Moje mailová schránka mi už nejakou dobu posílá maily, dnes mi přišla žádost o výkupné s ultimátem 48 hod. Sice nevěřím, že mají co říkají, ale i tak prosím o kontrolu. Antivir a antispyware bez výsledku.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (22-01-2021 17:55:46)
Running from C:\_Pal
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(ArcSoft, Inc. -> ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvastUI.exe <3>
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Macrovision Europe Ltd.) [File not signed] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDTray.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [21709904 2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Programy\AVAST Software\Avast\AvLaunch.exe [117344 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools -> PC Tools)
HKLM-x32\...\Run: [SDTray] => C:\Programy\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {127B6C7C-FAD1-467F-A605-57B0EDBF74C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Programy\Spybot - Search & Destroy 2\SDImmunize.exe [4460472 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {274671AA-2BBE-47E4-B053-0A30C1A96475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Programy\Spybot - Search & Destroy 2\SDScan.exe [4818848 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4661856 2020-11-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {55E3F8C5-F5EA-4413-A6EB-7884C44392C2} - System32\Tasks\Avast Emergency Update => C:\Programy\AVAST Software\Avast\AvEmUpdate.exe [4617832 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {695A5BC7-5581-4316-AB56-A3B2F71E04CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Programy\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
Task: {6FAFD9DD-C8CB-4F1B-8737-0A47781A0388} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5442656 2020-11-25] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8138C2E1-F250-4C6E-91BB-A8D49B2A7C3C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {886481F6-B8B1-48DC-B719-A5847487A990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {9E535FE7-7B3C-4875-AE5E-0C174D8A5F59} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-12-01] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {A6133D5C-8925-48F5-B59C-AB598BC7E704} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5442656 2020-11-16] (Avast Software s.r.o. -> Avast Software)
Task: {D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D4AF12B5-E505-402C-B0FC-EBB6F3332154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {DA4BF705-9A0A-492F-9496-21CE91B2E253} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F113A0C8-B639-410E-A674-44BDB23D14C2} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1188968 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
Task: {FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4} - System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => C:\windows\system32\pcalua.exe -a C:\Users\Citron\Desktop\vcredist_x64.exe -d C:\Users\Citron\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 [2021-01-22]
FF Homepage: Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 -> about:blank
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2020-11-02]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\langpack-cs@firefox.mozilla.org.xpi [2020-12-24]
FF Extension: (No Name) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-16]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\searchplugins\icqplugin.xml [2011-03-30]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-01-19]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxp://start.icq.com/
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\sp@avast.com.xpi [2020-06-28]
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Programy\AVAST Software\Avast\aswidsagent.exe [8454552 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Programy\AVAST Software\Avast\AvastSvc.exe [365648 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Programy\AVAST Software\Avast\afwServ.exe [1187512 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Programy\AVAST Software\Avast\aswToolsSvc.exe [3096160 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12968552 2020-12-01] (Avast Software s.r.o. -> AVAST Software)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SDScannerService; C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Programy\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7897696 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation -> Xobni Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [206408 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [332368 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [247888 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [97352 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42784 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [176744 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [521752 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-09-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [109280 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84856 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851608 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469832 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [217336 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326416 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 07:49 - 2021-01-20 07:49 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-01-16 12:14 - 2021-01-16 12:14 - 000001674 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-01-08 09:00 - 2021-01-08 09:00 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2020-12-29 10:59 - 2020-12-29 10:59 - 000000000 ____D C:\Program Files (x86)\ICQ6Toolbar
2020-12-28 23:31 - 2020-12-28 23:31 - 000000000 ____D C:\Users\Citron\AppData\Roaming\GordonsReloadingTool
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 17:56 - 2020-11-28 09:19 - 000000000 ____D C:\FRST
2021-01-22 17:55 - 2012-07-11 15:55 - 000000000 ____D C:\_Pal
2021-01-22 17:54 - 2016-11-18 12:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-01-22 17:46 - 2012-07-11 15:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-22 17:00 - 2018-05-30 06:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-01-22 16:39 - 2009-07-14 05:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-22 16:39 - 2009-07-14 05:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-22 16:38 - 2014-12-22 10:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-22 16:37 - 2013-09-20 17:44 - 000000000 ____D C:\Program Files\CCleaner
2021-01-22 16:28 - 2020-09-21 20:33 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update
2021-01-22 16:27 - 2012-07-11 16:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-01-22 16:27 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-01-21 20:23 - 2012-07-15 14:18 - 000000000 ____D C:\Users\Citron\AppData\Local\CrashDumps
2021-01-21 20:22 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2021-01-21 16:09 - 2018-04-24 13:33 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2021-01-20 21:47 - 2020-11-28 19:31 - 000003134 _____ C:\windows\system32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538}
2021-01-20 21:47 - 2018-04-26 14:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-01-20 21:47 - 2015-12-03 15:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-01-19 17:44 - 2020-06-29 14:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-01-19 17:39 - 2009-07-14 03:34 - 000000135 ____R C:\windows\system32\Drivers\etc\hosts.20210119-193853.backup
2021-01-18 13:55 - 2017-04-14 08:02 - 000004158 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-01-16 21:48 - 2020-11-29 22:04 - 000004478 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2021-01-14 17:15 - 2012-07-11 16:02 - 000000000 ____D C:\Programy
2021-01-08 15:25 - 2020-07-12 10:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-08 15:25 - 2012-07-11 15:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-05 18:47 - 2011-05-10 21:12 - 000669116 _____ C:\windows\system32\perfh005.dat
2021-01-05 18:47 - 2011-05-10 21:12 - 000141744 _____ C:\windows\system32\perfc005.dat
2021-01-05 18:47 - 2009-07-14 06:13 - 001584554 _____ C:\windows\system32\PerfStringBackup.INI
2021-01-01 11:25 - 2020-12-04 16:40 - 000003388 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-01 11:25 - 2020-12-04 16:40 - 000003260 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-01 11:22 - 2014-08-31 21:17 - 000000000 ____D C:\windows\Minidump
2021-01-01 08:44 - 2009-07-14 03:34 - 000454011 ____R C:\windows\system32\Drivers\etc\hosts.20210119-173913.backup
2020-12-31 02:44 - 2019-05-06 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-12-29 10:59 - 2012-07-11 17:52 - 000000000 ____D C:\ProgramData\ICQ
2020-12-27 09:12 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-12-26 18:04 - 2012-07-11 18:26 - 000000000 ____D C:\windows\system32\Macromed
2020-12-26 18:03 - 2011-05-10 21:11 - 000000000 ____D C:\windows\SysWOW64\Macromed
