pokračování ..
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{98C150A3-E423-4E7E-A9FE-C59D25D7E825}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F908FDFB-B8AE-4A96-AB15-F7A943C5736D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5CD1BD55-DB9C-41AB-9F55-49C97F722826}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C5734AE2-1F3E-4509-A510-8F22E043FD39}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{00BB64FF-5E02-46B0-8CAA-8B8C86D341DA}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B793BC42-CC6B-4E1B-9F5F-03DACEBAC7D3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E8E954F6-6E1C-40F8-9CBA-B5C950A3F30D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{91FCC058-AD0F-48D8-8022-A565032A171C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9F3DB691-DB48-43CD-B341-C1455885EB72}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9649B6F9-685F-4DEF-BEDC-0A633DA3B7B0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{ECF1B762-AE64-4103-8A24-C0286A1670B7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{677F3703-97E0-496E-9F08-5091A4E256ED}D:\battlefield 4\battlefield 4\bf4.exe] => (Allow) D:\battlefield 4\battlefield 4\bf4.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [UDP Query User{B0DE1F9C-89D1-43A0-A12E-44608F40858A}D:\battlefield 4\battlefield 4\bf4.exe] => (Allow) D:\battlefield 4\battlefield 4\bf4.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [TCP Query User{96BB1A1D-F84C-4AE7-A07C-6DCBD2BD8EF7}D:\crysis 3\instalace\crysis3remastered\bin64\crysis3remastered.exe] => (Allow) D:\crysis 3\instalace\crysis3remastered\bin64\crysis3remastered.exe (Crytek GmbH) [File not signed]
FirewallRules: [UDP Query User{7FC40B18-01CE-45D9-8438-F964B78B3071}D:\crysis 3\instalace\crysis3remastered\bin64\crysis3remastered.exe] => (Allow) D:\crysis 3\instalace\crysis3remastered\bin64\crysis3remastered.exe (Crytek GmbH) [File not signed]
FirewallRules: [{E8F5E4E6-9F89-4F1E-A6FB-5EA7C3AE6777}] => (Block) D:\crysis 3\instalace\crysis3remastered\bin64\crysis3remastered.exe (Crytek GmbH) [File not signed]
FirewallRules: [{F54C9B1C-DE4F-4EC5-8ACC-DE409DA10E1C}] => (Block) D:\crysis 3\instalace\crysis3remastered\bin64\crysis3remastered.exe (Crytek GmbH) [File not signed]
FirewallRules: [{3CF43EC1-108E-460E-8F62-6BF3150EE50F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
19-12-2023 16:28:15 End of disinfection
19-12-2023 16:59:11 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/19/2023 07:05:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (12/19/2023 07:05:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (12/19/2023 07:05:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (12/19/2023 06:41:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (12/19/2023 06:41:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (12/19/2023 06:41:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (12/19/2023 05:21:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (12/19/2023 05:21:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
System errors:
=============
Error: (12/19/2023 05:47:59 PM) (Source: DCOM) (EventID: 10010) (User: ROMAN)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/19/2023 05:02:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:54:37, 19.12.2023) bylo neočekávané.
Error: (12/19/2023 04:48:01 PM) (Source: DCOM) (EventID: 10010) (User: ROMAN)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/19/2023 04:16:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba hvsics závisí na službě CmService, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.
Error: (12/19/2023 04:16:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba CmService závisí na službě hns, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.
Error: (12/19/2023 04:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VMSP neuspěla při spuštění v důsledku následující chyby:
K dokončení požadované služby není k dispozici dostatek prostředků.
Error: (12/19/2023 04:16:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba hns závisí na službě VfpExt, která neuspěla při spuštění v důsledku následující chyby:
Zařízení připojené k systému nefunguje.
