 16:17 - 2021-05-17 16:17 - 000000000 ____D C:\Users\Citron\Desktop\FRST-OlderVersion
2021-05-17 16:16 - 2021-05-17 19:01 - 000000000 ____D C:\FRST
2021-05-15 23:59 - 2021-05-15 23:59 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2021-05-15 23:45 - 2021-05-15 23:34 - 000339680 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2021-05-15 23:37 - 2021-05-16 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2021-05-15 23:34 - 2021-05-16 08:39 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-05-15 23:34 - 2021-05-15 23:34 - 000850632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000522896 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000467720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000365024 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000326992 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000250336 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000215352 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000212192 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000180448 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000099288 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000082872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000041296 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2021-05-11 18:53 - 2021-05-11 18:55 - 000000000 ____D C:\AdwCleaner
2021-05-10 22:11 - 2021-05-10 22:11 - 000001879 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-05-06 21:54 - 2021-05-06 21:54 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-04-21 15:48 - 2021-05-17 16:13 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 19:00 - 2016-11-18 13:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-05-17 19:00 - 2012-07-11 16:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-17 16:17 - 2021-03-18 18:14 - 002299392 _____ (Farbar) C:\Users\Citron\Desktop\FRST64.exe
2021-05-17 16:11 - 2013-09-20 18:44 - 000000000 ____D C:\Program Files\CCleaner
2021-05-17 16:10 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-17 16:10 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-17 15:58 - 2014-12-22 11:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-17 15:58 - 2012-07-11 17:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-05-17 15:56 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-16 19:30 - 2019-05-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-16 09:52 - 2020-06-29 15:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-05-15 23:43 - 2018-05-30 07:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-05-15 23:37 - 2014-12-22 11:09 - 000000000 ____D C:\Users\Citron\AppData\Roaming\AVAST Software
2021-05-15 23:34 - 2017-12-06 16:42 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-15 23:34 - 2015-12-03 16:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-05-15 23:34 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2021-05-15 23:20 - 2018-04-24 14:33 - 000004128 _____ C:\windows\system32\Tasks\CCleaner Update
2021-05-15 23:16 - 2012-07-11 17:02 - 000000000 ____D C:\Programy
2021-05-15 17:46 - 2012-07-11 16:55 - 000000000 ____D C:\_Pal
2021-05-14 19:48 - 2018-04-26 15:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-05-07 07:19 - 2012-07-11 17:02 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Winamp
2021-05-07 07:03 - 2021-02-02 09:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-07 07:03 - 2012-07-11 16:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-02 14:54 - 2012-07-11 16:55 - 000000000 ____D C:\Fotky

==================== Files in the root of some directories ========

2012-07-11 16:33 - 2020-11-05 23:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 13:23 - 2020-06-29 15:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-05-16 10:49
==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
FF Homepage: Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 -> about:blank
FF Homepage: Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 -> about:blank
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [105]
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bluetooth Device Manager => 3
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: FLCDLOCK => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Power Assistant Service => 2
MSCONFIG\Services: HP ProtectTools Service => 3
MSCONFIG\Services: HPFSService => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: McAfee Endpoint Encryption Agent => 3
MSCONFIG\Services: uArcCapture => 2
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#7 Příspěvek od Citronidlo »

Provedeno, restart proběhl, Avast naběhne jak má, VPN také. Ale nenahodím Firefox, musím sem z Exploreru. Pokud to spraví přeinstalování, tak je to v pohodě:)

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Citron (17-05-2021 19:36:44) Run:1
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
FF Homepage: Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 -> about:blank
FF Homepage: Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 -> about:blank
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [105]
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bluetooth Device Manager => 3
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: FLCDLOCK => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Power Assistant Service => 2
MSCONFIG\Services: HP ProtectTools Service => 3
MSCONFIG\Services: HPFSService => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: McAfee Endpoint Encryption Agent => 3
MSCONFIG\Services: uArcCapture => 2
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

EmptyTemp:

*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B651EBD-A992-4C4B-942D-792024AD09E7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B651EBD-A992-4C4B-942D-792024AD09E7}" => removed successfully
C:\windows\System32\Tasks\RMSmartUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMSmartUpdate" => removed successfully
"Firefox homepage" => removed successfully
"Firefox homepage" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\System\CurrentControlSet\Services\JMCR => removed successfully
JMCR => service removed successfully
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility => removed successfully
HKLM\System\CurrentControlSet\Services\AMD External Events Utility => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avast! Tools => removed successfully
HKLM\System\CurrentControlSet\Services\avast! Tools => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bluetooth Device Manager => removed successfully
HKLM\System\CurrentControlSet\Services\Bluetooth Device Manager => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bluetooth Media Service => removed successfully
HKLM\System\CurrentControlSet\Services\Bluetooth Media Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bluetooth OBEX Service => removed successfully
HKLM\System\CurrentControlSet\Services\Bluetooth OBEX Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CleanupPSvc => removed successfully
HKLM\System\CurrentControlSet\Services\CleanupPSvc => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DpHost => removed successfully
HKLM\System\CurrentControlSet\Services\DpHost => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLCDLOCK => removed successfully
HKLM\System\CurrentControlSet\Services\FLCDLOCK => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service => removed successfully
HKLM\System\CurrentControlSet\Services\FLEXnet Licensing Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service 64 => removed successfully
HKLM\System\CurrentControlSet\Services\FLEXnet Licensing Service 64 => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate => removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem => removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Power Assistant Service => removed successfully
HKLM\System\CurrentControlSet\Services\HP Power Assistant Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP ProtectTools Service => removed successfully
HKLM\System\CurrentControlSet\Services\HP ProtectTools Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPFSService => removed successfully
HKLM\System\CurrentControlSet\Services\HPFSService => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex => removed successfully
HKLM\System\CurrentControlSet\Services\hpqwmiex => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpsrv => removed successfully
HKLM\System\CurrentControlSet\Services\hpsrv => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service => removed successfully
HKLM\System\CurrentControlSet\Services\jhi_service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAfee Endpoint Encryption Agent => removed successfully
HKLM\System\CurrentControlSet\Services\McAfee Endpoint Encryption Agent => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\uArcCapture => removed successfully
HKLM\System\CurrentControlSet\Services\uArcCapture => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\XobniService => removed successfully
HKLM\System\CurrentControlSet\Services\XobniService => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Smart Cleaning => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DTRun => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\File Sanitizer => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPConnectionManager => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPPowerAssistant => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPQuickWebProxy => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MfeEpePcMonitor => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OM2_Monitor => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9473499 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 25613 B
Edge => 0 B
Firefox => 1097045441 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Citron => 418687 B

RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End 3 Fixlog 19:47:34 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#8 Příspěvek od Diallix »

Poprosim o nove logy FRST + Addition
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#9 Příspěvek od Citronidlo »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (17-05-2021 20:22:31)
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\Vpn.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> The OpenVPN Project) C:\Program Files\avast software\SecureLine VPN\OpenVPN\openvpn.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [118496 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-05-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\avast software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C603DF9-05A8-4AD4-BE41-5AE7B461FD3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4699872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4866784 2021-05-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2ADC00AC-7A8A-47D8-A207-DBD3F5534412} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197792 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
Task: {2B300295-DE4C-47B6-B6FD-03EE330B5615} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {347F0D5F-D21C-4D9F-ABAF-3D49D2EE52B4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {3B25F035-EAF6-4AAB-9C87-7700703FF7B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-15] (Avast Software s.r.o. -> Avast Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AEC25F4-BB8E-46C1-A660-01D6007B9A26} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-12] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-05-11] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1536627339-1155438233-2228032490-1001] => localhost:8080
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{D4360F23-D04C-4BB7-B907-CF8D32829D23}: [NameServer] 100.120.248.1

FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 [2021-05-17]
FF Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-05-13]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 [2021-05-17]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-02-01]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-05-17]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://www.google.com/firefox?client=firefox-a ... S:official
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1281760 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [8615648 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [212192 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [365024 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [250336 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99288 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41296 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [180448 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522896 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2021-05-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [107792 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [850632 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467720 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215352 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326992 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 20:22 - 2021-05-17 20:23 - 000018073 _____ C:\Users\Citron\Desktop\FRST.txt
2021-05-17 20:21 - 2021-05-17 20:21 - 000000000 ___HD C:\$AV_ASW
2021-05-17 19:36 - 2021-05-17 19:47 - 000010757 _____ C:\Users\Citron\Desktop\Fixlog.txt
2021-05-17 16:17 - 2021-05-17 20:22 - 000000000 ____D C:\Users\Citron\Desktop\FRST-OlderVersion
2021-05-17 16:16 - 2021-05-17 20:22 - 000000000 ____D C:\FRST
2021-05-15 23:59 - 2021-05-15 23:59 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2021-05-15 23:45 - 2021-05-15 23:34 - 000339680 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2021-05-15 23:37 - 2021-05-16 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2021-05-15 23:34 - 2021-05-17 19:56 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-05-15 23:34 - 2021-05-15 23:34 - 000850632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000522896 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000467720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000365024 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000326992 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000250336 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000215352 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000212192 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000180448 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000099288 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000082872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000041296 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2021-05-11 18:53 - 2021-05-11 18:55 - 000000000 ____D C:\AdwCleaner
2021-05-10 22:11 - 2021-05-10 22:11 - 000001879 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-05-06 21:54 - 2021-05-06 21:54 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-04-21 15:48 - 2021-05-17 20:03 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 20:20 - 2021-03-18 18:14 - 002299392 _____ (Farbar) C:\Users\Citron\Desktop\FRST64.exe
2021-05-17 20:11 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-17 20:11 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-17 20:05 - 2013-09-20 18:44 - 000000000 ____D C:\Program Files\CCleaner
2021-05-17 20:03 - 2014-12-22 11:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-17 20:03 - 2012-07-11 17:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-05-17 20:02 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-17 19:36 - 2016-11-18 13:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-05-17 19:36 - 2012-07-11 16:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-16 19:30 - 2019-05-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-16 09:52 - 2020-06-29 15:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-05-15 23:43 - 2018-05-30 07:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-05-15 23:37 - 2014-12-22 11:09 - 000000000 ____D C:\Users\Citron\AppData\Roaming\AVAST Software
2021-05-15 23:34 - 2017-12-06 16:42 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-15 23:34 - 2015-12-03 16:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-05-15 23:34 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2021-05-15 23:20 - 2018-04-24 14:33 - 000004128 _____ C:\windows\system32\Tasks\CCleaner Update
2021-05-15 23:16 - 2012-07-11 17:02 - 000000000 ____D C:\Programy
2021-05-15 17:46 - 2012-07-11 16:55 - 000000000 ____D C:\_Pal
2021-05-14 19:48 - 2018-04-26 15:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-05-07 07:19 - 2012-07-11 17:02 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Winamp
2021-05-07 07:03 - 2021-02-02 09:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-07 07:03 - 2012-07-11 16:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-02 14:54 - 2012-07-11 16:55 - 000000000 ____D C:\Fotky

==================== Files in the root of some directories ========

2012-07-11 16:33 - 2020-11-05 23:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 13:23 - 2020-06-29 15:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-05-16 10:49
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by Citron (17-05-2021 20:23:48)
Running from C:\Users\Citron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.11.5523.2244 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-29 15:51 - 2007-11-02 16:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 15:51 - 2007-11-02 16:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 15:51 - 2007-09-04 15:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2011-03-28 21:40 - 2011-03-28 21:40 - 000838144 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2011-03-28 21:39 - 2011-03-28 21:39 - 000005120 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamcsy.dll
2020-06-29 15:51 - 2011-08-15 18:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2011-02-07 20:43 - 2011-02-07 20:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2011-07-28 20:20 - 2011-07-28 20:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 12:56 - 2010-12-12 12:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-15 23:15 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 100.120.248.1 - 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFE78C0F-A8D4-4891-95B5-64FF6E45F2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56BD7C38-2B1C-4E88-A002-7E5FFD8CB975}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F4A647FE-6DB4-4C76-8C9E-996FD659191F}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E8735C39-2A5E-4B92-9353-076C65203934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A8BBF25-841F-4DAD-871C-D650D654D485}] => (Allow) C:\Programy\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{B45139AA-B604-4E88-AD7C-D39E53F3D9EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{59AE5393-1AA5-41EE-838A-14166FCE6F26}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{91EEFF27-64DA-4337-81FA-A304ABC14D6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B4365BE-7BA5-411D-B6BA-F83229ABBFE2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

10-05-2021 16:14:43 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/17/2021 07:46:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\Citron\Desktop\FRST64.exe ; Popis = Restore Point Created by FRST; Chyba = 0x80042302).