==================== Files in the root of some directories ========
2012-07-11 15:33 - 2020-11-05 22:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 12:23 - 2020-06-29 14:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg
2017-03-29 14:46 - 2017-03-29 14:46 - 000000000 _____ () C:\Users\Citron\AppData\Local\{2662E165-2985-4912-B895-E386B6A16BD4}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-20 09:05
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by Citron (22-01-2021 17:58:00)
Running from C:\_Pal
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\{4114A073-7385-4742-8A5E-A5788FAC838F}) (Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 20.1.9481.1346 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.9.2437 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.8.5262.1418 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft) Hidden
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-02-09 20:27 - 2011-02-09 20:27 - 000141824 _____ () [File not signed] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 002905600 _____ () [File not signed] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-01-27 01:35 - 2011-01-27 01:35 - 000007168 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll
2011-05-10 21:12 - 2011-01-27 01:34 - 001083392 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 000107008 _____ () [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 000008192 _____ () [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\Interop.HPQWMIEXLib.dll
2020-06-29 14:51 - 2007-11-02 15:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 14:51 - 2007-11-02 15:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 14:51 - 2007-09-04 14:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 06:45 - 2011-08-12 06:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 001412608 _____ () [File not signed] C:\windows\system32\LIBEAY32.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 002792960 _____ (Apache Software Foundation) [File not signed] C:\windows\system32\xerces-c_3_0.dll
2010-11-25 23:21 - 2010-11-25 23:21 - 004899328 _____ (Cogent Systems Inc.) [File not signed] C:\windows\system32\CgtFace_Dll.dll
2011-02-15 00:28 - 2011-02-15 00:28 - 000187016 _____ (Cogent Systems, Inc. -> Cogent Systems, Inc.) [File not signed] C:\windows\system32\BSWAuthImp.dll
2011-02-15 00:03 - 2011-02-15 00:03 - 000033928 _____ (Cogent Systems, Inc. -> TODO: <Company name>) [File not signed] C:\windows\system32\OEMComponentProvider.dll
2011-02-12 04:04 - 2011-02-12 04:04 - 000514560 ____R (Concept Software, Inc.) [File not signed] C:\windows\system32\KEYLIB64.dll
2011-02-12 04:04 - 2011-02-12 04:04 - 000495616 ____R (Concept Software, Inc.) [File not signed] C:\windows\system32\SKCA64.dll
2020-06-29 14:51 - 2011-08-15 17:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 000916992 _____ (Free Software Foundation) [File not signed] C:\windows\system32\iconv.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 000044544 _____ (Free Software Foundation) [File not signed] C:\windows\system32\intl.dll
2011-01-31 19:53 - 2011-01-31 19:53 - 000151552 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomain.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 001044480 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTHostServices.dll
2011-01-31 19:55 - 2011-01-31 19:55 - 000081920 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTStrings.dll
2011-02-07 19:43 - 2011-02-07 19:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2011-01-27 01:34 - 2011-01-27 01:34 - 000838656 _____ (HP) [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\HP.SupportFramework.dll
2014-02-01 11:25 - 2014-02-01 11:25 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL
2014-02-01 11:25 - 2014-02-01 11:25 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\MSVCP140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\ucrtbase.DLL
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\VCRUNTIME140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\VCRUNTIME140_1.dll
2011-01-11 21:04 - 2011-01-11 21:04 - 000599552 _____ (Symantec) [File not signed] C:\Program Files\Symantec\VIP Access SDK\VIPOTPProv64.dll
2011-07-28 19:20 - 2011-07-28 19:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 12:59 - 2011-01-29 12:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 12:59 - 2011-01-29 12:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 11:56 - 2010-12-12 11:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 11:58 - 2010-12-12 11:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 11:58 - 2010-12-12 11:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7946 more sites.
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com
There are 7946 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2021-01-19 19:38 - 000453771 ____R C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15604 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EFE78C0F-A8D4-4891-95B5-64FF6E45F2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56BD7C38-2B1C-4E88-A002-7E5FFD8CB975}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F4A647FE-6DB4-4C76-8C9E-996FD659191F}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E8735C39-2A5E-4B92-9353-076C65203934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A8BBF25-841F-4DAD-871C-D650D654D485}] => (Allow) C:\Programy\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{B45139AA-B604-4E88-AD7C-D39E53F3D9EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{59AE5393-1AA5-41EE-838A-14166FCE6F26}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{91EEFF27-64DA-4337-81FA-A304ABC14D6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B4365BE-7BA5-411D-B6BA-F83229ABBFE2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
11-01-2021 17:42:28 Naplánovaný kontrolní bod
19-01-2021 21:54:08 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/22/2021 05:55:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 22.1.2021.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 8a4
Čas spuštění: 01d6f0df5341adc9
Čas ukončení: 0
Cesta k aplikaci: C:\_Pal\FRST64.exe
ID hlášení: 9ed28083-5cd2-11eb-810a-e4115b2d1f2a
Error: (01/21/2021 08:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: autoreactivator.exe, verze: 20.1.9481.0, časové razítko: 0x5fbe7536
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94ee4
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003cacf
ID chybujícího procesu: 0x508
Čas spuštění chybující aplikace: 0x01d6f02ae86f34f6
Cesta k chybující aplikaci: C:\Program Files\Avast Software\Cleanup\autoreactivator.exe
Cesta k chybujícímu modulu: C:\windows\SYSTEM32\ntdll.dll
ID zprávy: 27832f9f-5c1e-11eb-bdd6-e4115b2d1f2a
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.
Kontext: aplikace Windows
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)
Error: (01/20/2021 07:53:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/22/2021 04:29:09 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80004005. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.
Error: (01/22/2021 04:28:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/22/2021 03:18:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 03:08:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/21/2021 10:36:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/21/2021 08:21:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/21/2021 06:24:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/21/2021 04:12:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.
Windows Defender:
===================================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron
Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron
Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
CodeIntegrity:
===================================
Date: 2020-06-28 14:28:08.771
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:08.631
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:05.087
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:04.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-05 16:06:52.974
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-05 16:06:52.334
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-04 16:22:23.195
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-04 16:22:23.148
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 4030.36 MB
Available physical RAM: 866.56 MB
Total Virtual: 8058.9 MB
Available Virtual: 4171.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:676.39 GB) (Free:578.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32
\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Mail mi posílá zprávy, žádost o výkupné
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Mail mi posílá zprávy, žádost o výkupné
Dobry den.
Mne chodia podobne emaily stale + ziadosti od akychsi zien a neviem co este.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Mne chodia podobne emaily stale + ziadosti od akychsi zien a neviem co este.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! 
Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Mail mi posílá zprávy, žádost o výkupné
Možnost dle popisu to nenabídlo, jen karanténu a následné čištění. restart se nekonal. log:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-22-2021
# Duration: 00:00:09
# OS: Windows 7 Home Premium
# Cleaned: 19
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\ICQ6Toolbar
Deleted C:\ProgramData\ICQ\ICQNewTab
Deleted C:\ProgramData\ICQ\ICQToolbar
***** [ Files ] *****
Deleted C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\invalidprefs.js
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|ICQ Search
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Wow6432Node\ICQ\ICQToolbar
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\URLSearchHooks|{855F3B16-6D32-4FE6-8A56-BBB695989046}
Deleted HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks|{855F3B16-6D32-4FE6-8A56-BBB695989046}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks|{855F3B16-6D32-4FE6-8A56-BBB695989046}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted http://start.icq.com/
Deleted http://start.icq.com/
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5245 octets] - [28/11/2020 10:17:02]
AdwCleaner[C00].txt - [5458 octets] - [28/11/2020 10:19:16]
AdwCleaner[S01].txt - [3460 octets] - [22/01/2021 19:09:31]
AdwCleaner[S02].txt - [3521 octets] - [22/01/2021 19:12:44]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-22-2021
# Duration: 00:00:09
# OS: Windows 7 Home Premium
# Cleaned: 19
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\ICQ6Toolbar
Deleted C:\ProgramData\ICQ\ICQNewTab
Deleted C:\ProgramData\ICQ\ICQToolbar
***** [ Files ] *****
Deleted C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\invalidprefs.js
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|ICQ Search
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Wow6432Node\ICQ\ICQToolbar
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\URLSearchHooks|{855F3B16-6D32-4FE6-8A56-BBB695989046}
Deleted HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks|{855F3B16-6D32-4FE6-8A56-BBB695989046}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks|{855F3B16-6D32-4FE6-8A56-BBB695989046}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted http://start.icq.com/
Deleted http://start.icq.com/
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5245 octets] - [28/11/2020 10:17:02]
AdwCleaner[C00].txt - [5458 octets] - [28/11/2020 10:19:16]
AdwCleaner[S01].txt - [3460 octets] - [22/01/2021 19:09:31]
AdwCleaner[S02].txt - [3521 octets] - [22/01/2021 19:12:44]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Re: Mail mi posílá zprávy, žádost o výkupné
Prosim nove logy FRST + ADDITION logy.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Mail mi posílá zprávy, žádost o výkupné
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2021
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (22-01-2021 23:20:06)
Running from C:\_Pal
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(ArcSoft, Inc. -> ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvEmUpdate.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Macrovision Europe Ltd.) [File not signed] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDTray.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [21709904 2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Programy\AVAST Software\Avast\AvLaunch.exe [117344 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools -> PC Tools)
HKLM-x32\...\Run: [SDTray] => C:\Programy\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [NeroCheck] => C:\windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {127B6C7C-FAD1-467F-A605-57B0EDBF74C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Programy\Spybot - Search & Destroy 2\SDImmunize.exe [4460472 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {274671AA-2BBE-47E4-B053-0A30C1A96475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Programy\Spybot - Search & Destroy 2\SDScan.exe [4818848 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4661856 2020-11-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2A679F4F-82FD-45D3-B310-F9B954CAB09F} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1188968 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
Task: {55E3F8C5-F5EA-4413-A6EB-7884C44392C2} - System32\Tasks\Avast Emergency Update => C:\Programy\AVAST Software\Avast\AvEmUpdate.exe [4617832 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {695A5BC7-5581-4316-AB56-A3B2F71E04CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Programy\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
Task: {6FAFD9DD-C8CB-4F1B-8737-0A47781A0388} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5442656 2020-11-25] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8138C2E1-F250-4C6E-91BB-A8D49B2A7C3C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {886481F6-B8B1-48DC-B719-A5847487A990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {9E535FE7-7B3C-4875-AE5E-0C174D8A5F59} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-12-01] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {A6133D5C-8925-48F5-B59C-AB598BC7E704} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5442656 2020-11-16] (Avast Software s.r.o. -> Avast Software)
Task: {D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D4AF12B5-E505-402C-B0FC-EBB6F3332154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {DA4BF705-9A0A-492F-9496-21CE91B2E253} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4} - System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => C:\windows\system32\pcalua.exe -a C:\Users\Citron\Desktop\vcredist_x64.exe -d C:\Users\Citron\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 [2021-01-22]
FF Homepage: Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 -> about:blank
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2020-11-02]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\langpack-cs@firefox.mozilla.org.xpi [2020-12-24]
FF Extension: (No Name) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-16]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\searchplugins\icqplugin.xml [2011-03-30]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-01-19]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxps://www.google.com/
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\sp@avast.com.xpi [2020-06-28]
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Programy\AVAST Software\Avast\aswidsagent.exe [8454552 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Programy\AVAST Software\Avast\AvastSvc.exe [365648 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Programy\AVAST Software\Avast\afwServ.exe [1187512 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Programy\AVAST Software\Avast\aswToolsSvc.exe [3096160 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12968552 2020-12-01] (Avast Software s.r.o. -> AVAST Software)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SDScannerService; C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Programy\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7897696 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation -> Xobni Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [206408 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [332368 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [247888 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [97352 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42784 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [176744 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [521752 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-09-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [109280 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84856 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851608 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469832 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [217336 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326416 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 21:53 - 2021-01-22 21:53 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Ashampoo
2021-01-22 21:15 - 2021-01-22 21:53 - 000000000 ____D C:\Users\Citron\AppData\Local\ashampoo
2021-01-22 21:01 - 2021-01-22 23:19 - 000000000 ____D C:\ProgramData\Ashampoo
2021-01-22 20:50 - 2021-01-22 20:50 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nero (32-bit)
2021-01-22 20:49 - 2021-01-22 20:49 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Ahead
2021-01-22 20:47 - 2021-01-22 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero (32-bit)
2021-01-22 20:47 - 2003-03-29 14:45 - 000089184 ____R (Ahead Software AG and its licensors) C:\windows\SysWOW64\Drivers\imagedrv.sys
2021-01-22 20:46 - 2021-01-22 20:52 - 000000000 ____D C:\Program Files (x86)\Ahead
2021-01-22 20:46 - 2001-07-09 10:50 - 000155648 ____R (Ahead Software Gmbh) C:\windows\SysWOW64\NeroCheck.exe
2021-01-22 20:46 - 2001-07-06 17:24 - 000283920 ____R (Pegasus Software, LLC) C:\windows\SysWOW64\ImagXpr5.dll
2021-01-22 20:46 - 2001-07-06 13:41 - 000569344 ____R (Pegasus Software,LLC) C:\windows\SysWOW64\imagr5.dll
2021-01-22 20:46 - 2001-07-06 11:44 - 000544768 ____R (Pegasus Software, LLC) C:\windows\SysWOW64\imagx5.dll
2021-01-22 20:46 - 2001-06-26 07:15 - 000038912 ____R (Pegasus Imaging Corp.) C:\windows\SysWOW64\picn20.dll
2021-01-20 07:49 - 2021-01-20 07:49 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-01-16 12:14 - 2021-01-16 12:14 - 000001674 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-01-08 09:00 - 2021-01-08 09:00 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2020-12-28 23:31 - 2020-12-28 23:31 - 000000000 ____D C:\Users\Citron\AppData\Roaming\GordonsReloadingTool
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 23:22 - 2020-11-28 09:19 - 000000000 ____D C:\FRST
2021-01-22 23:19 - 2012-07-11 16:02 - 000000000 ____D C:\Programy
2021-01-22 23:17 - 2020-09-21 20:33 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update
2021-01-22 23:16 - 2012-07-11 16:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-01-22 23:16 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-01-22 23:14 - 2016-11-18 12:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-01-22 21:59 - 2012-07-11 15:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-22 21:46 - 2009-07-14 05:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-22 21:46 - 2009-07-14 05:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-22 21:40 - 2013-09-20 17:44 - 000000000 ____D C:\Program Files\CCleaner