Error: (12/19/2023 12:03:43 PM) (Source: DCOM) (EventID: 10010) (User: ROMAN)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2023-11-29 17:41:26
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0Název: HackTool:Win32/DefenderControl!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_C:\Users\Roman\Desktop\aktivace\defender 2.1.rar; file:_C:\Users\Roman\Desktop\aktivace\defender 2.1.rar->defender 2.1\dControl.exe; webfile:_C:\Users\Roman\Desktop\aktivace\defender 2.1.rar|https://vip.17.dl.webshare.cz/8300/udt78FbdZM/524288000/eJw1jstqwzAQRX+lzKIrIUvWcwQhu2xC3VUIFEORI4kEgh3GdgMp_fcqhS7v4d4z8w0RAkhnuRQtl0ZxVMDgAkEwWCBIJ1qpEFEy+KqRwQrBoPHIYP7LNwgLrZnBWEUplzymTC_VxSlSVaWK0SpVinZWe_TxVMSAyVkUSlhvo8bBtlliq5_1ehTK5Zo_03Qfr1NMFVJl9zzM50iZnx598yz0zZoW53dD+njrm20mmmhz6Pbd+7F7nTZ1ttD_b_MDgjbGa_XzCyjAQnk/18861133d4ea7b2efc97b6de7cf20efef6e60dc3/defender-2.1.rar|pid:10152,ProcessStart:133457496857493660
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: Roman\Roman
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.401.1392.0, AS: 1.401.1392.0, NIS: 1.401.1392.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-29 17:41:15
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0Název: HackTool:Win32/DefenderControl!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_C:\Users\Roman\Desktop\aktivace\defender 2.1.rar; file:_C:\Users\Roman\Desktop\aktivace\defender 2.1.rar->defender 2.1\dControl.exe; webfile:_C:\Users\Roman\Desktop\aktivace\defender 2.1.rar|https://vip.17.dl.webshare.cz/8300/udt78FbdZM/524288000/eJw1jstqwzAQRX+lzKIrIUvWcwQhu2xC3VUIFEORI4kEgh3GdgMp_fcqhS7v4d4z8w0RAkhnuRQtl0ZxVMDgAkEwWCBIJ1qpEFEy+KqRwQrBoPHIYP7LNwgLrZnBWEUplzymTC_VxSlSVaWK0SpVinZWe_TxVMSAyVkUSlhvo8bBtlliq5_1ehTK5Zo_03Qfr1NMFVJl9zzM50iZnx598yz0zZoW53dD+njrm20mmmhz6Pbd+7F7nTZ1ttD_b_MDgjbGa_XzCyjAQnk/18861133d4ea7b2efc97b6de7cf20efef6e60dc3/defender-2.1.rar|pid:9316,ProcessStart:133457496747767797
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: Roman\Roman
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.401.1392.0, AS: 1.401.1392.0, NIS: 1.401.1392.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-28 19:52:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0Název: Backdoor:Win32/Bladabindi!ml
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\Roman\AppData\Local\Temp\Temp1_Ccleaner Professional v5 12 5431 FINAL Serials.zip\Ccleaner Professional v5 12 5431 FINAL + Serials.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: Roman\Roman
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.401.1290.0, AS: 1.401.1290.0, NIS: 1.401.1290.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-28 19:52:06
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0Název: Backdoor:Win32/Bladabindi!ml
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\Roman\AppData\Local\Temp\Temp1_Ccleaner Professional v5 12 5431 FINAL Serials.zip\Ccleaner Professional v5 12 5431 FINAL + Serials.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: Roman\Roman
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.401.1290.0, AS: 1.401.1290.0, NIS: 1.401.1290.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-28 19:51:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0Název: Backdoor:Win32/Bladabindi!ml
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\Roman\AppData\Local\Temp\Temp1_Ccleaner Professional v5 12 5431 FINAL Serials.zip\Ccleaner Professional v5 12 5431 FINAL + Serials.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.401.1290.0, AS: 1.401.1290.0, NIS: 1.401.1290.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
CodeIntegrity:
===============
Date: 2023-12-17 18:31:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2023-12-17 18:31:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. C.A0 10/17/2016
Motherboard: MSI B150 PC MATE (MS-7971)
Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 55%
Total physical RAM: 8155.14 MB
Available physical RAM: 3646.39 MB
Total Virtual: 23515.14 MB
Available Virtual: 16287.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:110.92 GB) (Free:30.63 GB) (Model: KINGSTON SUV400S37120G) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:438.59 GB) (Model: ST1000DM010-2EP102) NTFS
\\?\Volume{0d4f050d-0f1a-11e7-824b-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.49 GB) NTFS
\\?\Volume{9144be72-0000-0000-0000-b0d01b000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 9144BE72)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=540 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C87BC87B)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================