Error: (05/17/2021 07:46:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007041d, Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
.

Error: (05/17/2021 07:46:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} a názvem Coordinator nelze spustit. [0x8007041d, Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
]


System errors:
=============
Error: (05/17/2021 08:17:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (05/17/2021 08:17:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (05/17/2021 08:03:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/17/2021 07:58:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/17/2021 07:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/17/2021 07:52:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/17/2021 07:52:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Search bylo dosaženo časového limitu (30000 ms).

Error: (05/17/2021 07:52:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Windows Defender:
================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 80%
Total physical RAM: 4030.36 MB
Available physical RAM: 804.04 MB
Total Virtual: 8058.9 MB
Available Virtual: 4752.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.39 GB) (Free:601.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#10 Příspěvek od Diallix »

Dobre.

Aplikujte tento nastroj podla navodu: https://forum.viry.cz/viewtopic.php?f=24&t=155684
Podla navodu zvolte typ opravy "Fix".

Po dokonceni sem vlozte nove logy FRST + Addition.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#11 Příspěvek od Citronidlo »

Nejede firewall Avastu, nemohu ani nastavit firewall Windows, píše to chybu. Abych mohl na net, musím vypnout štíty a zase je zapnout. Byl tu i pád IE do BSOD.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (17-05-2021 20:59:52)
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\Vpn.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [118496 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-05-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\avast software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C603DF9-05A8-4AD4-BE41-5AE7B461FD3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4699872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4866784 2021-05-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2B300295-DE4C-47B6-B6FD-03EE330B5615} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {347F0D5F-D21C-4D9F-ABAF-3D49D2EE52B4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {3B25F035-EAF6-4AAB-9C87-7700703FF7B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-15] (Avast Software s.r.o. -> Avast Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AEC25F4-BB8E-46C1-A660-01D6007B9A26} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-12] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-05-11] (Avast Software s.r.o. -> Avast Software)
Task: {D66A1EC3-0DBC-4BD6-8ACF-40B061A96C2A} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197792 2021-05-11] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1536627339-1155438233-2228032490-1001] => localhost:8080
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{D4360F23-D04C-4BB7-B907-CF8D32829D23}: [NameServer] 100.120.248.1

FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 [2021-05-17]
FF Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-05-13]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 [2021-05-17]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-02-01]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-05-17]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://www.google.com/firefox?client=firefox-a ... S:official
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1281760 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [8615648 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [212192 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [365024 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [250336 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99288 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41296 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [180448 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522896 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2021-05-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [107792 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [850632 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467720 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215352 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326992 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 20:47 - 2021-05-17 20:48 - 000262144 _____ C:\windows\Minidump\051721-25038-01.dmp
2021-05-17 20:47 - 2021-05-17 20:47 - 694772181 _____ C:\windows\MEMORY.DMP
2021-05-17 20:34 - 2021-05-17 20:34 - 002091008 _____ (www.viry.cz) C:\WindowsFirewallFix.exe
2021-05-17 20:23 - 2021-05-17 20:25 - 000035860 _____ C:\Users\Citron\Desktop\Addition.txt
2021-05-17 20:22 - 2021-05-17 21:00 - 000017694 _____ C:\Users\Citron\Desktop\FRST.txt
2021-05-17 20:21 - 2021-05-17 20:21 - 000000000 ___HD C:\$AV_ASW
2021-05-17 19:36 - 2021-05-17 19:47 - 000010757 _____ C:\Users\Citron\Desktop\Fixlog.txt
2021-05-17 16:17 - 2021-05-17 20:22 - 000000000 ____D C:\Users\Citron\Desktop\FRST-OlderVersion
2021-05-17 16:16 - 2021-05-17 21:00 - 000000000 ____D C:\FRST
2021-05-15 23:59 - 2021-05-15 23:59 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2021-05-15 23:45 - 2021-05-15 23:34 - 000339680 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2021-05-15 23:37 - 2021-05-16 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2021-05-15 23:34 - 2021-05-17 20:53 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-05-15 23:34 - 2021-05-15 23:34 - 000850632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000522896 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000467720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000365024 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000326992 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000250336 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000215352 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000212192 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000180448 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000099288 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000082872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000041296 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2021-05-11 18:53 - 2021-05-11 18:55 - 000000000 ____D C:\AdwCleaner
2021-05-10 22:11 - 2021-05-10 22:11 - 000001879 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-05-06 21:54 - 2021-05-06 21:54 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-04-21 15:48 - 2021-05-17 20:48 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 20:56 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-17 20:56 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-17 20:53 - 2018-04-24 14:33 - 000004128 _____ C:\windows\system32\Tasks\CCleaner Update
2021-05-17 20:48 - 2012-07-11 17:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-05-17 20:47 - 2014-08-31 22:17 - 000000000 ____D C:\windows\Minidump
2021-05-17 20:47 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-17 20:40 - 2009-07-14 04:34 - 000000439 _____ C:\windows\win.ini
2021-05-17 20:39 - 2014-12-22 11:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-17 20:38 - 2009-07-27 16:26 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-05-17 20:20 - 2021-03-18 18:14 - 002299392 _____ (Farbar) C:\Users\Citron\Desktop\FRST64.exe
2021-05-17 20:05 - 2013-09-20 18:44 - 000000000 ____D C:\Program Files\CCleaner
2021-05-17 19:36 - 2016-11-18 13:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-05-17 19:36 - 2012-07-11 16:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-16 19:30 - 2019-05-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-16 09:52 - 2020-06-29 15:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-05-15 23:43 - 2018-05-30 07:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-05-15 23:37 - 2014-12-22 11:09 - 000000000 ____D C:\Users\Citron\AppData\Roaming\AVAST Software
2021-05-15 23:34 - 2017-12-06 16:42 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-15 23:34 - 2015-12-03 16:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-05-15 23:34 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2021-05-15 23:16 - 2012-07-11 17:02 - 000000000 ____D C:\Programy
2021-05-15 17:46 - 2012-07-11 16:55 - 000000000 ____D C:\_Pal
2021-05-14 19:48 - 2018-04-26 15:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-05-07 07:19 - 2012-07-11 17:02 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Winamp
2021-05-07 07:03 - 2021-02-02 09:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-07 07:03 - 2012-07-11 16:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-02 14:54 - 2012-07-11 16:55 - 000000000 ____D C:\Fotky

==================== Files in the root of some directories ========

2012-07-11 16:33 - 2020-11-05 23:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 13:23 - 2020-06-29 15:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-05-16 10:49
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by Citron (17-05-2021 21:00:57)
Running from C:\Users\Citron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.11.5523.2244 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-29 15:51 - 2007-11-02 16:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 15:51 - 2007-11-02 16:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 15:51 - 2007-09-04 15:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2020-06-29 15:51 - 2011-08-15 18:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2011-02-07 20:43 - 2011-02-07 20:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2011-07-28 20:20 - 2011-07-28 20:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 12:56 - 2010-12-12 12:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-15 23:15 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-05-2021 16:14:43 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/17/2021 08:39:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 08:39:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 07:46:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\Citron\Desktop\FRST64.exe ; Popis = Restore Point Created by FRST; Chyba = 0x80042302).

Error: (05/17/2021 07:46:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007041d, Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
.

Error: (05/17/2021 07:46:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} a názvem Coordinator nelze spustit. [0x8007041d, Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
]


System errors:
=============
Error: (05/17/2021 08:59:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/17/2021 08:59:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avast Firewall Service závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/17/2021 08:59:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/17/2021 08:59:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avast Firewall Service závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/17/2021 08:59:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/17/2021 08:59:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avast Firewall Service závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/17/2021 08:58:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/17/2021 08:58:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avast Firewall Service závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.


Windows Defender:
================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 4030.36 MB
Available physical RAM: 870.88 MB
Total Virtual: 8058.9 MB
Available Virtual: 4976.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.39 GB) (Free:600.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#12 Příspěvek od Diallix »

Vidim, ze je problem so sluzbami win. firewallu, preto ten program.

Spustal ste ho pod admin. opravnenim?