2021-01-22 21:33 - 2014-12-22 10:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-22 21:15 - 2017-03-15 19:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-22 20:59 - 2012-07-11 15:55 - 000000000 ____D C:\_Pal
2021-01-22 20:52 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2021-01-22 20:11 - 2017-04-22 17:35 - 000000000 ____D C:\Users\Citron\AppData\Roaming\vlc
2021-01-22 19:55 - 2013-09-20 18:02 - 000000000 ____D C:\AdwCleaner
2021-01-22 19:40 - 2012-07-11 15:55 - 000000000 ____D C:\Fotky
2021-01-22 19:13 - 2012-07-11 17:52 - 000000000 ____D C:\ProgramData\ICQ
2021-01-22 17:00 - 2018-05-30 06:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-01-21 20:23 - 2012-07-15 14:18 - 000000000 ____D C:\Users\Citron\AppData\Local\CrashDumps
2021-01-21 16:09 - 2018-04-24 13:33 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2021-01-20 21:47 - 2020-11-28 19:31 - 000003134 _____ C:\windows\system32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538}
2021-01-20 21:47 - 2018-04-26 14:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-01-20 21:47 - 2015-12-03 15:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-01-19 17:44 - 2020-06-29 14:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-01-19 17:39 - 2009-07-14 03:34 - 000000135 ____R C:\windows\system32\Drivers\etc\hosts.20210119-193853.backup
2021-01-18 13:55 - 2017-04-14 08:02 - 000004158 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-01-16 21:48 - 2020-11-29 22:04 - 000004478 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2021-01-08 15:25 - 2020-07-12 10:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-08 15:25 - 2012-07-11 15:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-05 18:47 - 2011-05-10 21:12 - 000669116 _____ C:\windows\system32\perfh005.dat
2021-01-05 18:47 - 2011-05-10 21:12 - 000141744 _____ C:\windows\system32\perfc005.dat
2021-01-05 18:47 - 2009-07-14 06:13 - 001584554 _____ C:\windows\system32\PerfStringBackup.INI
2021-01-01 11:25 - 2020-12-04 16:40 - 000003388 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-01 11:25 - 2020-12-04 16:40 - 000003260 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-01 11:22 - 2014-08-31 21:17 - 000000000 ____D C:\windows\Minidump
2021-01-01 08:44 - 2009-07-14 03:34 - 000454011 ____R C:\windows\system32\Drivers\etc\hosts.20210119-173913.backup
2020-12-31 02:44 - 2019-05-06 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-12-27 09:12 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-12-26 18:04 - 2012-07-11 18:26 - 000000000 ____D C:\windows\system32\Macromed
2020-12-26 18:03 - 2011-05-10 21:11 - 000000000 ____D C:\windows\SysWOW64\Macromed
==================== Files in the root of some directories ========
2012-07-11 15:33 - 2020-11-05 22:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 12:23 - 2020-06-29 14:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg
2017-03-29 14:46 - 2017-03-29 14:46 - 000000000 _____ () C:\Users\Citron\AppData\Local\{2662E165-2985-4912-B895-E386B6A16BD4}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-20 09:05
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by Citron (22-01-2021 23:23:55)
Running from C:\_Pal
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\{4114A073-7385-4742-8A5E-A5788FAC838F}) (Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 20.1.9481.1346 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.9.2437 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.8.5262.1418 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft) Hidden
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-02-09 20:27 - 2011-02-09 20:27 - 000141824 _____ () [File not signed] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 002905600 _____ () [File not signed] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-01-27 01:35 - 2011-01-27 01:35 - 000007168 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll
2011-05-10 21:12 - 2011-01-27 01:34 - 001083392 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 000107008 _____ () [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 000008192 _____ () [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\Interop.HPQWMIEXLib.dll
2020-06-29 14:51 - 2007-11-02 15:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 14:51 - 2007-11-02 15:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 14:51 - 2007-09-04 14:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 06:45 - 2011-08-12 06:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 001412608 _____ () [File not signed] C:\windows\system32\LIBEAY32.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 002792960 _____ (Apache Software Foundation) [File not signed] C:\windows\system32\xerces-c_3_0.dll
2010-11-25 23:21 - 2010-11-25 23:21 - 004899328 _____ (Cogent Systems Inc.) [File not signed] C:\windows\system32\CgtFace_Dll.dll
2011-02-15 00:28 - 2011-02-15 00:28 - 000187016 _____ (Cogent Systems, Inc. -> Cogent Systems, Inc.) [File not signed] C:\windows\system32\BSWAuthImp.dll
2011-02-15 00:03 - 2011-02-15 00:03 - 000033928 _____ (Cogent Systems, Inc. -> TODO: <Company name>) [File not signed] C:\windows\system32\OEMComponentProvider.dll
2011-02-12 04:04 - 2011-02-12 04:04 - 000514560 ____R (Concept Software, Inc.) [File not signed] C:\windows\system32\KEYLIB64.dll
2011-02-12 04:04 - 2011-02-12 04:04 - 000495616 ____R (Concept Software, Inc.) [File not signed] C:\windows\system32\SKCA64.dll
2020-06-29 14:51 - 2011-08-15 17:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 000916992 _____ (Free Software Foundation) [File not signed] C:\windows\system32\iconv.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 000044544 _____ (Free Software Foundation) [File not signed] C:\windows\system32\intl.dll
2011-01-31 19:53 - 2011-01-31 19:53 - 000151552 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomain.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 001044480 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTHostServices.dll
2011-01-31 19:55 - 2011-01-31 19:55 - 000081920 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTStrings.dll
2011-02-07 19:43 - 2011-02-07 19:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2011-01-27 01:34 - 2011-01-27 01:34 - 000838656 _____ (HP) [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\HP.SupportFramework.dll
2014-02-01 11:25 - 2014-02-01 11:25 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL
2014-02-01 11:25 - 2014-02-01 11:25 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\MSVCP140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\ucrtbase.DLL
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\VCRUNTIME140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\VCRUNTIME140_1.dll
2011-01-11 21:04 - 2011-01-11 21:04 - 000599552 _____ (Symantec) [File not signed] C:\Program Files\Symantec\VIP Access SDK\VIPOTPProv64.dll
2011-07-28 19:20 - 2011-07-28 19:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 12:59 - 2011-01-29 12:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 12:59 - 2011-01-29 12:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 11:56 - 2010-12-12 11:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 11:58 - 2010-12-12 11:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 11:58 - 2010-12-12 11:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7944 more sites.
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com
There are 7944 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2021-01-19 19:38 - 000453771 ____R C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15604 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EFE78C0F-A8D4-4891-95B5-64FF6E45F2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56BD7C38-2B1C-4E88-A002-7E5FFD8CB975}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F4A647FE-6DB4-4C76-8C9E-996FD659191F}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E8735C39-2A5E-4B92-9353-076C65203934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A8BBF25-841F-4DAD-871C-D650D654D485}] => (Allow) C:\Programy\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{B45139AA-B604-4E88-AD7C-D39E53F3D9EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{59AE5393-1AA5-41EE-838A-14166FCE6F26}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{91EEFF27-64DA-4337-81FA-A304ABC14D6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B4365BE-7BA5-411D-B6BA-F83229ABBFE2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
11-01-2021 17:42:28 Naplánovaný kontrolní bod
19-01-2021 21:54:08 Naplánovaný kontrolní bod
22-01-2021 21:08:15 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820
22-01-2021 21:15:43 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
==================== Faulty Device Manager Devices ============
Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/22/2021 05:55:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 22.1.2021.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 8a4
Čas spuštění: 01d6f0df5341adc9
Čas ukončení: 0
Cesta k aplikaci: C:\_Pal\FRST64.exe
ID hlášení: 9ed28083-5cd2-11eb-810a-e4115b2d1f2a
Error: (01/21/2021 08:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: autoreactivator.exe, verze: 20.1.9481.0, časové razítko: 0x5fbe7536
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94ee4
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003cacf
ID chybujícího procesu: 0x508
Čas spuštění chybující aplikace: 0x01d6f02ae86f34f6
Cesta k chybující aplikaci: C:\Program Files\Avast Software\Cleanup\autoreactivator.exe
Cesta k chybujícímu modulu: C:\windows\SYSTEM32\ntdll.dll
ID zprávy: 27832f9f-5c1e-11eb-bdd6-e4115b2d1f2a
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.
Kontext: aplikace Windows
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)
Error: (01/20/2021 07:53:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/22/2021 11:17:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/22/2021 11:14:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 09:36:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/22/2021 09:33:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 09:04:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 08:26:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Zařízení \Device\CdRom0 má chybný blok.
