Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o preventivní kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Prosím o preventivní kontrolu

#1 Příspěvek od djrene »

Prosím o preventivni kontrolu meho PC. Děkuji


info.txt logfile of random's system information tool 1.10 2019-01-18 08:34:13

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AD12277810000806B100007860E30000800000020030000860F3007DFD3FF0028030000386D74000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

µTorrent-->C:\Users\René Anička Sabrinka\AppData\Roaming\uTorrent\uninstall.exe
7-Zip 16.04-->C:\Program Files\7-Zip\Uninstall.exe
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Flash Player 32 NPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe -maintain plugin
Adobe Flash Player 32 PPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe -maintain pepperplugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824298644}
AMD Accelerated Video Transcoding-->MsiExec.exe /X{D427123D-6FED-3FF4-8490-49BAD3970C11}
AMD Catalyst Install Manager-->msiexec /q/x{17A7AA54-B23B-22B7-CDD5-C51122056415} REBOOT=ReallySuppress
AMD Drag and Drop Transcoding-->MsiExec.exe /X{F314F9AB-A0CF-C3A3-F746-F54ACC31326B}
AMD Wireless Display v3.0-->MsiExec.exe /I{38230BC0-C1CE-E828-0E65-9439E5EC7FCA}
AMD Wireless Display v3.0-->MsiExec.exe /I{7B6DB690-4552-9EDC-40F3-4F73B2B98EB1}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\setup\Instup.exe /control_panel
Avast Secure Browser-->"C:\Program Files\AVAST Software\Browser\AvastBrowserUninstall.exe" /run_source=cp
Catalyst Control Center - Branding-->MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
DjVuLibre DjView 3.5.27+4.10.4-->C:\Program Files\DjVuLibre\uninst.exe
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Everything 1.4.1.895 (x86)-->C:\Program Files\Everything\Uninstall.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HappyFoto DESIGNER 5.6-->"C:\Program Files\HappyFoto DESIGNER\unins000.exe"
Java 8 Update 201-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180201F0}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4.5-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\\Setup.exe /repair /x86
Microsoft .NET Framework 4.5-->MsiExec.exe /X{9F612429-4A00-3D44-88CF-146DA2EE1F92}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727-->"C:\ProgramData\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212-->"C:\ProgramData\Package Cache\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212-->MsiExec.exe /X{844ECB74-9B63-3D5C-958C-30BD23F19EE4}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{37B55901-995A-3650-80B1-BBFD047E2911}
Mozilla Firefox 64.0.2 (x86 cs)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MPC-HC 1.7.10-->"C:\Program Files\MPC-HC\unins000.exe"
MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe
Odinstalace tiskárny EPSON SX430 Series-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSHAE.EXE /R /APD /P:"EPSON SX430 Series"
Opera Stable 57.0.3098.116-->"C:\Program Files\Opera\Launcher.exe" /uninstall
Photodex Presenter-->C:\Program Files\Photodex Presenter\remove.exe
PosteRazor-->"C:\Program Files\PosteRazor\unins000.exe"
Print Passport Photo 1.1.2-->"C:\Program Files\Print Passport Photo\unins000.exe"
ProShow Gold-->C:\Program Files\Photodex\ProShow Gold\remove.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VLC media player-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======System event log======

Computer Name: RenéAničkaSabri
Event Code: 36887
Message: Byla přijata následující výstraha o závažné chybě: 40.
Record Number: 50957
Source Name: Schannel
Time Written: 20180628140750.155200-000
Event Type: Chyba
User: NT AUTHORITY\SYSTEM

Computer Name: RenéAničkaSabri
Event Code: 36887
Message: Byla přijata následující výstraha o závažné chybě: 40.
Record Number: 50956
Source Name: Schannel
Time Written: 20180628140740.374000-000
Event Type: Chyba
User: NT AUTHORITY\SYSTEM

Computer Name: RenéAničkaSabri
Event Code: 36887
Message: Byla přijata následující výstraha o závažné chybě: 40.
Record Number: 50955
Source Name: Schannel
Time Written: 20180628140739.921600-000
Event Type: Chyba
User: NT AUTHORITY\SYSTEM