Chodte do nudzoveho rezimu, povypinajte antivir a spustite program, tento raz v mode BruteFix.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#13 Příspěvek od Citronidlo »

ano, jako admin
asi stárnu, ale jak se bez pádu leze do nouzového režimu?

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#14 Příspěvek od Diallix »

Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Citronidlo
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 04 črc 2014 18:38

Re: Prosím o kontrolu logu

#15 Příspěvek od Citronidlo »

Nepomohlo to, stále Windows firewall hlásí chybu a bez vypnutí a zapnutí štítů avastu se na net nedostatnu. Firefox nenaběhne.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (17-05-2021 21:44:02)
Running from C:\Users\Citron\Desktop
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\setup\instup.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\Vpn.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [118496 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-05-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\avast software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C603DF9-05A8-4AD4-BE41-5AE7B461FD3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4699872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4866784 2021-05-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2B300295-DE4C-47B6-B6FD-03EE330B5615} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {347F0D5F-D21C-4D9F-ABAF-3D49D2EE52B4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {3B25F035-EAF6-4AAB-9C87-7700703FF7B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-15] (Avast Software s.r.o. -> Avast Software)
Task: {49186051-AB5A-439E-87AE-FF7CE930EEFF} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197792 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5493472 2021-03-08] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9AEC25F4-BB8E-46C1-A660-01D6007B9A26} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4665568 2021-03-12] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-05-11] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1536627339-1155438233-2228032490-1001] => localhost:8080
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{D4360F23-D04C-4BB7-B907-CF8D32829D23}: [NameServer] 100.120.248.1

FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1 [2021-05-17]
FF Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ejo7zur1.default-release-1\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-05-13]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328 [2021-05-17]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\fmt8gp9w.default-release-1612214490328\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-02-01]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-05-17]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://www.google.com/firefox?client=firefox-a ... S:official
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1281760 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [8615648 2021-05-11] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [212192 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [365024 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [250336 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99288 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41296 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [180448 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522896 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2021-05-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [107792 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82872 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [850632 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467720 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215352 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326992 2021-05-15] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 21:26 - 2021-05-17 21:26 - 000113774 _____ C:\windows\ntbtlog.txt
2021-05-17 20:47 - 2021-05-17 20:48 - 000262144 _____ C:\windows\Minidump\051721-25038-01.dmp
2021-05-17 20:47 - 2021-05-17 20:47 - 694772181 _____ C:\windows\MEMORY.DMP
2021-05-17 20:34 - 2021-05-17 20:34 - 002091008 _____ (www.viry.cz) C:\WindowsFirewallFix.exe
2021-05-17 20:22 - 2021-05-17 21:45 - 000017788 _____ C:\Users\Citron\Desktop\FRST.txt
2021-05-17 20:21 - 2021-05-17 20:21 - 000000000 ___HD C:\$AV_ASW
2021-05-17 19:36 - 2021-05-17 19:47 - 000010757 _____ C:\Users\Citron\Desktop\Fixlog.txt
2021-05-17 16:17 - 2021-05-17 20:22 - 000000000 ____D C:\Users\Citron\Desktop\FRST-OlderVersion
2021-05-17 16:16 - 2021-05-17 21:44 - 000000000 ____D C:\FRST
2021-05-15 23:59 - 2021-05-15 23:59 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2021-05-15 23:46 - 2021-05-15 23:46 - 000002003 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2021-05-15 23:45 - 2021-05-15 23:34 - 000339680 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2021-05-15 23:37 - 2021-05-16 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2021-05-15 23:34 - 2021-05-17 20:53 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-05-15 23:34 - 2021-05-15 23:34 - 000850632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000522896 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000467720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000365024 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000326992 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000250336 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000215352 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000212192 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000180448 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000099288 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000082872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000041296 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2021-05-15 23:34 - 2021-05-15 23:34 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2021-05-11 18:53 - 2021-05-11 18:55 - 000000000 ____D C:\AdwCleaner
2021-05-10 22:11 - 2021-05-10 22:11 - 000001879 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-05-06 21:54 - 2021-05-06 21:54 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-04-21 15:48 - 2021-05-17 21:42 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 21:42 - 2014-12-22 11:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-17 21:42 - 2012-07-11 17:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-05-17 21:42 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-17 21:41 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-17 21:41 - 2009-07-14 06:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-17 21:39 - 2009-07-14 04:34 - 000000439 _____ C:\windows\win.ini
2021-05-17 21:33 - 2009-07-14 07:08 - 000032574 _____ C:\windows\Tasks\SCHEDLGU.TXT
2021-05-17 21:31 - 2013-09-20 18:44 - 000000000 ____D C:\Program Files\CCleaner
2021-05-17 20:53 - 2018-04-24 14:33 - 000004128 _____ C:\windows\system32\Tasks\CCleaner Update
2021-05-17 20:47 - 2014-08-31 22:17 - 000000000 ____D C:\windows\Minidump
2021-05-17 20:38 - 2009-07-27 16:26 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-05-17 20:20 - 2021-03-18 18:14 - 002299392 _____ (Farbar) C:\Users\Citron\Desktop\FRST64.exe
2021-05-17 19:36 - 2016-11-18 13:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-05-17 19:36 - 2012-07-11 16:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-16 19:30 - 2019-05-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-16 09:52 - 2020-06-29 15:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-05-15 23:43 - 2018-05-30 07:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-05-15 23:37 - 2014-12-22 11:09 - 000000000 ____D C:\Users\Citron\AppData\Roaming\AVAST Software
2021-05-15 23:34 - 2017-12-06 16:42 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-15 23:34 - 2015-12-03 16:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-05-15 23:34 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2021-05-15 23:16 - 2012-07-11 17:02 - 000000000 ____D C:\Programy
2021-05-15 17:46 - 2012-07-11 16:55 - 000000000 ____D C:\_Pal
2021-05-14 19:48 - 2018-04-26 15:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-05-07 07:19 - 2012-07-11 17:02 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Winamp
2021-05-07 07:03 - 2021-02-02 09:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-07 07:03 - 2012-07-11 16:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-02 14:54 - 2012-07-11 16:55 - 000000000 ____D C:\Fotky