Error: (01/22/2021 07:28:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80004005. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.
Error: (01/22/2021 07:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Windows Defender:
===================================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron
Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron
Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
CodeIntegrity:
===================================
Date: 2020-06-28 14:28:08.771
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:08.631
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:05.087
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:04.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-05 16:06:52.974
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-05 16:06:52.334
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-04 16:22:23.195
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-04 16:22:23.148
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 80%
Total physical RAM: 4030.36 MB
Available physical RAM: 780.37 MB
Total Virtual: 8058.9 MB
Available Virtual: 4187.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:676.39 GB) (Free:595.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32
\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End of Addition.txt =======================
Ran by Citron (administrator) on CITRONIDLO (Hewlett-Packard HP ProBook 4530s) (22-01-2021 23:20:06)
Running from C:\_Pal
Loaded Profiles: Citron
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Programy\Rainlendar2\Rainlendar2.exe
(ArcSoft, Inc. -> ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\avast software\SecureLine VPN\VpnSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Programy\AVAST Software\Avast\AvEmUpdate.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Macrovision Europe Ltd.) [File not signed] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Inc -> Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDTray.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Programy\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [21709904 2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Programy\AVAST Software\Avast\AvLaunch.exe [117344 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools -> PC Tools)
HKLM-x32\...\Run: [SDTray] => C:\Programy\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [NeroCheck] => C:\windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [Rainlendar2] => C:\Programy\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] () [File not signed]
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Winlogon\GPExtensions: [{D75A25CD-0CCA-4C3C-A5E6-94039CC03B72}] -> c:\Windows\system32\DPLic.dll [2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {127B6C7C-FAD1-467F-A605-57B0EDBF74C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Programy\Spybot - Search & Destroy 2\SDImmunize.exe [4460472 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {16FDFC7E-4C9C-4B03-A55A-A88111667DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {274671AA-2BBE-47E4-B053-0A30C1A96475} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Programy\Spybot - Search & Destroy 2\SDScan.exe [4818848 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {297F3292-8529-49B9-9795-7DDB56A05D25} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4661856 2020-11-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 3df9be00-2d4b-4fbd-8ba1-5159d1dfa004
Task: {2A679F4F-82FD-45D3-B310-F9B954CAB09F} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1188968 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
Task: {55E3F8C5-F5EA-4413-A6EB-7884C44392C2} - System32\Tasks\Avast Emergency Update => C:\Programy\AVAST Software\Avast\AvEmUpdate.exe [4617832 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
Task: {578033CC-051B-4EBD-8062-285BAE0BDDD6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {62459F05-C238-4A71-857A-57D1A5B6DFF5} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2011-01-25] (Hewlett-Packard Company -> )
Task: {695A5BC7-5581-4316-AB56-A3B2F71E04CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Programy\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {6B651EBD-A992-4C4B-942D-792024AD09E7} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2201560 2011-12-12] (PC Tools -> PC Tools)
Task: {6FAFD9DD-C8CB-4F1B-8737-0A47781A0388} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {70181105-497C-412F-833A-561EFCACB892} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5442656 2020-11-25] (Avast Software s.r.o. -> Avast Software)
Task: {765F8E8C-A40E-4CA2-AFCA-78224A6754E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8138C2E1-F250-4C6E-91BB-A8D49B2A7C3C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {886481F6-B8B1-48DC-B719-A5847487A990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {9E535FE7-7B3C-4875-AE5E-0C174D8A5F59} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-12-01] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8e7ab03c-fd72-46de-bf97-7145cc0e0713
Task: {A6133D5C-8925-48F5-B59C-AB598BC7E704} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {AE8BC164-1C92-448D-B105-1D17222BF0D8} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5442656 2020-11-16] (Avast Software s.r.o. -> Avast Software)
Task: {D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D4AF12B5-E505-402C-B0FC-EBB6F3332154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {DA4BF705-9A0A-492F-9496-21CE91B2E253} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4} - System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => C:\windows\system32\pcalua.exe -a C:\Users\Citron\Desktop\vcredist_x64.exe -d C:\Users\Citron\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{A7F6367F-3D94-4B8E-881D-DE8832225970}: [DhcpNameServer] 192.168.5.1 192.168.1.1
Tcpip\..\Interfaces\{B1E8BFDC-2148-4261-81EB-3F462AE02610}: [DhcpNameServer] 192.168.5.1
FireFox:
========
FF DefaultProfile: ng7a8cym.default-1379696775163
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 [2021-01-22]
FF Homepage: Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 -> about:blank
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2020-11-02]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\langpack-cs@firefox.mozilla.org.xpi [2020-12-24]
FF Extension: (No Name) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-16]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513\searchplugins\icqplugin.xml [2011-03-30]
FF ProfilePath: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 [2021-01-19]
FF Homepage: Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163 -> hxxps://www.google.com/
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\sp@avast.com.xpi [2020-06-28]
FF Extension: (Adblock na Youtube™) - C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-05]
FF SearchPlugin: C:\Users\Citron\AppData\Roaming\Mozilla\Firefox\Profiles\ng7a8cym.default-1379696775163\searchplugins\icqplugin.xml [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-10] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Programy\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Programy\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Programy\AVAST Software\Avast\aswidsagent.exe [8454552 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Programy\AVAST Software\Avast\AvastSvc.exe [365648 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Programy\AVAST Software\Avast\afwServ.exe [1187512 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Programy\AVAST Software\Avast\aswToolsSvc.exe [3096160 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12968552 2020-12-01] (Avast Software s.r.o. -> AVAST Software)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2016-11-11] (Macrovision Europe Ltd.) [File not signed]
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S4 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools -> PC Tools)
R2 SDScannerService; C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Programy\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7897696 2020-11-18] (Avast Software s.r.o. -> AVAST Software)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation -> Xobni Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc. -> ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [206408 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [332368 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [247888 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [97352 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42784 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [176744 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [521752 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-09-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [109280 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84856 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851608 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469832 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [217336 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [53904 2017-04-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326416 2020-11-29] (Avast Software s.r.o. -> AVAST Software)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [486144 2011-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Solutions, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd -> DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R3 nusb3hub; C:\windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-15] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