Computer Name: RenéAničkaSabri
Event Code: 36887
Message: Byla přijata následující výstraha o závažné chybě: 40.
Record Number: 50954
Source Name: Schannel
Time Written: 20180628140542.476400-000
Event Type: Chyba
User: NT AUTHORITY\SYSTEM

Computer Name: RenéAničkaSabri
Event Code: 36887
Message: Byla přijata následující výstraha o závažné chybě: 40.
Record Number: 50953
Source Name: Schannel
Time Written: 20180628140506.222000-000
Event Type: Chyba
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: RenéAničkaSabri
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Record Number: 583
Source Name: ASP.NET 4.0.30319.0
Time Written: 20170328155338.000000-000
Event Type: Upozornění
User:

Computer Name: RenéAničkaSabri
Event Code: 1000
Message: Čítače výkonu pro službu ASP.NET_4.0.30319 (ASP.NET_4.0.30319) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 582
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20170328155330.475400-000
Event Type: Informace
User: RenéAničkaSabri\René Anička Sabrinka

Computer Name: RenéAničkaSabri
Event Code: 1000
Message: Čítače výkonu pro službu aspnet_state (ASP.NET State Service) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 581
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20170328155320.975000-000
Event Type: Informace
User: RenéAničkaSabri\René Anička Sabrinka

Computer Name: RenéAničkaSabri
Event Code: 1017
Message: Start registering ASP.NET (version 4.0.30319.0) (internal flag: 0x00000404)
Record Number: 580
Source Name: ASP.NET 4.0.30319.0
Time Written: 20170328155313.000000-000
Event Type: Informace
User:

Computer Name: RenéAničkaSabri
Event Code: 1000
Message: Čítače výkonu pro službu .NET Memory Cache 4.0 (.NET Memory Cache 4.0) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 579
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20170328155309.150200-000
Event Type: Informace
User: RenéAničkaSabri\René Anička Sabrinka

=====Security event log=====

Computer Name: RenéAničkaSabri
Event Code: 5061
Message: Kryptografická operace.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: e6a2f686-b390-44cd-b203-7cffce986143
Typ klíče: Klíč počítače

Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 8122
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20171014135959.755600-000
Event Type: Úspěšný audit
User:

Computer Name: RenéAničkaSabri
Event Code: 5058
Message: Operace se souborem klíče.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: Není k dispozici.
Název klíče: e6a2f686-b390-44cd-b203-7cffce986143
Typ klíče: Klíč počítače

Informace o operaci se souborem klíče:
Cesta k souboru: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57692b4b96e24dc8bb52e612e96cbb77_a29e5e65-c375-4118-81b5-54686516818b
Operace: Čtení trvalého klíče ze souboru
Návratový kód: 0x0
Record Number: 8121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20171014135959.755600-000
Event Type: Úspěšný audit
User:

Computer Name: RenéAničkaSabri
Event Code: 5061
Message: Kryptografická operace.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RENÉANIČKASABRI$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: {EC0CCC72-E055-44FC-B8FE-BA28712BEC5A}
Typ klíče: Klíč počítače

Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 8120
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20171014135957.602800-000
Event Type: Úspěšný audit
User:

Computer Name: RenéAničkaSabri
Event Code: 5058
Message: Operace se souborem klíče.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RENÉANIČKASABRI$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: Není k dispozici.
Název klíče: {EC0CCC72-E055-44FC-B8FE-BA28712BEC5A}
Typ klíče: Klíč počítače

Informace o operaci se souborem klíče:
Cesta k souboru: C:\ProgramData\Microsoft\Crypto\Keys\a42261cd7b96105c4b894572fe89a596_a29e5e65-c375-4118-81b5-54686516818b
Operace: Čtení trvalého klíče ze souboru
Návratový kód: 0x0
Record Number: 8119
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20171014135957.602800-000
Event Type: Úspěšný audit
User:

Computer Name: RenéAničkaSabri
Event Code: 5061
Message: Kryptografická operace.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: e6a2f686-b390-44cd-b203-7cffce986143
Typ klíče: Klíč počítače

Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 8118
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20171014100827.001000-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\AMD\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602

-----------------EOF-----------------

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o preventivní kontrolu

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Re: Prosím o preventivní kontrolu

#3 Příspěvek od djrene »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-18-2019
# Duration: 00:00:13
# OS: Windows 7 Professional
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\DeviceVM
Deleted C:\Users\René Anička Sabrinka\AppData\Roaming\DeviceVM

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1373 octets] - [18/01/2019 11:14:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o preventivní kontrolu

#4 Příspěvek od Diallix »

poprosim o nove logy z FRST a ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Re: Prosím o preventivní kontrolu

#5 Příspěvek od djrene »

Logfile of random's system information tool 1.10 (written by random/random)
Run by René Anička Sabrinka at 2019-01-18 12:50:50
Microsoft Windows 7 Professional
System drive C: has 793 GB (83%) free of 954 GB
Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:02, on 18.1.2019
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\René Anička Sabrinka\Downloads\RSIT.exe
C:\Program Files\trend micro\René Anička Sabrinka.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX430"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe

--
End of file - 5997 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe /Application

=========Mozilla firefox=========

ProfilePath - C:\Users\René Anička Sabrinka\AppData\Roaming\Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884

prefs.js - "browser.startup.homepage" - "www.centrum.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.114 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.201.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.201.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@photodex.com/PhotodexPresenter]
"Description"=Photodex Presenter Plugin
"Path"=C:\Program Files\Photodex Presenter\npPxPlay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\René Anička Sabrinka\AppData\Roaming\Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884\extensions\
staged

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-17 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-17 194424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-01-16 222600]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"StartCCC"=C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [2015-08-04 748744]
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2017-06-25 17487536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2018-12-16 601424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 718208]
"EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [2012-02-29 249440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-01-18 11:13:53 ----D---- C:\AdwCleaner
2019-01-18 08:33:54 ----D---- C:\Program Files\trend micro
2019-01-18 08:33:53 ----D---- C:\rsit
2019-01-17 07:59:56 ----D---- C:\Program Files\Common Files\Oracle
2019-01-17 07:59:17 ----D---- C:\Program Files\Common Files\Java
2019-01-16 14:55:22 ----A---- C:\Windows\system32\drivers\aswbidsdriver.sys
2019-01-16 14:54:54 ----A---- C:\Windows\system32\drivers\aswbuniv.sys
2019-01-16 14:54:54 ----A---- C:\Windows\system32\drivers\aswArDisk.sys
2019-01-16 14:54:53 ----A---- C:\Windows\system32\drivers\aswblog.sys
2019-01-16 14:54:53 ----A---- C:\Windows\system32\drivers\aswbidsh.sys
2019-01-16 14:54:44 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 month======

