Prosím o kontrolu. Zkoušel jsem instalovat Movier1.1.5, ale instalaci jsem vlivem hlášení AVG nedokončil. Pak jsem to celé přejel AVG,Spywarem, ale stejně je to divné...
Díky
Logfile of random's system information tool 1.10 (written by random/random)
Run by rt at 2015-01-25 14:17:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 557 GB (60%) free of 937 GB
Total RAM: 3983 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:17:32, on 25.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\rt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13178 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=6a26a00a-03bf-4f3f-ac11-1f2360361023 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\a026a94f-9df1-4a76-be6b-c95e49e1fd7b-200-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"
"C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe"
"C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe"
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgemca.exe"
"taskhost.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-28b9ea5a-6f7a-437d-93ee-16064bcdbc60 -SystemEventPortName:HostProcess-76f8b5c6-722e-4ce1-a5b7-15f5093fdf34 -IoCancelEventPortName:HostProcess-ff313909-880b-4622-99b5-24df97b33afe -NonStateChangingEventPortName:HostProcess-f12eeec8-207f-439c-871f-bd176a512bea -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3ce7aa28-a200-4ff5-87e9-eccabf29feff -DeviceGroupId:WpdFsGroup
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\IDT\WDM\Beats64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" -tray
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{27766386-B238-4B7C-94B5-51CC39066847}
{548AF41E-C276-455C-9C41-75F45CDBCD9C}
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6976 CREDAT:267521 /prefetch:2
"C:\Users\rt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L496I8FK\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS.exe
C:\Windows\tasks\HPCeeScheduleForrt.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForrt (null)
C:\Windows\tasks\ROC_REG_JAN_DELETE.job - C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-09 122456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-21 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
Movier-media Toolbar - C:\Program Files (x86)\Movier-media\tbMovi.dll [2010-03-09 2355224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-21 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ce10bf86-da68-441e-91fa-38336363e3cd} - Movier-media Toolbar - C:\Program Files (x86)\Movier-media\tbMovi.dll [2010-03-09 2355224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats64.exe [2012-03-30 37888]
"MfeEpePcMonitor"=C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe []
"HPSYSDRV"=C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [2008-11-20 62768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-04-24 1425408]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-01-11 172144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-01-11 399984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-01-11 441968]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-10-21 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
""= []
"NokiaSuite.exe"=C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-10-02 1090912]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2014-07-25 1562264]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2011-12-05 291096]
"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2010-02-11 710656]
"HP Remote Solution"=C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe []
"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2012-03-09 12310616]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2014-11-04 4411952]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-14 81920]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-07-25 311616]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"StatusAlerts"=C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [2013-04-18 313656]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-01-11 442880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2015-01-25 14:17:27 ----D---- C:\Program Files\trend micro
2015-01-25 14:17:26 ----D---- C:\rsit
2015-01-25 11:09:10 ----D---- C:\Program Files (x86)\Movier
2015-01-25 10:46:21 ----HDC---- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-21 09:29:10 ----D---- C:\Users\rt\AppData\Roaming\EloView
2015-01-21 07:50:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-21 07:50:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-21 07:50:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-21 07:50:27 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-21 07:50:27 ----A---- C:\Windows\system32\srcore.dll
2015-01-21 07:50:27 ----A---- C:\Windows\system32\srclient.dll
2015-01-21 07:50:27 ----A---- C:\Windows\system32\rstrui.exe
2015-01-21 07:50:20 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-21 07:50:20 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-21 07:50:20 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-21 07:50:20 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-21 07:50:19 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-21 07:50:19 ----A---- C:\Windows\system32\profsvc.dll
======List of files/folders modified in the last 1 month======
2015-01-25 14:17:27 ----RD---- C:\Program Files
2015-01-25 14:07:19 ----D---- C:\Windows\Temp
2015-01-25 11:59:04 ----D---- C:\ProgramData\MFAData
2015-01-25 11:56:06 ----RD---- C:\Program Files (x86)
2015-01-25 11:56:04 ----HD---- C:\ProgramData
2015-01-25 11:51:45 ----D---- C:\Windows\system32\config
2015-01-25 11:41:38 ----D---- C:\Users\rt\AppData\Roaming\Movier
2015-01-25 11:40:06 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-25 11:37:30 ----HD---- C:\Config.Msi
2015-01-25 11:36:10 ----SHD---- C:\Windows\Installer
2015-01-25 11:36:03 ----D---- C:\Windows\Microsoft.NET
2015-01-25 11:32:34 ----D---- C:\Windows\SysWOW64
2015-01-25 11:32:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-01-25 11:32:29 ----D---- C:\Windows\inf
2015-01-25 11:32:27 ----D---- C:\Windows\System32
2015-01-25 11:32:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-25 11:18:11 ----SHD---- C:\System Volume Information
2015-01-25 11:15:48 ----D---- C:\Windows\system32\drivers
2015-01-25 11:15:48 ----D---- C:\ProgramData\Norton
2015-01-25 11:15:47 ----D---- C:\Windows\Tasks
2015-01-25 11:15:47 ----D---- C:\Windows\system32\Tasks
2015-01-25 11:02:13 ----D---- C:\Windows\Prefetch
2015-01-25 11:01:03 ----D---- C:\Windows\system32\wdi
2015-01-25 10:52:35 ----D---- C:\Users\rt\AppData\Roaming\.purple
2015-01-22 13:17:19 ----D---- C:\Windows\winsxs
2015-01-21 07:56:42 ----D---- C:\Windows\system32\MRT
2015-01-21 07:51:24 ----A---- C:\Windows\system32\MRT.exe
2015-01-21 07:50:14 ----D---- C:\Windows\system32\catroot
2015-01-21 07:50:13 ----D---- C:\Windows\system32\catroot2
2015-01-19 20:18:48 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-13 09:31:02 ----D---- C:\Windows\system32\NDF
2014-12-31 11:00:29 ----D---- C:\Program Files (x86)\HP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-07-20 71480]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-07-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-07-01 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-10-23 45880]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys [2012-04-10 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152]
R0 MfeEpeOpal;MfeEpeOpal; C:\Windows\system32\drivers\MfeEpeOpal.sys [2012-03-22 93640]
R0 MfeEpePc;MfeEpePc; C:\Windows\system32\drivers\MfeEpePc.sys [2012-03-22 158792]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-11-04 209720]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-10-17 240952]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-01-11 5353888]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\drivers\iusb3hub.sys [2011-12-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\drivers\iusb3xhc.sys [2011-12-05 785688]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-10-14 108656]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-04-24 536576]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2010-12-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2010-12-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2010-12-21 161280]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-04-11 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-04-11 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-04-11 188232]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2014-04-11 169288]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2014-04-11 21320]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2014-04-11 188232]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2014-10-17 4942384]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-03-28 493904]
R2 HP DS Service;HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2012-12-04 174592]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPFSService;File Sanitizer for HP ProtectTools; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-09 372824]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-04-11 277784]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-03-21 1327104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-04-24 318464]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-01-11 277616]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-01-31 477056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-02 1030600]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-15 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezřelosti po nedokončené instalaci Movier1.1.5
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
richard tichý
- Návštěvník
- Příspěvky: 13
- Registrován: 09 bře 2008 23:50
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Zdravim 
Neco se Vam tam stihlo dostat. Je dost mozne, ze zpusobem popsanym zde - http://forum.viry.cz/viewtopic.php?f=24 ... 2#p1374442
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Neco se Vam tam stihlo dostat. Je dost mozne, ze zpusobem popsanym zde - http://forum.viry.cz/viewtopic.php?f=24 ... 2#p1374442 V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Clean
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
richard tichý
- Návštěvník
- Příspěvky: 13
- Registrován: 09 bře 2008 23:50
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
# AdwCleaner v4.109 - Report created 25/01/2015 at 18:30:21
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : rt - RT-HP
# Running from : C:\Users\rt\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\rt\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\rt\AppData\LocalLow\HPAppData
Folder Found : C:\Users\rt\AppData\Roaming\pdfforge
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
*************************
AdwCleaner[R0].txt - [3975 octets] - [25/01/2015 18:30:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4035 octets] ##########
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : rt - RT-HP
# Running from : C:\Users\rt\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\rt\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\rt\AppData\LocalLow\HPAppData
Folder Found : C:\Users\rt\AppData\Roaming\pdfforge
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
*************************
AdwCleaner[R0].txt - [3975 octets] - [25/01/2015 18:30:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4035 octets] ##########
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
richard tichý
- Návštěvník
- Příspěvky: 13
- Registrován: 09 bře 2008 23:50
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
SOUBOR FRST.TXT JE PRÁZDNÝ, VYTVOŘIL SE FRST3.TXT, KTERÝ JSEM VLOŽIL
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by rt (administrator) on RT-HP on 25-01-2015 18:56:08
Running from C:\Users\rt\Desktop
Loaded Profiles: rt (Available profiles: rt)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-09] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [] => [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
URLSearchHook: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Movier-media Toolbar -> {ce10bf86-da68-441e-91fa-38336363e3cd} -> C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 81.90.240.1 8.8.8.8
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-09]
Chrome:
=======
CHR HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
CHR HKLM-x32\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-11-02] (Macrovision Europe Ltd.) [File not signed]
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] () [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 18:56 - 2015-01-25 18:56 - 00019488 _____ () C:\Users\rt\Desktop\FRST.txt
2015-01-25 18:55 - 2015-01-25 18:56 - 00000000 ____D () C:\FRST
2015-01-25 18:54 - 2015-01-25 18:54 - 00112640 _____ (forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe
2015-01-25 18:51 - 2015-01-25 18:51 - 02129920 _____ (Farbar) C:\Users\rt\Desktop\FRST64.exe
2015-01-25 18:30 - 2015-01-25 18:38 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:29 - 2015-01-25 18:29 - 02194432 _____ () C:\Users\rt\Desktop\adwcleaner_4.109.exe
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\rsit
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\Program Files\trend micro
2015-01-25 12:58 - 2015-01-25 13:30 - 00000000 ____D () C:\Users\rt\Desktop\DECIN-navrh rozsahu
2015-01-25 11:41 - 2015-01-25 11:41 - 00000981 _____ () C:\Users\Public\Desktop\Movier.lnk
2015-01-25 11:16 - 2015-01-25 11:16 - 00000000 ____D () C:\Users\rt\AppData\Local\Avg2015
2015-01-25 11:09 - 2015-01-25 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movier
2015-01-25 11:09 - 2015-01-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Movier
2015-01-25 10:46 - 2015-01-25 11:12 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-25 10:46 - 2015-01-25 10:46 - 00000000 ____D () C:\Users\rt\AppData\Local\IsolatedStorage
2015-01-25 10:44 - 2015-01-25 10:44 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-22 14:49 - 2015-01-22 16:56 - 00000000 ____D () C:\Users\rt\Desktop\konzultace statika
2015-01-21 11:26 - 2015-01-21 11:26 - 00000000 ____D () C:\Users\rt\AppData\Local\Elo
2015-01-21 09:29 - 2015-01-21 09:29 - 00000000 ____D () C:\Users\rt\AppData\Roaming\EloView
2015-01-21 07:50 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 07:50 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 07:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 07:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 07:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 07:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 07:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 07:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 07:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 07:50 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 07:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 07:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 07:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 07:50 - 2015-01-13 19:24 - 00000000 ____D () C:\Users\rt\Desktop\2015
2014-12-31 11:05 - 2014-12-31 11:05 - 00002006 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 18:56 - 2012-10-15 19:09 - 00000000 ____D () C:\Users\rt\Documents\Soubory aplikace Outlook
2015-01-25 18:44 - 2012-12-16 17:09 - 00000000 ____D () C:\Users\rt\AppData\Roaming\Movier
2015-01-25 18:26 - 2012-10-14 16:08 - 01750466 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 11:59 - 2012-10-14 18:11 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 11:45 - 2009-07-14 05:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:45 - 2009-07-14 05:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:37 - 2012-10-14 17:07 - 00000194 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-25 11:37 - 2010-11-21 04:47 - 00654612 _____ () C:\Windows\PFRO.log
2015-01-25 11:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 11:37 - 2009-07-14 05:51 - 00103514 _____ () C:\Windows\setupact.log
2015-01-25 11:32 - 2012-08-09 21:57 - 00681388 _____ () C:\Windows\system32\perfh005.dat
2015-01-25 11:32 - 2012-08-09 21:57 - 00148222 _____ () C:\Windows\system32\perfc005.dat
2015-01-25 11:32 - 2011-02-11 21:29 - 01597486 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-25 11:32 - 2009-07-14 06:13 - 01597486 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 11:15 - 2012-08-09 22:32 - 00000000 ____D () C:\ProgramData\Norton
2015-01-25 10:52 - 2012-10-14 19:54 - 00000000 ____D () C:\Users\rt\AppData\Roaming\.purple
2015-01-25 09:33 - 2012-10-15 17:50 - 00000000 ____D () C:\Users\rt\Desktop\privatizace Vinohrady
2015-01-25 08:52 - 2014-07-02 19:10 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForrt
2015-01-25 08:52 - 2014-07-02 19:10 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForrt.job
2015-01-21 10:28 - 2012-12-26 15:13 - 00000000 ____D () C:\Users\rt\AppData\Local\CrashDumps
2015-01-21 09:03 - 2012-10-15 17:50 - 00000000 ____D () C:\Users\rt\Desktop\politika
2015-01-21 07:56 - 2013-07-19 17:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-21 07:51 - 2012-10-14 19:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 20:27 - 2012-10-15 17:49 - 00000000 ____D () C:\Users\rt\Desktop\saska-dokumenty
2015-01-19 20:18 - 2013-02-13 18:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-19 20:18 - 2012-10-23 18:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-13 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 18:33 - 2012-10-23 21:18 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-12-31 11:00 - 2012-10-28 08:18 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-29 19:04 - 2012-11-10 11:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-29 19:03 - 2014-12-19 08:10 - 00000000 ____D () C:\Users\rt\Desktop\serie9
==================== Files in the root of some directories =======
2012-10-28 08:16 - 2014-10-02 09:15 - 0007123 _____ () C:\ProgramData\hpzinstall.log
2012-10-28 14:17 - 2014-05-04 16:19 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
Some content of TEMP:
====================
C:\Users\rt\AppData\Local\Temp\AcDeltree.exe
C:\Users\rt\AppData\Local\Temp\avguidx.dll
C:\Users\rt\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\rt\AppData\Local\Temp\ICReinstall_Movier_Setup.exe
C:\Users\rt\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\rt\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\rt\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\rt\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\rt\AppData\Local\Temp\Movier_media_chrome.exe
C:\Users\rt\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\rt\AppData\Local\Temp\oi_{6F4518FC-13B1-4640-A159-F4859D5F5A2B}.exe
C:\Users\rt\AppData\Local\Temp\ose00000.exe
C:\Users\rt\AppData\Local\Temp\Resource.exe
C:\Users\rt\AppData\Local\Temp\sp58915.exe
C:\Users\rt\AppData\Local\Temp\sp64126.exe
C:\Users\rt\AppData\Local\Temp\uninstall.exe
C:\Users\rt\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-25 08:52
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:914.72 GB) (Free:543.81 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.6 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Available physical RAM: 1656.59 MB
Total physical RAM: 3982.9 MB
Percentage of memory in use: 58%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E987AFEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\HPCeeScheduleForrt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\rt\Desktop" je 25470 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by rt (administrator) on RT-HP on 25-01-2015 18:56:08
Running from C:\Users\rt\Desktop
Loaded Profiles: rt (Available profiles: rt)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-09] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [] => [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
URLSearchHook: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Movier-media Toolbar -> {ce10bf86-da68-441e-91fa-38336363e3cd} -> C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 81.90.240.1 8.8.8.8
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-09]
Chrome:
=======
CHR HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
CHR HKLM-x32\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-11-02] (Macrovision Europe Ltd.) [File not signed]
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] () [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 18:56 - 2015-01-25 18:56 - 00019488 _____ () C:\Users\rt\Desktop\FRST.txt
2015-01-25 18:55 - 2015-01-25 18:56 - 00000000 ____D () C:\FRST
2015-01-25 18:54 - 2015-01-25 18:54 - 00112640 _____ (forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe
2015-01-25 18:51 - 2015-01-25 18:51 - 02129920 _____ (Farbar) C:\Users\rt\Desktop\FRST64.exe
2015-01-25 18:30 - 2015-01-25 18:38 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:29 - 2015-01-25 18:29 - 02194432 _____ () C:\Users\rt\Desktop\adwcleaner_4.109.exe
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\rsit
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\Program Files\trend micro
2015-01-25 12:58 - 2015-01-25 13:30 - 00000000 ____D () C:\Users\rt\Desktop\DECIN-navrh rozsahu
2015-01-25 11:41 - 2015-01-25 11:41 - 00000981 _____ () C:\Users\Public\Desktop\Movier.lnk
2015-01-25 11:16 - 2015-01-25 11:16 - 00000000 ____D () C:\Users\rt\AppData\Local\Avg2015
2015-01-25 11:09 - 2015-01-25 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movier
2015-01-25 11:09 - 2015-01-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Movier
2015-01-25 10:46 - 2015-01-25 11:12 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-25 10:46 - 2015-01-25 10:46 - 00000000 ____D () C:\Users\rt\AppData\Local\IsolatedStorage
2015-01-25 10:44 - 2015-01-25 10:44 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-22 14:49 - 2015-01-22 16:56 - 00000000 ____D () C:\Users\rt\Desktop\konzultace statika
2015-01-21 11:26 - 2015-01-21 11:26 - 00000000 ____D () C:\Users\rt\AppData\Local\Elo
2015-01-21 09:29 - 2015-01-21 09:29 - 00000000 ____D () C:\Users\rt\AppData\Roaming\EloView
2015-01-21 07:50 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 07:50 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 07:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 07:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 07:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 07:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 07:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 07:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 07:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 07:50 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 07:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 07:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 07:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 07:50 - 2015-01-13 19:24 - 00000000 ____D () C:\Users\rt\Desktop\2015
2014-12-31 11:05 - 2014-12-31 11:05 - 00002006 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 18:56 - 2012-10-15 19:09 - 00000000 ____D () C:\Users\rt\Documents\Soubory aplikace Outlook
2015-01-25 18:44 - 2012-12-16 17:09 - 00000000 ____D () C:\Users\rt\AppData\Roaming\Movier
2015-01-25 18:26 - 2012-10-14 16:08 - 01750466 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 11:59 - 2012-10-14 18:11 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 11:45 - 2009-07-14 05:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:45 - 2009-07-14 05:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:37 - 2012-10-14 17:07 - 00000194 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-25 11:37 - 2010-11-21 04:47 - 00654612 _____ () C:\Windows\PFRO.log
2015-01-25 11:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 11:37 - 2009-07-14 05:51 - 00103514 _____ () C:\Windows\setupact.log
2015-01-25 11:32 - 2012-08-09 21:57 - 00681388 _____ () C:\Windows\system32\perfh005.dat
2015-01-25 11:32 - 2012-08-09 21:57 - 00148222 _____ () C:\Windows\system32\perfc005.dat
2015-01-25 11:32 - 2011-02-11 21:29 - 01597486 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-25 11:32 - 2009-07-14 06:13 - 01597486 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 11:15 - 2012-08-09 22:32 - 00000000 ____D () C:\ProgramData\Norton
2015-01-25 10:52 - 2012-10-14 19:54 - 00000000 ____D () C:\Users\rt\AppData\Roaming\.purple
2015-01-25 09:33 - 2012-10-15 17:50 - 00000000 ____D () C:\Users\rt\Desktop\privatizace Vinohrady
2015-01-25 08:52 - 2014-07-02 19:10 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForrt
2015-01-25 08:52 - 2014-07-02 19:10 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForrt.job
2015-01-21 10:28 - 2012-12-26 15:13 - 00000000 ____D () C:\Users\rt\AppData\Local\CrashDumps
2015-01-21 09:03 - 2012-10-15 17:50 - 00000000 ____D () C:\Users\rt\Desktop\politika
2015-01-21 07:56 - 2013-07-19 17:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-21 07:51 - 2012-10-14 19:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 20:27 - 2012-10-15 17:49 - 00000000 ____D () C:\Users\rt\Desktop\saska-dokumenty
2015-01-19 20:18 - 2013-02-13 18:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-19 20:18 - 2012-10-23 18:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-13 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 18:33 - 2012-10-23 21:18 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-12-31 11:00 - 2012-10-28 08:18 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-29 19:04 - 2012-11-10 11:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-29 19:03 - 2014-12-19 08:10 - 00000000 ____D () C:\Users\rt\Desktop\serie9
==================== Files in the root of some directories =======
2012-10-28 08:16 - 2014-10-02 09:15 - 0007123 _____ () C:\ProgramData\hpzinstall.log
2012-10-28 14:17 - 2014-05-04 16:19 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
Some content of TEMP:
====================
C:\Users\rt\AppData\Local\Temp\AcDeltree.exe
C:\Users\rt\AppData\Local\Temp\avguidx.dll
C:\Users\rt\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\rt\AppData\Local\Temp\ICReinstall_Movier_Setup.exe
C:\Users\rt\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\rt\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\rt\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\rt\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\rt\AppData\Local\Temp\Movier_media_chrome.exe
C:\Users\rt\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\rt\AppData\Local\Temp\oi_{6F4518FC-13B1-4640-A159-F4859D5F5A2B}.exe
C:\Users\rt\AppData\Local\Temp\ose00000.exe
C:\Users\rt\AppData\Local\Temp\Resource.exe
C:\Users\rt\AppData\Local\Temp\sp58915.exe
C:\Users\rt\AppData\Local\Temp\sp64126.exe
C:\Users\rt\AppData\Local\Temp\uninstall.exe
C:\Users\rt\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-25 08:52
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:914.72 GB) (Free:543.81 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.6 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Available physical RAM: 1656.59 MB
Total physical RAM: 3982.9 MB
Percentage of memory in use: 58%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E987AFEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\HPCeeScheduleForrt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\rt\Desktop" je 25470 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
- Přílohy
-
- Addition.zip
- (11.78 KiB) Staženo 57 x
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Aktualizujte Adobe Flash Player - http://get.adobe.com/cz/flashplayer/ ... jen pred stazenim pozor na adware - http://forum.viry.cz/viewtopic.php?p=1374437#p1374437 Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation) HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [] => [X] HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF URLSearchHook: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKLM -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2186473 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2186473 SearchScopes: HKLM-x32 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693BAD7D-FFCF-4200-9420-3AF3DAA622C3}&mid=739abfa9082047d0be493909b408cb01-ced71a5b6a6c4da8e99b5059ce0824561d3748c5&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693BAD7D-FFCF-4200-9420-3AF3DAA622C3}&mid=739abfa9082047d0be493909b408cb01-ced71a5b6a6c4da8e99b5059ce0824561d3748c5&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2186473 SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms} BHO-x32: Movier-media Toolbar -> {ce10bf86-da68-441e-91fa-38336363e3cd} -> C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.) Toolbar: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File CHR HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08] CHR HKLM-x32\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08] 2015-01-25 18:56 - 2015-01-25 18:56 - 00019488 _____ () C:\Users\rt\Desktop\FRST.txt 2015-01-25 18:54 - 2015-01-25 18:54 - 00112640 _____ (forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe 2015-01-25 18:30 - 2015-01-25 18:38 - 00000000 ____D () C:\AdwCleaner 2015-01-25 18:29 - 2015-01-25 18:29 - 02194432 _____ () C:\Users\rt\Desktop\adwcleaner_4.109.exe 2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\rsit 2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\Program Files\trend micro REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000" Task: {33B7B5F1-9701-4AD4-83C3-66218978F701} - System32\Tasks\{AFDEBF9D-A867-4472-BB04-3524526D7972} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe Task: {38DC0D60-36F0-416B-8076-8B7B2FE32B9F} - System32\Tasks\{162C1C84-59FE-486F-A33C-72284110CCC0} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe Task: {77295C7A-D27D-441C-959F-BA0CF00C5357} - System32\Tasks\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} => pcalua.exe -a C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe -d C:\Users\rt\Downloads Task: {887E084C-3CC9-4B19-BF7D-42A268A05A66} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {B6F9EEA2-2E01-41AE-9F92-3F728CCA7C0F} - System32\Tasks\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe Task: {BC4ECA25-B8EB-45F3-A8B4-908E3BFF7C2C} - System32\Tasks\{F0917090-29DE-4DA1-A218-53865D62DDEF} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe Task: {BE3FB76D-59D7-473E-87B9-2584C177CAA4} - System32\Tasks\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe Task: {C122CA8D-61E6-4760-AEDD-8D70C6650653} - System32\Tasks\{7C458526-55E0-4872-8AAD-8365515748F5} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe Folder: C:\Users\rt\AppData\Roaming\Movier Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
richard tichý
- Návštěvník
- Příspěvky: 13
- Registrován: 09 bře 2008 23:50
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by rt at 2015-01-25 19:58:18 Run:2
Running from C:\Users\rt\Desktop
Loaded Profiles: rt (Available profiles: rt)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [] => [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
URLSearchHook: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
BHO-x32: Movier-media Toolbar -> {ce10bf86-da68-441e-91fa-38336363e3cd} -> C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
CHR HKLM-x32\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
2015-01-25 18:56 - 2015-01-25 18:56 - 00019488 _____ () C:\Users\rt\Desktop\FRST.txt
2015-01-25 18:54 - 2015-01-25 18:54 - 00112640 _____ (forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe
2015-01-25 18:30 - 2015-01-25 18:38 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:29 - 2015-01-25 18:29 - 02194432 _____ () C:\Users\rt\Desktop\adwcleaner_4.109.exe
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\rsit
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\Program Files\trend micro
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000"
Task: {33B7B5F1-9701-4AD4-83C3-66218978F701} - System32\Tasks\{AFDEBF9D-A867-4472-BB04-3524526D7972} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {38DC0D60-36F0-416B-8076-8B7B2FE32B9F} - System32\Tasks\{162C1C84-59FE-486F-A33C-72284110CCC0} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {77295C7A-D27D-441C-959F-BA0CF00C5357} - System32\Tasks\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} => pcalua.exe -a C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe -d C:\Users\rt\Downloads
Task: {887E084C-3CC9-4B19-BF7D-42A268A05A66} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {B6F9EEA2-2E01-41AE-9F92-3F728CCA7C0F} - System32\Tasks\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {BC4ECA25-B8EB-45F3-A8B4-908E3BFF7C2C} - System32\Tasks\{F0917090-29DE-4DA1-A218-53865D62DDEF} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {BE3FB76D-59D7-473E-87B9-2584C177CAA4} - System32\Tasks\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {C122CA8D-61E6-4760-AEDD-8D70C6650653} - System32\Tasks\{7C458526-55E0-4872-8AAD-8365515748F5} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Folder: C:\Users\rt\AppData\Roaming\Movier
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => Value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ce10bf86-da68-441e-91fa-38336363e3cd} => Value not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ce10bf86-da68-441e-91fa-38336363e3cd} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKCR\CLSID\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKCR\Wow6432Node\CLSID\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKCR\CLSID\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd} => Key not found.
HKCR\Wow6432Node\CLSID\{ce10bf86-da68-441e-91fa-38336363e3cd} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ce10bf86-da68-441e-91fa-38336363e3cd} => Value not found.
HKCR\Wow6432Node\CLSID\{ce10bf86-da68-441e-91fa-38336363e3cd} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Google\Chrome\Extensions\keeeigeacfgngmndalikkopjkikiejpl => Key not found.
"C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\keeeigeacfgngmndalikkopjkikiejpl => Key not found.
"C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx" => File/Directory not found.
"C:\Users\rt\Desktop\FRST.txt" => File/Directory not found.
"C:\Users\rt\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\AdwCleaner" => File/Directory not found.
"C:\Users\rt\Desktop\adwcleaner_4.109.exe" => File/Directory not found.
"C:\rsit" => File/Directory not found.
"C:\Program Files\trend micro" => File/Directory not found.
========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000" =========
Hodnota Generalize_DisableSR existuje, chcete ji pýepsat (Y-Ano/N-Ne)? Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33B7B5F1-9701-4AD4-83C3-66218978F701} => Key not found.
C:\Windows\System32\Tasks\{AFDEBF9D-A867-4472-BB04-3524526D7972} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AFDEBF9D-A867-4472-BB04-3524526D7972} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DC0D60-36F0-416B-8076-8B7B2FE32B9F} => Key not found.
C:\Windows\System32\Tasks\{162C1C84-59FE-486F-A33C-72284110CCC0} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{162C1C84-59FE-486F-A33C-72284110CCC0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77295C7A-D27D-441C-959F-BA0CF00C5357} => Key not found.
C:\Windows\System32\Tasks\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887E084C-3CC9-4B19-BF7D-42A268A05A66} => Key not found.
C:\Windows\System32\Tasks\AutoKMS not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F9EEA2-2E01-41AE-9F92-3F728CCA7C0F} => Key not found.
C:\Windows\System32\Tasks\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4ECA25-B8EB-45F3-A8B4-908E3BFF7C2C} => Key not found.
C:\Windows\System32\Tasks\{F0917090-29DE-4DA1-A218-53865D62DDEF} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0917090-29DE-4DA1-A218-53865D62DDEF} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE3FB76D-59D7-473E-87B9-2584C177CAA4} => Key not found.
C:\Windows\System32\Tasks\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C122CA8D-61E6-4760-AEDD-8D70C6650653} => Key not found.
C:\Windows\System32\Tasks\{7C458526-55E0-4872-8AAD-8365515748F5} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C458526-55E0-4872-8AAD-8365515748F5} => Key not found.
C:\Windows\Tasks\AutoKMS.job not found.
========================= Folder: C:\Users\rt\AppData\Roaming\Movier ========================
2015-01-25 11:41 - 2015-01-25 11:41 - 0141307 _____ () C:\Users\rt\AppData\Roaming\Movier\data.bin
2013-01-13 22:58 - 2015-01-25 18:44 - 0000085 _____ () C:\Users\rt\AppData\Roaming\Movier\History.xml
2012-12-16 17:09 - 2015-01-25 18:45 - 0001108 _____ () C:\Users\rt\AppData\Roaming\Movier\movier.xml
2012-12-16 17:11 - 2015-01-25 18:52 - 0000079 _____ () C:\Users\rt\AppData\Roaming\Movier\tasks.xml
====== End of Folder: ======
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 19:58:52 ====
Ran by rt at 2015-01-25 19:58:18 Run:2
Running from C:\Users\rt\Desktop
Loaded Profiles: rt (Available profiles: rt)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [] => [X]
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
URLSearchHook: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKLM-x32 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={693 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> {DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
BHO-x32: Movier-media Toolbar -> {ce10bf86-da68-441e-91fa-38336363e3cd} -> C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files (x86)\Movier-media\tbMovi.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2162154083-1512204688-32848325-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-2162154083-1512204688-32848325-1001\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
CHR HKLM-x32\...\Chrome\Extension: [keeeigeacfgngmndalikkopjkikiejpl] - C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx [2012-10-08]
2015-01-25 18:56 - 2015-01-25 18:56 - 00019488 _____ () C:\Users\rt\Desktop\FRST.txt
2015-01-25 18:54 - 2015-01-25 18:54 - 00112640 _____ (forum.viry.cz) C:\Users\rt\Desktop\FRSTLauncher.exe
2015-01-25 18:30 - 2015-01-25 18:38 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:29 - 2015-01-25 18:29 - 02194432 _____ () C:\Users\rt\Desktop\adwcleaner_4.109.exe
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\rsit
2015-01-25 14:17 - 2015-01-25 14:17 - 00000000 ____D () C:\Program Files\trend micro
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000"
Task: {33B7B5F1-9701-4AD4-83C3-66218978F701} - System32\Tasks\{AFDEBF9D-A867-4472-BB04-3524526D7972} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {38DC0D60-36F0-416B-8076-8B7B2FE32B9F} - System32\Tasks\{162C1C84-59FE-486F-A33C-72284110CCC0} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {77295C7A-D27D-441C-959F-BA0CF00C5357} - System32\Tasks\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} => pcalua.exe -a C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe -d C:\Users\rt\Downloads
Task: {887E084C-3CC9-4B19-BF7D-42A268A05A66} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {B6F9EEA2-2E01-41AE-9F92-3F728CCA7C0F} - System32\Tasks\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {BC4ECA25-B8EB-45F3-A8B4-908E3BFF7C2C} - System32\Tasks\{F0917090-29DE-4DA1-A218-53865D62DDEF} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {BE3FB76D-59D7-473E-87B9-2584C177CAA4} - System32\Tasks\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: {C122CA8D-61E6-4760-AEDD-8D70C6650653} - System32\Tasks\{7C458526-55E0-4872-8AAD-8365515748F5} => C:\Users\rt\Downloads\MuVoTXFM_PCFW_1_24_02_a.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Folder: C:\Users\rt\AppData\Roaming\Movier
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => Value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ce10bf86-da68-441e-91fa-38336363e3cd} => Value not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ce10bf86-da68-441e-91fa-38336363e3cd} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKCR\CLSID\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKCR\Wow6432Node\CLSID\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKCR\CLSID\{DE08ACA5-ECD3-4EC3-916A-7D67155ECED5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd} => Key not found.
HKCR\Wow6432Node\CLSID\{ce10bf86-da68-441e-91fa-38336363e3cd} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ce10bf86-da68-441e-91fa-38336363e3cd} => Value not found.
HKCR\Wow6432Node\CLSID\{ce10bf86-da68-441e-91fa-38336363e3cd} => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKU\S-1-5-21-2162154083-1512204688-32848325-1001\SOFTWARE\Google\Chrome\Extensions\keeeigeacfgngmndalikkopjkikiejpl => Key not found.
"C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\keeeigeacfgngmndalikkopjkikiejpl => Key not found.
"C:\Users\rt\AppData\Local\CRE\keeeigeacfgngmndalikkopjkikiejpl.crx" => File/Directory not found.
"C:\Users\rt\Desktop\FRST.txt" => File/Directory not found.
"C:\Users\rt\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\AdwCleaner" => File/Directory not found.
"C:\Users\rt\Desktop\adwcleaner_4.109.exe" => File/Directory not found.
"C:\rsit" => File/Directory not found.
"C:\Program Files\trend micro" => File/Directory not found.
========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000" =========
Hodnota Generalize_DisableSR existuje, chcete ji pýepsat (Y-Ano/N-Ne)? Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33B7B5F1-9701-4AD4-83C3-66218978F701} => Key not found.
C:\Windows\System32\Tasks\{AFDEBF9D-A867-4472-BB04-3524526D7972} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AFDEBF9D-A867-4472-BB04-3524526D7972} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DC0D60-36F0-416B-8076-8B7B2FE32B9F} => Key not found.
C:\Windows\System32\Tasks\{162C1C84-59FE-486F-A33C-72284110CCC0} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{162C1C84-59FE-486F-A33C-72284110CCC0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77295C7A-D27D-441C-959F-BA0CF00C5357} => Key not found.
C:\Windows\System32\Tasks\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF2611F1-42D0-42CA-87AC-44F8F49D7A2E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887E084C-3CC9-4B19-BF7D-42A268A05A66} => Key not found.
C:\Windows\System32\Tasks\AutoKMS not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F9EEA2-2E01-41AE-9F92-3F728CCA7C0F} => Key not found.
C:\Windows\System32\Tasks\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DA4DA6B-BD3C-426F-8C5C-7478FEF183B3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4ECA25-B8EB-45F3-A8B4-908E3BFF7C2C} => Key not found.
C:\Windows\System32\Tasks\{F0917090-29DE-4DA1-A218-53865D62DDEF} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0917090-29DE-4DA1-A218-53865D62DDEF} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE3FB76D-59D7-473E-87B9-2584C177CAA4} => Key not found.
C:\Windows\System32\Tasks\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2EB0115-4A59-4949-90DB-D64FD84A2FB3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C122CA8D-61E6-4760-AEDD-8D70C6650653} => Key not found.
C:\Windows\System32\Tasks\{7C458526-55E0-4872-8AAD-8365515748F5} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C458526-55E0-4872-8AAD-8365515748F5} => Key not found.
C:\Windows\Tasks\AutoKMS.job not found.
========================= Folder: C:\Users\rt\AppData\Roaming\Movier ========================
2015-01-25 11:41 - 2015-01-25 11:41 - 0141307 _____ () C:\Users\rt\AppData\Roaming\Movier\data.bin
2013-01-13 22:58 - 2015-01-25 18:44 - 0000085 _____ () C:\Users\rt\AppData\Roaming\Movier\History.xml
2012-12-16 17:09 - 2015-01-25 18:45 - 0001108 _____ () C:\Users\rt\AppData\Roaming\Movier\movier.xml
2012-12-16 17:11 - 2015-01-25 18:52 - 0000079 _____ () C:\Users\rt\AppData\Roaming\Movier\tasks.xml
====== End of Folder: ======
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 19:58:52 ====
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Mel jste v PC hodne tzv. docasnych souboru, proto jste musel fix spustit dvakrat - pro tento ucel doporucuji alespon 1x za mesic pouzit CCleaner (stahujte ze stranek vyrobce - piriform).
Takze jeste uklidime.
Takze jeste uklidime.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
richard tichý
- Návštěvník
- Příspěvky: 13
- Registrován: 09 bře 2008 23:50
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Díky za pomoc!
Měl bych možná malou poznámku - když posíláte odkazy, tak aby se otevíraly v novém okně, takhle mě to vždycky přepsalo Forum....
Měl bych možná malou poznámku - když posíláte odkazy, tak aby se otevíraly v novém okně, takhle mě to vždycky přepsalo Forum....
Re: Podezřelosti po nedokončené instalaci Movier1.1.5
Nemate zac, rad jsem pomohl 
Za zpetnou vazbu dekuji a kouknu se, zda je reseni vubec mozne... pro otevirani odkazu v jinem panelu je prozatim nutne na odkaz kliknout koleckem nebo druhy zpusob kliknout pravym mysidlem a zvolit volbu Otevrit v novem panelu.
Za zpetnou vazbu dekuji a kouknu se, zda je reseni vubec mozne... pro otevirani odkazu v jinem panelu je prozatim nutne na odkaz kliknout koleckem nebo druhy zpusob kliknout pravym mysidlem a zvolit volbu Otevrit v novem panelu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?