R1 SpyEmrg; C:\windows\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\windows\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\windows\System32\Drivers\spyemrg_guard.sys [19656 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 21:53 - 2021-01-22 21:53 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Ashampoo
2021-01-22 21:15 - 2021-01-22 21:53 - 000000000 ____D C:\Users\Citron\AppData\Local\ashampoo
2021-01-22 21:01 - 2021-01-22 23:19 - 000000000 ____D C:\ProgramData\Ashampoo
2021-01-22 20:50 - 2021-01-22 20:50 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nero (32-bit)
2021-01-22 20:49 - 2021-01-22 20:49 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Ahead
2021-01-22 20:47 - 2021-01-22 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero (32-bit)
2021-01-22 20:47 - 2003-03-29 14:45 - 000089184 ____R (Ahead Software AG and its licensors) C:\windows\SysWOW64\Drivers\imagedrv.sys
2021-01-22 20:46 - 2021-01-22 20:52 - 000000000 ____D C:\Program Files (x86)\Ahead
2021-01-22 20:46 - 2001-07-09 10:50 - 000155648 ____R (Ahead Software Gmbh) C:\windows\SysWOW64\NeroCheck.exe
2021-01-22 20:46 - 2001-07-06 17:24 - 000283920 ____R (Pegasus Software, LLC) C:\windows\SysWOW64\ImagXpr5.dll
2021-01-22 20:46 - 2001-07-06 13:41 - 000569344 ____R (Pegasus Software,LLC) C:\windows\SysWOW64\imagr5.dll
2021-01-22 20:46 - 2001-07-06 11:44 - 000544768 ____R (Pegasus Software, LLC) C:\windows\SysWOW64\imagx5.dll
2021-01-22 20:46 - 2001-06-26 07:15 - 000038912 ____R (Pegasus Imaging Corp.) C:\windows\SysWOW64\picn20.dll
2021-01-20 07:49 - 2021-01-20 07:49 - 000295568 _____ C:\windows\system32\FNTCACHE.DAT
2021-01-16 12:14 - 2021-01-16 12:14 - 000001674 _____ C:\Users\Citron\Desktop\GordonsReloadingTool.lnk
2021-01-08 09:00 - 2021-01-08 09:00 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2020-12-28 23:31 - 2020-12-28 23:31 - 000000000 ____D C:\Users\Citron\AppData\Roaming\GordonsReloadingTool
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 23:22 - 2020-11-28 09:19 - 000000000 ____D C:\FRST
2021-01-22 23:19 - 2012-07-11 16:02 - 000000000 ____D C:\Programy
2021-01-22 23:17 - 2020-09-21 20:33 - 000003938 _____ C:\windows\system32\Tasks\Avast SecureLine VPN Update
2021-01-22 23:16 - 2012-07-11 16:06 - 000000000 ____D C:\Users\Citron\.rainlendar2
2021-01-22 23:16 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-01-22 23:14 - 2016-11-18 12:44 - 000000000 ____D C:\Users\Citron\AppData\LocalLow\Mozilla
2021-01-22 21:59 - 2012-07-11 15:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-22 21:46 - 2009-07-14 05:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-22 21:46 - 2009-07-14 05:45 - 000019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-22 21:40 - 2013-09-20 17:44 - 000000000 ____D C:\Program Files\CCleaner
2021-01-22 21:33 - 2014-12-22 10:02 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-22 21:15 - 2017-03-15 19:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-22 20:59 - 2012-07-11 15:55 - 000000000 ____D C:\_Pal
2021-01-22 20:52 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2021-01-22 20:11 - 2017-04-22 17:35 - 000000000 ____D C:\Users\Citron\AppData\Roaming\vlc
2021-01-22 19:55 - 2013-09-20 18:02 - 000000000 ____D C:\AdwCleaner
2021-01-22 19:40 - 2012-07-11 15:55 - 000000000 ____D C:\Fotky
2021-01-22 19:13 - 2012-07-11 17:52 - 000000000 ____D C:\ProgramData\ICQ
2021-01-22 17:00 - 2018-05-30 06:39 - 000000000 ____D C:\Users\Citron\AppData\Local\AVAST Software
2021-01-21 20:23 - 2012-07-15 14:18 - 000000000 ____D C:\Users\Citron\AppData\Local\CrashDumps
2021-01-21 16:09 - 2018-04-24 13:33 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2021-01-20 21:47 - 2020-11-28 19:31 - 000003134 _____ C:\windows\system32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538}
2021-01-20 21:47 - 2018-04-26 14:35 - 000002796 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2021-01-20 21:47 - 2015-12-03 15:34 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2021-01-19 17:44 - 2020-06-29 14:51 - 000000000 ____D C:\Users\Citron\AppData\Roaming\Spy Emergency
2021-01-19 17:39 - 2009-07-14 03:34 - 000000135 ____R C:\windows\system32\Drivers\etc\hosts.20210119-193853.backup
2021-01-18 13:55 - 2017-04-14 08:02 - 000004158 _____ C:\windows\system32\Tasks\Avast Emergency Update
2021-01-16 21:48 - 2020-11-29 22:04 - 000004478 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2021-01-08 15:25 - 2020-07-12 10:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-08 15:25 - 2012-07-11 15:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-05 18:47 - 2011-05-10 21:12 - 000669116 _____ C:\windows\system32\perfh005.dat
2021-01-05 18:47 - 2011-05-10 21:12 - 000141744 _____ C:\windows\system32\perfc005.dat
2021-01-05 18:47 - 2009-07-14 06:13 - 001584554 _____ C:\windows\system32\PerfStringBackup.INI
2021-01-01 11:25 - 2020-12-04 16:40 - 000003388 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-01 11:25 - 2020-12-04 16:40 - 000003260 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-01 11:22 - 2014-08-31 21:17 - 000000000 ____D C:\windows\Minidump
2021-01-01 08:44 - 2009-07-14 03:34 - 000454011 ____R C:\windows\system32\Drivers\etc\hosts.20210119-173913.backup
2020-12-31 02:44 - 2019-05-06 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-12-27 09:12 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-12-26 18:04 - 2012-07-11 18:26 - 000000000 ____D C:\windows\system32\Macromed
2020-12-26 18:03 - 2011-05-10 21:11 - 000000000 ____D C:\windows\SysWOW64\Macromed
==================== Files in the root of some directories ========
2012-07-11 15:33 - 2020-11-05 22:38 - 000004586 _____ () C:\Users\Citron\AppData\Local\mbt-actwiz.log
2012-10-28 12:23 - 2020-06-29 14:35 - 000007601 _____ () C:\Users\Citron\AppData\Local\resmon.resmoncfg
2017-03-29 14:46 - 2017-03-29 14:46 - 000000000 _____ () C:\Users\Citron\AppData\Local\{2662E165-2985-4912-B895-E386B6A16BD4}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-20 09:05
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by Citron (22-01-2021 23:23:55)
Running from C:\_Pal
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-11 14:19:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1536627339-1155438233-2228032490-500 - Administrator - Disabled)
Citron (S-1-5-21-1536627339-1155438233-2228032490-1001 - Administrator - Enabled) => C:\Users\Citron
Guest (S-1-5-21-1536627339-1155438233-2228032490-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Spy Emergency (Disabled - Up to date) {CC339280-553F-D68A-6F68-9FB25810C8B4}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\{4114A073-7385-4742-8A5E-A5788FAC838F}) (Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{63E42DE7-C468-31B0-E373-173C67C87B88}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 20.1.9481.1346 - Avast Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.9.2437 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.8.5262.1418 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Silent Hunter III (HKLM-x32\...\{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft) Hidden
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Skype verze 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
Spy Emergency 2020-25.0.770 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WMV9/VC-1 Video Playback (HKLM\...\{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files\Motorola\Bluetooth\btmshell.dll [2011-02-15] (Motorola Inc -> Motorola Solutions, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programy\AVAST Software\Avast\ashShell.dll [2020-11-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Programy\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-02-09 20:27 - 2011-02-09 20:27 - 000141824 _____ () [File not signed] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 002905600 _____ () [File not signed] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-01-27 01:35 - 2011-01-27 01:35 - 000007168 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll
2011-05-10 21:12 - 2011-01-27 01:34 - 001083392 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 000107008 _____ () [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 000008192 _____ () [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\Interop.HPQWMIEXLib.dll
2020-06-29 14:51 - 2007-11-02 15:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2020-06-29 14:51 - 2007-11-02 15:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2020-06-29 14:51 - 2007-09-04 14:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 000012288 _____ () [File not signed] C:\Programy\Rainlendar2\lfs.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 000126976 _____ () [File not signed] C:\Programy\Rainlendar2\lua51.dll
2011-08-12 06:45 - 2011-08-12 06:45 - 000198144 _____ () [File not signed] C:\Programy\Rainlendar2\plugins\iCalendarPlugin.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 001412608 _____ () [File not signed] C:\windows\system32\LIBEAY32.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 002792960 _____ (Apache Software Foundation) [File not signed] C:\windows\system32\xerces-c_3_0.dll
2010-11-25 23:21 - 2010-11-25 23:21 - 004899328 _____ (Cogent Systems Inc.) [File not signed] C:\windows\system32\CgtFace_Dll.dll