2019-01-18 12:47:44 ----D---- C:\Windows\Temp
2019-01-18 12:17:16 ----SHD---- C:\Windows\Installer
2019-01-18 11:18:08 ----D---- C:\Windows\Tasks
2019-01-18 11:17:54 ----D---- C:\Windows\system32\Logs
2019-01-18 11:17:46 ----D---- C:\Windows
2019-01-18 11:17:46 ----A---- C:\Windows\KMSEmulator.exe
2019-01-18 11:17:22 ----D---- C:\Windows\system32\Tasks
2019-01-18 11:17:01 ----D---- C:\Windows\winsxs
2019-01-18 11:17:01 ----D---- C:\Windows\system32\drivers
2019-01-18 11:14:53 ----HD---- C:\ProgramData
2019-01-18 08:33:54 ----RD---- C:\Program Files
2019-01-17 17:47:19 ----D---- C:\Windows\system32\config
2019-01-17 17:37:41 ----D---- C:\Windows\System32
2019-01-17 07:59:58 ----D---- C:\Program Files\Java
2019-01-17 07:59:56 ----D---- C:\Program Files\Common Files
2019-01-17 07:58:10 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2019-01-16 14:52:56 ----D---- C:\Windows\Prefetch
2019-01-15 12:23:21 ----D---- C:\Program Files\Mozilla Maintenance Service
2019-01-15 10:27:28 ----D---- C:\Users\René Anička Sabrinka\AppData\Roaming\Everything
2019-01-13 08:04:20 ----SHD---- C:\System Volume Information
2019-01-13 07:55:51 ----D---- C:\Windows\system32\Macromed
2019-01-11 14:11:30 ----D---- C:\Program Files\Opera
2019-01-11 12:39:10 ----D---- C:\Program Files\Mozilla Firefox
2019-01-08 12:12:10 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2019-01-02 10:19:35 ----A---- C:\Windows\Viewer.INI
2018-12-31 10:23:16 ----D---- C:\STONAVSKY
2018-12-27 10:15:56 ----RSD---- C:\Windows\Fonts
2018-12-27 10:14:28 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2019-01-16 34680]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2019-01-16 158288]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblog.sys [2019-01-16 255416]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2019-01-16 51320]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2019-01-16 72992]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2019-01-16 310400]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2010-04-08 215656]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2019-01-16 169216]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2019-01-16 187248]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2019-01-16 183160]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2019-01-16 40888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2019-01-16 101176]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2019-01-16 785776]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2019-01-16 401832]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2019-01-16 138464]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2019-01-16 163344]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-08-04 19503104]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-08-04 532480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2015-07-15 78848]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-02-05 1122304]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2019-01-16 42928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\USBSER.sys [2009-07-14 27648]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 128704]
S3 WinUsb;YunOS USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-08-04 214528]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-03 276992]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-01-16 309480]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2012-02-21 142432]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [2017-03-29 186760]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-01-16 6300272]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 avast;Služba %1!s! Update (avast); C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-09 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08 335872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-09 164984]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service; C:\Program Files\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [2019-01-09 390552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2019-01-11 206800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-08 46528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o preventivní kontrolu

#6 Příspěvek od Diallix »

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Re: Prosím o preventivní kontrolu

#7 Příspěvek od djrene »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-01-2019 01
Ran by René Anička Sabrinka (administrator) on RENÉANIČKASABRI (18-01-2019 13:01:17)
Running from C:\Users\René Anička Sabrinka\Downloads
Loaded Profiles: René Anička Sabrinka (Available Profiles: René Anička Sabrinka)
Platform: Microsoft Windows 7 Professional (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
() C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [222600 2019-01-16] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [17487536 2017-06-25] (MyHeritage)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4211795552-2051532018-2107380943-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-4211795552-2051532018-2107380943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-16] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 81.200.48.55 81.200.48.11
Tcpip\..\Interfaces\{37A9AF91-621F-4B12-9912-772A2C84AE3C}: [DhcpNameServer] 81.200.48.55 81.200.48.11