==================== Files in the root of some directories ========

2012-07-11 16:33 - 2020-11-05 23:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 13:23 - 2020-06-29 15:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-05-16 10:49
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by Citron (17-05-2021 21:45:49)
Running from C:\Users\Citron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9940.2746 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.11.5523.2244 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-15] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-29 15:51 - 2007-11-02 16:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 15:51 - 2007-11-02 16:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 15:51 - 2007-09-04 15:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2020-06-29 15:51 - 2011-08-15 18:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2011-02-07 20:43 - 2011-02-07 20:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2021-05-15 23:34 - 2021-05-15 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files\avast software\avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2011-07-28 20:20 - 2011-07-28 20:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 13:59 - 2011-01-29 13:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 12:56 - 2010-12-12 12:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 12:57 - 2010-12-12 12:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 12:58 - 2010-12-12 12:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.

IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com

There are 7944 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-15 23:15 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-05-2021 16:14:43 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/17/2021 09:38:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 09:38:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 08:39:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 08:39:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/17/2021 07:46:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\Citron\Desktop\FRST64.exe ; Popis = Restore Point Created by FRST; Chyba = 0x80042302).

Error: (05/17/2021 07:46:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007041d, Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
.

Error: (05/17/2021 07:46:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} a názvem Coordinator nelze spustit. [0x8007041d, Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
]


System errors:
=============
Error: (05/17/2021 09:44:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Defender byla ukončena s následující chybou:
Uvedený modul nebyl nalezen.

Error: (05/17/2021 09:43:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/17/2021 09:43:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avast Firewall Service závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/17/2021 09:42:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Brána Windows Firewall závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/17/2021 09:42:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avast Firewall Service závisí na službě Služba BFE (Base Filtering Engine), která neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (05/17/2021 09:42:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.

Error: (05/17/2021 09:40:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Defender byla ukončena s následující chybou:
Uvedený modul nebyl nalezen.

Error: (05/17/2021 09:40:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba BFE (Base Filtering Engine) byla ukončena s následující chybou:
Přístup byl odepřen.


Windows Defender:
================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron

Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 72%
Total physical RAM: 4030.36 MB
Available physical RAM: 1105.72 MB
Total Virtual: 8058.9 MB
Available Virtual: 5024.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.39 GB) (Free:600.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Zamčeno