2011-02-15 00:28 - 2011-02-15 00:28 - 000187016 _____ (Cogent Systems, Inc. -> Cogent Systems, Inc.) [File not signed] C:\windows\system32\BSWAuthImp.dll
2011-02-15 00:03 - 2011-02-15 00:03 - 000033928 _____ (Cogent Systems, Inc. -> TODO: <Company name>) [File not signed] C:\windows\system32\OEMComponentProvider.dll
2011-02-12 04:04 - 2011-02-12 04:04 - 000514560 ____R (Concept Software, Inc.) [File not signed] C:\windows\system32\KEYLIB64.dll
2011-02-12 04:04 - 2011-02-12 04:04 - 000495616 ____R (Concept Software, Inc.) [File not signed] C:\windows\system32\SKCA64.dll
2020-06-29 14:51 - 2011-08-15 17:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 000916992 _____ (Free Software Foundation) [File not signed] C:\windows\system32\iconv.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 000044544 _____ (Free Software Foundation) [File not signed] C:\windows\system32\intl.dll
2011-01-31 19:53 - 2011-01-31 19:53 - 000151552 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomain.dll
2011-01-31 19:54 - 2011-01-31 19:54 - 001044480 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTHostServices.dll
2011-01-31 19:55 - 2011-01-31 19:55 - 000081920 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTStrings.dll
2011-02-07 19:43 - 2011-02-07 19:43 - 005263872 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
2011-01-27 01:34 - 2011-01-27 01:34 - 000838656 _____ (HP) [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\HP.SupportFramework.dll
2014-02-01 11:25 - 2014-02-01 11:25 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL
2014-02-01 11:25 - 2014-02-01 11:25 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-11-29 09:07 - 2020-11-29 09:07 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\MSVCP140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\ucrtbase.DLL
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\VCRUNTIME140.dll
2021-01-22 15:10 - 2021-01-22 15:10 - 000000000 ____L (Microsoft Corporation) C:\Programy\AVAST Software\Avast\defs\21012202\avast.local_vc142.crt\VCRUNTIME140_1.dll
2011-01-11 21:04 - 2011-01-11 21:04 - 000599552 _____ (Symantec) [File not signed] C:\Program Files\Symantec\VIP Access SDK\VIPOTPProv64.dll
2011-07-28 19:20 - 2011-07-28 19:20 - 000244736 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Programy\Rainlendar2\libcurl.dll
2011-01-29 12:59 - 2011-01-29 12:59 - 001102336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\LIBEAY32.dll
2011-01-29 12:59 - 2011-01-29 12:59 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Programy\Rainlendar2\SSLEAY32.dll
2010-12-12 11:56 - 2010-12-12 11:56 - 001205760 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_vc_rny.dll
2010-12-12 11:58 - 2010-12-12 11:58 - 000131584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxbase28u_xml_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 000707584 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_adv_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 002633216 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_core_vc_rny.dll
2010-12-12 11:57 - 2010-12-12 11:57 - 000485376 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_html_vc_rny.dll
2010-12-12 11:58 - 2010-12-12 11:58 - 000502784 _____ (wxWidgets development team) [File not signed] C:\Programy\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7944 more sites.
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\...\123simsen.com -> www.123simsen.com
There are 7944 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2021-01-19 19:38 - 000453771 ____R C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15604 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Citron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPConnectionManager => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EFE78C0F-A8D4-4891-95B5-64FF6E45F2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56BD7C38-2B1C-4E88-A002-7E5FFD8CB975}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F4A647FE-6DB4-4C76-8C9E-996FD659191F}C:\programy\winamp\winamp.exe] => (Block) C:\programy\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E8735C39-2A5E-4B92-9353-076C65203934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A8BBF25-841F-4DAD-871C-D650D654D485}] => (Allow) C:\Programy\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{B45139AA-B604-4E88-AD7C-D39E53F3D9EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{59AE5393-1AA5-41EE-838A-14166FCE6F26}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{91EEFF27-64DA-4337-81FA-A304ABC14D6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B4365BE-7BA5-411D-B6BA-F83229ABBFE2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Programy\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
11-01-2021 17:42:28 Naplánovaný kontrolní bod
19-01-2021 21:54:08 Naplánovaný kontrolní bod
22-01-2021 21:08:15 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820
22-01-2021 21:15:43 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
==================== Faulty Device Manager Devices ============
Name: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Description: Realtek Motorola BC8 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/22/2021 05:55:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 22.1.2021.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 8a4
Čas spuštění: 01d6f0df5341adc9
Čas ukončení: 0
Cesta k aplikaci: C:\_Pal\FRST64.exe
ID hlášení: 9ed28083-5cd2-11eb-810a-e4115b2d1f2a
Error: (01/21/2021 08:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: autoreactivator.exe, verze: 20.1.9481.0, časové razítko: 0x5fbe7536
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94ee4
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003cacf
ID chybujícího procesu: 0x508
Čas spuštění chybující aplikace: 0x01d6f02ae86f34f6
Cesta k chybující aplikaci: C:\Program Files\Avast Software\Cleanup\autoreactivator.exe
Cesta k chybujícímu modulu: C:\windows\SYSTEM32\ntdll.dll
ID zprávy: 27832f9f-5c1e-11eb-bdd6-e4115b2d1f2a
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.
Kontext: aplikace Windows
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/20/2021 07:53:34 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)
Error: (01/20/2021 07:53:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/22/2021 11:17:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/22/2021 11:14:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 09:36:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (01/22/2021 09:33:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 09:04:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/22/2021 08:26:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Zařízení \Device\CdRom0 má chybný blok.
Error: (01/22/2021 07:28:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80004005. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.
Error: (01/22/2021 07:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Windows Defender:
===================================
Date: 2016-01-28 17:25:13.891
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C5B06EE9-5815-45BD-9F3A-089279E2DDBF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
Date: 2015-05-02 16:14:27.837
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{52BED4F3-1B3D-4771-86AE-99773FBE6CBB}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron
Date: 2015-05-01 08:08:22.456
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{02636881-D547-43A1-A918-CF1FA67E9967}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
Date: 2014-12-10 21:46:39.666
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BF8F101D-5D30-40F3-89CF-2A6B4CE4ECD4}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Citronidlo\Citron
Date: 2013-08-17 05:04:53.918
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0E03EA01-0797-4A4D-AF6E-81BAA5790D90}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE
CodeIntegrity:
===================================
Date: 2020-06-28 14:28:08.771
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:08.631
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:05.087
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-28 14:28:04.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Citron\AppData\Local\Temp\bcmwlNTP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-05 16:06:52.974
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-05 16:06:52.334
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-04 16:22:23.195
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-04 16:22:23.148
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard 68SRR Ver. F.0A 07/18/2011
Motherboard: Hewlett-Packard 167C
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 80%
Total physical RAM: 4030.36 MB
Available physical RAM: 780.37 MB
Total Virtual: 8058.9 MB
Available Virtual: 4187.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:676.39 GB) (Free:595.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.95 GB) (Free:2.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32
\\?\Volume{ac3b751b-3067-11e1-9518-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9FD8FEA1)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End of Addition.txt =======================
Re: Mail mi posílá zprávy, žádost o výkupné
Mate nainstalovane dva AntiSpyware - Spybot - Search and Destroy, Spy Emergency . Zbytocne je zatazeny system.
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Do poznamkoveho bloku skopirujte obsah dole:
Kód: Vybrat vše
HKLM-x32\...\Run: [NeroCheck] => C:\windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {886481F6-B8B1-48DC-B719-A5847487A990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D4AF12B5-E505-402C-B0FC-EBB6F3332154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {DA4BF705-9A0A-492F-9496-21CE91B2E253} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4} - System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => C:\windows\system32\pcalua.exe -a C:\Users\Citron\Desktop\vcredist_x64.exe -d C:\Users\Citron\Desktop
FF Homepage: Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 -> about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Mail mi posílá zprávy, žádost o výkupné
Z toho si nic nedělejte a nic nikam neposílejte, to chodí i mě a pravděpodobně i tisícům dalšich už několik let i přesto že v mým případě je to úplná blbost protože danou činnost neprovozuju ani nemám žádnou webkameru kterou by mě natočili. Nikdy sem nic neposlal a nikdy nikdo nic nezveřejnil. Většinou požadujou platbu v kryptoměnách protože účty jsou anonymní. To vám neposílá vaše schránka, tu odchozí adresu si tam můžou v případě některých smtp napsat jakou chtěj. Během 20. a 21. mi to přišlo asi 5x 
Adresa odesílatele je moje ale v hlavičce je že to jde z IP která patří nějakýmu telecomu italia. Odpovědi se dají najít na internetu:
https://www.hoax.cz/scam419/aktuality/v ... o-uctu_596
https://www.dvojklik.cz/natocil-jsem-va ... ych-mailu/
Blockchain (účetní kniha kryptoměn) je většinou veřejně přístupný a když tam zadám adresu kterou jsem měl ve spamu já tak je vidět že jim to zatím poslali jen 2 lidi To je docela neúspěch na pravděpodobně tisíce oslovených, ne? Divím se že je to stále baví riskovat pro pár šupů. https://www.blockchain.com/btc/address/ ... 8K6uRKHVnt
Adresa odesílatele je moje ale v hlavičce je že to jde z IP která patří nějakýmu telecomu italia. Odpovědi se dají najít na internetu: https://www.hoax.cz/scam419/aktuality/v ... o-uctu_596
https://www.dvojklik.cz/natocil-jsem-va ... ych-mailu/
Blockchain (účetní kniha kryptoměn) je většinou veřejně přístupný a když tam zadám adresu kterou jsem měl ve spamu já tak je vidět že jim to zatím poslali jen 2 lidi
To je docela neúspěch na pravděpodobně tisíce oslovených, ne? Divím se že je to stále baví riskovat pro pár šupů. https://www.blockchain.com/btc/address/ ... 8K6uRKHVntRe: Mail mi posílá zprávy, žádost o výkupné
O tech antispywarech vím, pro jeden se rozhodnu...
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by Citron (23-01-2021 07:31:22) Run:3
Running from C:\_Pal
Loaded Profiles: Citron
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [NeroCheck] => C:\windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {886481F6-B8B1-48DC-B719-A5847487A990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D4AF12B5-E505-402C-B0FC-EBB6F3332154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {DA4BF705-9A0A-492F-9496-21CE91B2E253} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4} - System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => C:\windows\system32\pcalua.exe -a C:\Users\Citron\Desktop\vcredist_x64.exe -d C:\Users\Citron\Desktop
FF Homepage: Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 -> about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NeroCheck" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{886481F6-B8B1-48DC-B719-A5847487A990}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{886481F6-B8B1-48DC-B719-A5847487A990}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4AF12B5-E505-402C-B0FC-EBB6F3332154}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AF12B5-E505-402C-B0FC-EBB6F3332154}" => removed successfully
C:\windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA4BF705-9A0A-492F-9496-21CE91B2E253}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA4BF705-9A0A-492F-9496-21CE91B2E253}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4}" => removed successfully
C:\windows\System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09C009D4-D061-49F6-AC95-70479C75D538}" => removed successfully
"Firefox homepage" => removed successfully
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12081018 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 27668 B
Edge => 0 B
Chrome => 0 B
Brave => 0 B
Vivaldi => 0 B
Firefox => 1124001609 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 128 B
Citron => 4643340 B
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End 2 Fixlog 07:31:58 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by Citron (23-01-2021 07:31:22) Run:3
Running from C:\_Pal
Loaded Profiles: Citron
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [NeroCheck] => C:\windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {886481F6-B8B1-48DC-B719-A5847487A990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D4AF12B5-E505-402C-B0FC-EBB6F3332154} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {DA4BF705-9A0A-492F-9496-21CE91B2E253} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4} - System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => C:\windows\system32\pcalua.exe -a C:\Users\Citron\Desktop\vcredist_x64.exe -d C:\Users\Citron\Desktop
FF Homepage: Mozilla\Firefox\Profiles\xxiki3cb.default-release-1604331180513 -> about:blank
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NeroCheck" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{886481F6-B8B1-48DC-B719-A5847487A990}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{886481F6-B8B1-48DC-B719-A5847487A990}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D08D5DE6-20DA-4EDD-BD1C-F782D752C3DA}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4AF12B5-E505-402C-B0FC-EBB6F3332154}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AF12B5-E505-402C-B0FC-EBB6F3332154}" => removed successfully
C:\windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA4BF705-9A0A-492F-9496-21CE91B2E253}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA4BF705-9A0A-492F-9496-21CE91B2E253}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA9BEEB4-B7D9-4E40-B214-A3832FF5E7A4}" => removed successfully
C:\windows\System32\Tasks\{09C009D4-D061-49F6-AC95-70479C75D538} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09C009D4-D061-49F6-AC95-70479C75D538}" => removed successfully
"Firefox homepage" => removed successfully
HKU\S-1-5-21-1536627339-1155438233-2228032490-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12081018 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 27668 B
Edge => 0 B
Chrome => 0 B
Brave => 0 B
Vivaldi => 0 B
Firefox => 1124001609 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 128 B
Citron => 4643340 B
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End 2 Fixlog 07:31:58 ====
Re: Mail mi posílá zprávy, žádost o výkupné
Ok. Ako je na tom pocitac? Islo len o docistenie, v pocitaci nic nebezpecne nebezalo.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Mail mi posílá zprávy, žádost o výkupné
Po rebootu rychlejší start. Zantelně rychlejší. Ještě vyhodím jeden antispyware a bude.
Děkuji za dočištění. Je zajímavé, kolik se toho i tak najde, kde jsou doby kdy bylo HJT jen pár řádků...
Děkuji za dočištění. Je zajímavé, kolik se toho i tak najde, kde jsou doby kdy bylo HJT jen pár řádků...
Re: Mail mi posílá zprávy, žádost o výkupné
V tych dobach bolo aj malware zretelne rozsirenejsie prave z nedokonaleho docistenia.
Nemate zaco :]]
Nemate zaco :]]
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Mail mi posílá zprávy, žádost o výkupné
Ještě jednou děkuji, věnuji nap rovoz, zasloužíte si to
Re: Mail mi posílá zprávy, žádost o výkupné
Super, v mene fora, dakujeme :]]
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Přispějete na provoz fóra?