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-4211795552-2051532018-2107380943-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-17] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: lphsmt95.default-1496038878884
FF ProfilePath: C:\Users\René Anička Sabrinka\AppData\Roaming\Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884 [2019-01-18]
FF Homepage: Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884 -> www.centrum.cz
FF Extension: (AdBlock) - C:\Users\René Anička Sabrinka\AppData\Roaming\Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-12-05]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\René Anička Sabrinka\AppData\Roaming\Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884\Extensions\sp@avast.com.xpi [2018-12-21]
FF Extension: (Avast Online Security) - C:\Users\René Anička Sabrinka\AppData\Roaming\Mozilla\Firefox\Profiles\lphsmt95.default-1496038878884\Extensions\wrc@avast.com.xpi [2018-07-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-17] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [2017-03-29] ( )
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6300272 2019-01-16] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [309480 2019-01-16] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-09] (AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-21] (SEIKO EPSON CORPORATION)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2017-03-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34680 2019-01-16] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [169216 2019-01-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [187248 2019-01-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [158288 2019-01-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [255416 2019-01-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [51320 2019-01-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183160 2019-01-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42928 2019-01-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40888 2019-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [138464 2019-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101176 2019-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72992 2019-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [785776 2019-01-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [401832 2019-01-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [163344 2019-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310400 2019-01-16] (AVAST Software)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1122304 2007-02-05] (Creative Technology Ltd.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
S3 NVNET; system32\DRIVERS\nvmf6232.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 13:01 - 2019-01-18 13:01 - 000011320 _____ C:\Users\René Anička Sabrinka\Downloads\FRST.txt
2019-01-18 13:00 - 2019-01-18 13:01 - 000000000 ____D C:\FRST
2019-01-18 12:59 - 2019-01-18 12:59 - 001787392 _____ (Farbar) C:\Users\René Anička Sabrinka\Downloads\FRST.exe
2019-01-18 11:13 - 2019-01-18 11:14 - 000000000 ____D C:\AdwCleaner
2019-01-18 11:12 - 2019-01-18 11:12 - 007320272 _____ (Malwarebytes) C:\Users\René Anička Sabrinka\Desktop\adwcleaner_7.2.6.0.exe
2019-01-18 10:47 - 2019-01-18 10:47 - 000000165 _____ C:\Users\René Anička Sabrinka\Downloads\citation-44743082.ris
2019-01-18 08:33 - 2019-01-18 12:50 - 000000000 ____D C:\Program Files\trend micro
2019-01-18 08:33 - 2019-01-18 08:34 - 000000000 ____D C:\rsit
2019-01-18 08:33 - 2019-01-18 08:33 - 001107968 _____ C:\Users\René Anička Sabrinka\Downloads\RSIT.exe
2019-01-17 12:09 - 2019-01-17 12:09 - 000470433 _____ C:\Users\René Anička Sabrinka\Downloads\HOMEticket_1518872.pdf
2019-01-17 07:59 - 2019-01-17 07:59 - 000000000 ____D C:\Program Files\Common Files\Oracle
2019-01-17 07:59 - 2019-01-17 07:59 - 000000000 ____D C:\Program Files\Common Files\Java
2019-01-16 14:55 - 2019-01-16 14:55 - 000187248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-16 14:54 - 2019-01-16 14:54 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-16 14:54 - 2019-01-16 14:54 - 000255416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-16 14:54 - 2019-01-16 14:54 - 000158288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-16 14:54 - 2019-01-16 14:54 - 000051320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-16 14:54 - 2019-01-16 14:54 - 000034680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-11 12:27 - 2019-01-11 12:28 - 000048568 _____ C:\Users\René Anička Sabrinka\Downloads\Pohyb_18233415309_na_uctu_2801166675.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 11:25 - 2009-07-14 05:34 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-18 11:25 - 2009-07-14 05:34 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-18 11:19 - 2018-04-09 06:12 - 000000000 ____D C:\Users\René Anička Sabrinka\AppData\Local\AVAST Software
2019-01-18 11:18 - 2017-03-29 08:27 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job
2019-01-18 11:18 - 2017-03-28 16:33 - 000000000 ____D C:\Users\René Anička Sabrinka\AppData\LocalLow\Mozilla
2019-01-18 11:17 - 2017-03-29 08:26 - 000151552 _____ C:\Windows\KMSEmulator.exe
2019-01-18 11:17 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-17 17:36 - 2018-08-22 16:49 - 000000000 ____D C:\Users\René Anička Sabrinka\Documents\Soubory aplikace Outlook
2019-01-17 08:00 - 2018-04-09 06:12 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-17 08:00 - 2018-04-09 06:12 - 000002332 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-01-17 07:59 - 2017-03-31 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-17 07:59 - 2017-03-31 16:03 - 000000000 ____D C:\Program Files\Java
2019-01-17 07:58 - 2017-03-31 16:03 - 000097144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2019-01-16 14:54 - 2018-10-22 10:47 - 000040888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-16 14:54 - 2017-11-15 07:26 - 000183160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-16 14:54 - 2017-11-10 13:24 - 000169216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000785776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000401832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000310400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000163344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000138464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000101176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000072992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-16 14:54 - 2017-03-28 17:10 - 000042928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-15 12:23 - 2017-05-29 07:20 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-01-15 10:27 - 2018-08-24 09:19 - 000000000 ____D C:\Users\René Anička Sabrinka\AppData\Local\Everything
2019-01-15 10:27 - 2018-08-10 08:12 - 000000000 ____D C:\Users\René Anička Sabrinka\AppData\Roaming\Everything
2019-01-13 07:55 - 2017-04-04 16:28 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-11 14:11 - 2017-08-31 18:47 - 000000000 ____D C:\Program Files\Opera
2019-01-11 12:39 - 2017-03-28 16:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-08 12:12 - 2017-04-04 16:28 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2019-01-08 12:12 - 2017-04-04 16:28 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-01-02 10:19 - 2018-10-25 13:34 - 000000519 _____ C:\Windows\Viewer.INI
2018-12-31 10:23 - 2018-10-29 08:44 - 000000000 ____D C:\STONAVSKY
2018-12-27 10:20 - 2017-03-28 15:02 - 000108824 _____ C:\Users\René Anička Sabrinka\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-27 10:19 - 2009-07-14 05:33 - 000406912 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-27 10:14 - 2017-12-22 16:59 - 000000000 ____D C:\Program Files\Google

Some files in TEMP:
====================
2018-07-23 17:15 - 2018-07-23 17:16 - 001906040 _____ (Oracle Corporation) C:\Users\René Anička Sabrinka\AppData\Local\Temp\jre-8u181-windows-au.exe
2019-01-17 07:54 - 2019-01-17 07:54 - 001974624 _____ (Oracle Corporation) C:\Users\René Anička Sabrinka\AppData\Local\Temp\jre-8u201-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-28 09:47

==================== End of FRST.txt ============================

djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Re: Prosím o preventivní kontrolu

#8 Příspěvek od djrene »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-01-2019 01
Ran by René Anička Sabrinka (18-01-2019 13:01:48)
Running from C:\Users\René Anička Sabrinka\Downloads
Microsoft Windows 7 Professional (X86) (2017-03-28 13:50:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4211795552-2051532018-2107380943-500 - Administrator - Disabled)
Guest (S-1-5-21-4211795552-2051532018-2107380943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4211795552-2051532018-2107380943-1002 - Limited - Enabled)
René Anička Sabrinka (S-1-5-21-4211795552-2051532018-2107380943-1001 - Administrator - Enabled) => C:\Users\René Anička Sabrinka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{17A7AA54-B23B-22B7-CDD5-C51122056415}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 71.0.1037.98 - Autoři prohlížeče Avast Secure Browser)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Everything 1.4.1.895 (x86) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HappyFoto DESIGNER 5.6 (HKLM\...\HappyFoto-Designer_is1) (Version: - )
Java 8 Update 201 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 64.0.2 (x86 cs)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 8.0.0.8395 - MyHeritage.com)
Odinstalace tiskárny EPSON SX430 Series (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
Opera Stable 57.0.3098.116 (HKLM\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software)
PassportPhoto (remove) (HKU\S-1-5-21-4211795552-2051532018-2107380943-1001\...\PassportPhoto) (Version: - )
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - Photodex Corporation)
PosteRazor (HKLM\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Print Passport Photo 1.1.2 (HKLM\...\Print Passport Photo_is1) (Version: 1.1.2 - Marcello Pietrelli & Gianni Baini)
ProShow Gold (HKLM\...\ProShow Gold) (Version: - Photodex Corporation)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\ATI.ACE\Core-Static\atiacmxx.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00251E5F-DD81-4611-945E-4D2D4250F3AC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {006686CF-2263-4C6F-83B6-972ACC999476} - System32\Tasks\{D201824E-7SP1-4321-8GH5-LA32311B16CA} => C:\Users\René Anička Sabrinka\AppData\Roaming\uTorrent\Precomp\precomp.exe [2017-11-02] () <==== ATTENTION
Task: {15007466-505C-4916-8845-725AD5A29445} - System32\Tasks\Opera scheduled Autoupdate 1504201689 => C:\Program Files\Opera\launcher.exe [2019-01-09] (Opera Software)
Task: {251DD0AB-DCD0-4A7B-8BCA-80266CB71D62} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-09] (AVAST Software)
Task: {696B5D68-B329-49C4-BC8D-40FEF8D8DB7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {74ABF333-9FB1-4EA9-82D1-361BD17089A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {8F7EDBB4-2239-4F76-AE4D-0FD7F014C6D7} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
Task: {9AD517F8-D662-4D46-AA8F-3AF920D51DF3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-03-29] ()
Task: {A0BB56AF-FD92-42E3-BC81-47CC5AD355B7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {A6E89529-C7D8-4657-B7F0-98F8F2F0C3D2} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-09] (AVAST Software)
Task: {A729A060-D430-42BE-AEBC-3C73079FDDD3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-16] (AVAST Software)
Task: {E238ACBE-FBE0-4C9B-B04D-721B8240D672} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {FFAFCCD0-72AB-406A-9185-D9BBC9CC4A43} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-18] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-16 14:54 - 2019-01-16 14:54 - 000570248 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-16 14:54 - 2019-01-16 14:54 - 000475016 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-16 14:54 - 2019-01-16 14:54 - 001030536 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-16 14:54 - 2019-01-16 14:54 - 001793928 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-01-18 11:18 - 2019-01-18 11:18 - 005759632 _____ () C:\Program Files\AVAST Software\Avast\defs\19011800\algo.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2017-03-29 08:36 - 2017-03-29 08:36 - 000186760 _____ () C:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe
2018-03-14 12:32 - 2018-03-14 12:32 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-03 23:23 - 2015-08-03 23:23 - 000095744 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-11-16 16:32 - 2019-01-04 11:31 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-4211795552-2051532018-2107380943-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\René Anička Sabrinka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 81.200.48.55 - 81.200.48.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [{301E6B11-9B70-4D53-B7EE-C588CB9EC526}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{8C2F5F1F-C1EE-4D32-8028-F4A989886A6D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe ()
FirewallRules: [UDP Query User{3C3B788B-8EF1-41D3-BB23-D15A726B9EBB}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe ()
FirewallRules: [{C61AA0FC-B403-4628-920F-944D1F5F213E}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe No File
FirewallRules: [{C0A49809-F15F-4EDD-A777-925CA17DF0AB}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe No File
FirewallRules: [{D6996347-8A11-4738-BD7C-BB8686C1C36E}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe No File
FirewallRules: [{02949783-117D-48AD-BF10-D0030D04730A}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe No File
FirewallRules: [{6B46202D-6ACC-4F44-A1D1-AE8047ADB864}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe No File
FirewallRules: [{B5CED051-1DAC-4FC1-A362-0C324D6C3786}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe No File
FirewallRules: [{1F7DC60C-5EE1-445A-A957-EC19E5514652}] => (Allow) C:\Users\René Anička Sabrinka\AppData\Roaming\uTorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{4BF58A40-14D3-473D-A6AB-90FB67C0A882}] => (Allow) C:\Users\René Anička Sabrinka\AppData\Roaming\uTorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{D8A89DC5-0637-4D1E-AA47-A7181581E01C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{77C2B6D4-78BB-4BD5-873D-371284DF681D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{7473F562-5679-4268-841C-F9578244E2A1}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software)
FirewallRules: [{A0783845-8D0C-4B58-8C2D-BE87C0E07888}] => (Allow) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software)
FirewallRules: [{BED74516-B307-4458-A350-00B7EA4CBC57}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{AEDD1BF3-A14F-4047-850D-B94340E55876}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{518151E7-4779-4511-AF6B-39E07300E127}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)

==================== Restore Points =========================

21-12-2018 14:08:19 Naplánovaný kontrolní bod
31-12-2018 12:58:08 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2019 12:17:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\GoogleUpdateHelper.msi

Error: (01/18/2019 11:17:30 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\GoogleUpdateHelper.msi

Error: (01/18/2019 10:17:20 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\GoogleUpdateHelper.msi

Error: (01/18/2019 09:17:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

Error: (01/18/2019 09:17:21 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\GoogleUpdateHelper.msi

Error: (01/18/2019 08:34:19 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\GoogleUpdateHelper.msi

Error: (01/18/2019 08:24:27 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\GoogleUpdateHelper.msi

Error: (01/17/2019 05:37:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: RenéAničkaSabri)
Description: Aktualizaci Adobe Acrobat Reader DC
(19.010.20069) produktu Adobe Acrobat Reader DC - Czech nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (01/18/2019 12:58:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:58:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:58:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:58:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:57:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:53:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:53:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/18/2019 12:53:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 61%
Total physical RAM: 2047.23 MB
Available physical RAM: 790.89 MB
Total Virtual: 4156.45 MB
Available Virtual: 2225.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:774.74 GB) NTFS

\\?\Volume{bb561de3-13bc-11e7-8f8e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 817722D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o preventivní kontrolu

#9 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

C:\Program Files\Seznam.cz
C:\windows\kmsemulator.exe
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4211795552-2051532018-2107380943-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FirewallRules: [TCP Query User{8C2F5F1F-C1EE-4D32-8028-F4A989886A6D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe ()
FirewallRules: [UDP Query User{3C3B788B-8EF1-41D3-BB23-D15A726B9EBB}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe ()
FirewallRules: [{C61AA0FC-B403-4628-920F-944D1F5F213E}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe No File
FirewallRules: [{C0A49809-F15F-4EDD-A777-925CA17DF0AB}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe No File
FirewallRules: [{D6996347-8A11-4738-BD7C-BB8686C1C36E}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe No File
FirewallRules: [{02949783-117D-48AD-BF10-D0030D04730A}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe No File
FirewallRules: [{6B46202D-6ACC-4F44-A1D1-AE8047ADB864}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe No File
FirewallRules: [{B5CED051-1DAC-4FC1-A362-0C324D6C3786}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe No File
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Re: Prosím o preventivní kontrolu

#10 Příspěvek od djrene »

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-01-2019 01
Ran by René Anička Sabrinka (18-01-2019 13:33:12) Run:1
Running from C:\Users\René Anička Sabrinka\Downloads
Loaded Profiles: René Anička Sabrinka (Available Profiles: René Anička Sabrinka)
Boot Mode: Normal

==============================================

fixlist content:
*****************
C:\Program Files\Seznam.cz
C:\windows\kmsemulator.exe
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4211795552-2051532018-2107380943-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [TCP Query User{8C2F5F1F-C1EE-4D32-8028-F4A989886A6D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe ()
FirewallRules: [UDP Query User{3C3B788B-8EF1-41D3-BB23-D15A726B9EBB}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe ()
FirewallRules: [{C61AA0FC-B403-4628-920F-944D1F5F213E}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe No File
FirewallRules: [{C0A49809-F15F-4EDD-A777-925CA17DF0AB}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe No File
FirewallRules: [{D6996347-8A11-4738-BD7C-BB8686C1C36E}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe No File
FirewallRules: [{02949783-117D-48AD-BF10-D0030D04730A}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe No File
FirewallRules: [{6B46202D-6ACC-4F44-A1D1-AE8047ADB864}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe No File
FirewallRules: [{B5CED051-1DAC-4FC1-A362-0C324D6C3786}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe No File
*****************

C:\Program Files\Seznam.cz => moved successfully
C:\windows\kmsemulator.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
"HKU\S-1-5-21-4211795552-2051532018-2107380943-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8C2F5F1F-C1EE-4D32-8028-F4A989886A6D}C:\windows\kmsemulator.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3C3B788B-8EF1-41D3-BB23-D15A726B9EBB}C:\windows\kmsemulator.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C61AA0FC-B403-4628-920F-944D1F5F213E}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0A49809-F15F-4EDD-A777-925CA17DF0AB}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6996347-8A11-4738-BD7C-BB8686C1C36E}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02949783-117D-48AD-BF10-D0030D04730A}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B46202D-6ACC-4F44-A1D1-AE8047ADB864}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5CED051-1DAC-4FC1-A362-0C324D6C3786}" => removed successfully.


The system needed a reboot.

==== End of Fixlog 13:33:13 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o preventivní kontrolu

#11 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

djrene
Návštěvník
Návštěvník
Příspěvky: 50
Registrován: 04 pro 2005 18:14

Re: Prosím o preventivní kontrolu

#12 Příspěvek od djrene »

Zdá se být rychlejší. Děkuji

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o preventivní kontrolu

#13 Příspěvek od Diallix »

V pohode, nemate zac :)
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno