preventivna kontrola

[benjamin777]

Kedze ste mi uz viackrat pomohli a opatrnosti nie je nikdy dost, prosim o preventivnu kontrolu po 3 mesiacoch.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Greg at 2015-02-28 13:43:52
Microsoft Windows 8
System drive C: has 135 GB (19%) free of 698 GB
Total RAM: 3979 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:43:56, on 28.2.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Greg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10557 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\SysWow64\IntelCpHeciSvc.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\CyberGhost 5\Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5a3e960f-2764-4e3b-97ec-2d28c4db01e8 -SystemEventPortName:HostProcess-17bd4ba5-5513-4c64-bd2c-f4abc55a66d1 -IoCancelEventPortName:HostProcess-3e53021f-6ba8-4048-a89f-35060ab93a03 -NonStateChangingEventPortName:HostProcess-7ca57438-09ff-479e-9cb7-06db1a1d059b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d921e513-1ae3-4d1e-91e1-5a0c2296038d -DeviceGroupId:
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5cc42528-b7b2-40bb-853a-f696fa4b6b35 -SystemEventPortName:HostProcess-e8560b76-6c95-4227-b85e-5d7bcba39f46 -IoCancelEventPortName:HostProcess-bfabb8bb-eb50-434f-aac5-838861352c54 -NonStateChangingEventPortName:HostProcess-0c296ae2-882c-4986-ab4a-55a8ed7090ab -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:31b23fac-92f4-4d43-98ab-842b04926399 -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
taskhostex.exe
C:\Windows\Explorer.EXE
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
atieclxx
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start EEU 52 avastui.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe82_ Global\UsGthrCtrlFltPipeMssGthrPipe82 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Users\Greg\Downloads\RSITx64(1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForGreg.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGreg (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default

prefs.js - "browser.startup.homepage" - "https://startpage.com"
prefs.js - "keyword.URL" - "https://startpage.com/do/metasearch.pl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll


C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\
startpage-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-31 56128]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-30 5227112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-02-26 11:30:14 ----D---- C:\Program Files\WinPcap
2015-02-26 11:29:37 ----D---- C:\ProgramData\Freemake
2015-02-26 11:29:27 ----D---- C:\Program Files (x86)\Freemake
2015-02-15 11:27:27 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-15 11:27:27 ----A---- C:\Windows\system32\jscript9.dll
2015-02-12 17:07:39 ----A---- C:\Windows\system32\win32k.sys
2015-02-12 17:07:22 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-12 17:07:22 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-12 17:07:18 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-02-12 17:07:17 ----A---- C:\Windows\system32\adtschema.dll
2015-02-12 17:07:16 ----A---- C:\Windows\system32\usercpl.dll
2015-02-12 17:07:16 ----A---- C:\Windows\system32\SHCore.dll
2015-02-12 17:07:15 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2015-02-12 17:07:13 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2015-02-12 17:04:27 ----A---- C:\Windows\system32\NotificationUI.exe
2015-02-12 17:04:27 ----A---- C:\Windows\system32\AutoUpdate.exe
2015-02-12 17:04:26 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2015-02-12 17:04:26 ----A---- C:\Windows\system32\WSShared.dll
2015-02-12 17:04:25 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-12 17:04:25 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 16:39:08 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 16:39:03 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-11 16:39:01 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-11 16:39:01 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 16:39:00 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 16:38:59 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 16:38:58 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-11 16:38:57 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-11 16:38:56 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 16:38:56 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 16:38:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-11 16:38:55 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 16:38:54 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-11 16:38:54 ----A---- C:\Windows\system32\uxtheme.dll
2015-02-11 16:38:54 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 16:38:53 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-11 16:38:53 ----A---- C:\Windows\system32\jscript.dll
2015-02-11 16:38:52 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-11 16:38:52 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-02-11 16:38:18 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-11 16:38:18 ----A---- C:\Windows\system32\scesrv.dll
2015-02-11 16:38:17 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-11 16:38:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:37:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-30 06:09:15 ----D---- C:\Users\Greg\AppData\Roaming\tixati
2015-01-30 06:09:02 ----D---- C:\Program Files\tixati

======List of files/folders modified in the last 1 month======

2015-02-28 13:43:56 ----D---- C:\Program Files\trend micro
2015-02-28 13:43:40 ----D---- C:\Windows\Prefetch
2015-02-28 13:12:21 ----D---- C:\Windows\Temp
2015-02-28 12:00:02 ----D---- C:\Windows\system32\sru
2015-02-28 11:33:04 ----HD---- C:\$Windows.~BT
2015-02-28 11:26:41 ----D---- C:\Windows\system32\catroot2
2015-02-28 11:26:41 ----D---- C:\Windows\system32\catroot
2015-02-28 11:23:04 ----SHD---- C:\System Volume Information
2015-02-28 09:50:05 ----D---- C:\Windows\system32\config
2015-02-28 09:02:53 ----D---- C:\Windows\Microsoft.NET
2015-02-26 19:13:43 ----D---- C:\Windows\AUInstallAgent
2015-02-26 11:30:14 ----RD---- C:\Windows\System32
2015-02-26 11:30:14 ----RD---- C:\Program Files
2015-02-26 11:30:14 ----D---- C:\Windows\SysWOW64
2015-02-26 11:30:14 ----D---- C:\Windows\system32\Drivers
2015-02-26 11:29:37 ----HD---- C:\ProgramData
2015-02-26 11:29:27 ----RD---- C:\Program Files (x86)
2015-02-26 11:26:07 ----D---- C:\Windows\Tasks
2015-02-26 11:26:07 ----D---- C:\Windows\system32\Tasks
2015-02-26 08:40:23 ----D---- C:\pesničky
2015-02-25 21:31:27 ----D---- C:\ProgramData\PDFC
2015-02-15 14:42:33 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-15 14:40:00 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-02-15 12:51:48 ----D---- C:\swsetup
2015-02-15 12:11:56 ----D---- C:\Windows\rescache
2015-02-15 11:38:57 ----D---- C:\Windows\WinSxS
2015-02-15 11:38:56 ----D---- C:\Windows\CbsTemp
2015-02-15 11:21:05 ----D---- C:\Windows
2015-02-14 13:56:17 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-14 13:56:17 ----D---- C:\Windows\system32\en-US
2015-02-14 13:56:15 ----D---- C:\Windows\WinStore
2015-02-14 13:56:01 ----D---- C:\Windows\system32\MRT
2015-02-14 13:53:17 ----A---- C:\Windows\system32\MRT.exe
2015-02-08 14:16:23 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-07 10:11:22 ----SD---- C:\Users\Greg\AppData\Roaming\Microsoft
2015-02-06 19:30:46 ----D---- C:\Windows\Inf
2015-02-06 14:59:56 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 20:29:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-29 02:03:51 ----HD---- C:\Program Files\WindowsApps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-28 646712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 clwvd;@oem26.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\Windows\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2014-08-29 176880]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 netr28x;@oem31.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 rtbth;@oem30.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SNP2UVC;@oem22.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-04 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 aswTap;@oem33.inf,%DeviceDescription%;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-12-19 44640]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 tap0901;@oem34.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-12-03 9216]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-28 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]

-----------------EOF-----------------

Dakujem.

[Márty84]

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[benjamin777]

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 16:19:54
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8 (x64)
# Username : Greg - ADONAI
# Running from : C:\Users\Greg\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v35.0.1 (x86 sk)


*************************

AdwCleaner[R0].txt - [1627 bytes] - [08/08/2014 18:28:32]
AdwCleaner[R1].txt - [973 bytes] - [05/01/2015 20:31:24]
AdwCleaner[R2].txt - [963 bytes] - [11/01/2015 13:57:00]
AdwCleaner[R3].txt - [1083 bytes] - [23/01/2015 19:13:10]
AdwCleaner[R4].txt - [1196 bytes] - [28/02/2015 16:18:24]
AdwCleaner[S0].txt - [1689 bytes] - [08/08/2014 18:32:43]
AdwCleaner[S1].txt - [1035 bytes] - [05/01/2015 20:33:51]
AdwCleaner[S2].txt - [1023 bytes] - [11/01/2015 13:58:46]
AdwCleaner[S3].txt - [1145 bytes] - [23/01/2015 19:14:49]
AdwCleaner[S4].txt - [1124 bytes] - [28/02/2015 16:19:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1183 bytes] ##########


dakujem

[Márty84]

Toto je ciste. Mrknem hloubeji.


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[benjamin777]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28.2.2015
Scan Time: 18:10:46
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.28.04
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Greg

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 631573
Time Elapsed: 2 hr, 37 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 12
PUP.Optional.OpenCandy, C:\ukoly_2013\programy do pocitaca\GOMPLAYERENSETUP.EXE, , [d202fc2784064bebfb748674679efd03],
PUP.Optional.OpenCandy, C:\Users\Greg\Downloads\stare\instalacne programy\GOMPLAYERENSETUP.EXE, , [d8fc24ff6129112582ed14e636cfd42c],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Ariela a mušľa + pieseň -Lucka Vondráčková.exe, , [b61e50d3652582b4d1347df7fc090ff1],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Lolek a Bolek na rybačke- 20častí + hudob.podklad.exe, , [cf0525fea2e8fd39c3425123e12446ba],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Mickeyho klubik - 20 častí + pieseň-Zmenšovacie cukríky.exe, , [2ea661c2a3e7e1554eb7d59f7a8bdc24],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Popoluška a ohňostroj-20 častí + Tri oriešky pre Popolušku-I.Bartošová.exe, , [5282d64d56349f97778eec88679eaf51],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Šípková Ruženka-24 častí + pieseň J. Korna.exe, , [854f2cf78406df57d03583f1be478779],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\puzzle Káčerovci\Puzzle Káčerovci-20 častí.exe, , [a034140fe0aae6508d78155fd92cc33d],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\1. a 2. roc\Ariela a mušľa + pieseň -Lucka Vondráčková.exe, , [28acb46f1971f5413fc60f656e973ec2],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\1. a 2. roc\Lolek a Bolek na rybačke- 20častí + hudob.podklad.exe, , [a52f8e9573170b2b74911064887d837d],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\3. a 4. roc\Mickeyho klubik - 20 častí + pieseň-Zmenšovacie cukríky.exe, , [10c42df61872b5819f66aacac83d2ed2],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\3. a 4. roc\Popoluška a ohňostroj-20 častí + Tri oriešky pre Popolušku-I.Bartošová.exe, , [19bbe83bbcce76c00005fd7747be1ce4],

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

Znate ty soubory?

Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Ariela a mušľa + pieseň -Lucka Vondráčková.exe, , [b61e50d3652582b4d1347df7fc090ff1],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Lolek a Bolek na rybačke- 20častí + hudob.podklad.exe, , [cf0525fea2e8fd39c3425123e12446ba],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Mickeyho klubik - 20 častí + pieseň-Zmenšovacie cukríky.exe, , [2ea661c2a3e7e1554eb7d59f7a8bdc24],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Popoluška a ohňostroj-20 častí + Tri oriešky pre Popolušku-I.Bartošová.exe, , [5282d64d56349f97778eec88679eaf51],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\Šípková Ruženka-24 častí + pieseň J. Korna.exe, , [854f2cf78406df57d03583f1be478779],
Trojan.Agent.SFX, C:\škola\2012.2013\kruzky\14.7.-7 x Puzzle\puzzle Káčerovci\Puzzle Káčerovci-20 častí.exe, , [a034140fe0aae6508d78155fd92cc33d],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\1. a 2. roc\Ariela a mušľa + pieseň -Lucka Vondráčková.exe, , [28acb46f1971f5413fc60f656e973ec2],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\1. a 2. roc\Lolek a Bolek na rybačke- 20častí + hudob.podklad.exe, , [a52f8e9573170b2b74911064887d837d],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\3. a 4. roc\Mickeyho klubik - 20 častí + pieseň-Zmenšovacie cukríky.exe, , [10c42df61872b5819f66aacac83d2ed2],
Trojan.Agent.SFX, C:\škola\2013.2014\kruzok pocitac hrou\3_IX\3. a 4. roc\Popoluška a ohňostroj-20 častí + Tri oriešky pre Popolušku-I.Bartošová.exe, , [19bbe83bbcce76c00005fd7747be1ce4],


Otestujte nektery na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

[benjamin777]

Tu je odkaz na vysledok skenovania jedneho zo suborov. Su to aplikacie puzzle pre deti, ktore pouzivam v skole ako ucitel. Ale nemam problem ich zmazat, ak v nich nieco je.

http://virusscan.jotti.org/sk/scanresul ... eea86dbaa0



[Lavasoft Ad-Aware]
2015-03-02 Bez detekcie
[Fortinet]
2015-03-01 Bez detekcie
[Agnitum]
2015-03-01 Trojan.KillProc!4iFVSaa4oIQ
[Frisk F-Prot Antivirus]
2015-03-02 Bez detekcie
[ArcaVir]
2015-03-02 Bez detekcie
[F-Secure Anti-Virus]
2015-03-02 Bez detekcie
[Avast! antivirus]
2015-03-01 Bez detekcie
[G DATA]
2015-03-02 Bez detekcie
[Grisoft AVG Anti-Virus]
2015-03-02 Bez detekcie
[Ikarus]
2015-03-02 Bez detekcie
[Avira AntiVir]
2015-03-01 Bez detekcie
[Kaspersky Anti-Virus]
2015-03-02 Bez detekcie
[Softwin BitDefender]
2015-03-02 Bez detekcie
[Panda Antivirus]
2015-03-01 Bez detekcie
[ClamAV]
2015-03-02 Bez detekcie
[Quick Heal]
2015-03-02 Bez detekcie
[Dr.Web]
2015-03-02 Trojan.KillProc.29099
[Sophos]
2015-03-02 Bez detekcie
[MicroWorld eScan]
2015-03-02 Bez detekcie
[Trend Micro Antivirus]
2015-03-01 Bez detekcie
[ESET]
2015-03-02 Bez detekcie
[VirusBlokAda VBA32]
2015-02-27 Bez detekcie

[Márty84]

Pokud je nepotrebujete, radeji je smazte. Par programkum se tam fakt neco nelibi

MBAM pak muzete odinstalovat.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

[benjamin777]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Greg (administrator) on ADONAI on 02-03-2015 17:56:00
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available profiles: Greg & Administrator)
Platform: Windows 8 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167024 2012-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-314600275-898652346-4024885708-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-314600275-898652346-4024885708-1002\...\MountPoints2: {a011704d-8e25-11e2-be79-a417313c2720} - "G:\AutoRun.exe"
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-314600275-898652346-4024885708-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKU\S-1-5-21-314600275-898652346-4024885708-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-314600275-898652346-4024885708-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-314600275-898652346-4024885708-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default
FF DefaultSearchUrl: https://startpage.com/do/metasearch.pl
FF SearchEngineOrder.1: Startpage
FF SelectedSearchEngine: Startpage
FF Homepage: https://startpage.com
FF Keyword.URL: https://startpage.com/do/metasearch.pl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\startpage-avast.xml
FF Extension: DownloadHelper - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-22]
FF Extension: Adblock Plus - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-19]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-19]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-19] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [488824 2012-08-25] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-08-01] (Hewlett-Packard Company)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-28] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-19] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-12-19] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-19] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [64832 2012-07-25] (Hewlett-Packard Company)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 zte_cdc_acm; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [79872 2012-05-23] (ZTE) [File not signed]
S3 zte_cpo; C:\Windows\system32\DRIVERS\zte_cpo.sys [14336 2012-05-23] (ZTE) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 rtbth; \SystemRoot\System32\drivers\rtbth.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 17:56 - 2015-03-02 17:56 - 00018538 _____ () C:\Users\Greg\Desktop\FRST.txt
2015-03-02 17:55 - 2015-03-02 17:56 - 00000000 ____D () C:\FRST
2015-03-02 17:43 - 2015-03-02 17:43 - 02092544 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2015-03-02 16:08 - 2015-03-02 17:52 - 00063839 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 16:07 - 2015-03-02 16:07 - 00001844 _____ () C:\Windows\PFRO.log
2015-03-02 16:06 - 2015-03-02 16:06 - 00004866 _____ () C:\Users\Greg\Documents\cc_20150302_160608.reg
2015-03-01 13:11 - 2015-03-01 13:32 - 298852296 _____ () C:\Users\Greg\Downloads\Is10.avi
2015-03-01 10:17 - 2015-03-01 10:17 - 00034429 _____ () C:\Users\Greg\Downloads\Snails-in-the-rain-67.srt
2015-02-28 21:12 - 2015-02-28 21:12 - 00002976 _____ () C:\MBAM.txt
2015-02-28 18:13 - 2015-02-28 18:13 - 00002158 _____ () C:\Users\Greg\Desktop\adwcleaner_4.111 - odkaz.lnk
2015-02-28 18:09 - 2015-03-02 17:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 18:09 - 2015-02-28 18:09 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 18:09 - 2015-02-28 18:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 18:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-28 18:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 18:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 17:51 - 2015-02-28 17:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Greg\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-28 17:00 - 2015-02-28 17:00 - 00000000 ____D () C:\ProgramData\Ralink Bluetooth Stack
2015-02-28 17:00 - 2015-02-28 17:00 - 00000000 ____D () C:\Program Files (x86)\Ralink Corporation
2015-02-28 16:16 - 2015-02-28 16:16 - 02126848 _____ () C:\Users\Greg\Downloads\adwcleaner_4.111.exe
2015-02-28 13:53 - 2015-02-28 13:53 - 00008550 _____ () C:\Users\Greg\Documents\cc_20150228_135309.reg
2015-02-28 13:42 - 2015-02-28 13:42 - 01222144 _____ () C:\Users\Greg\Downloads\RSITx64(1).exe
2015-02-26 11:30 - 2015-02-26 11:30 - 00000000 ____D () C:\Program Files\WinPcap
2015-02-26 11:29 - 2015-02-26 11:30 - 00000000 ____D () C:\ProgramData\Freemake
2015-02-26 11:29 - 2015-02-26 11:29 - 00001344 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2015-02-26 11:29 - 2015-02-26 11:29 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-02-26 11:29 - 2015-02-26 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-02-26 11:29 - 2015-02-26 11:29 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-02-15 11:27 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 11:27 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 17:07 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-12 17:07 - 2015-01-15 12:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-02-12 17:07 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 17:07 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-12 17:07 - 2015-01-15 11:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-02-12 17:07 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 17:07 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 17:07 - 2015-01-15 05:08 - 00568656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 17:07 - 2015-01-09 05:33 - 04061696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 17:04 - 2015-01-29 09:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-02-12 17:04 - 2015-01-29 09:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-02-12 17:04 - 2015-01-29 09:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-02-12 17:04 - 2015-01-29 09:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-12 17:04 - 2015-01-29 09:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-12 17:04 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-12 17:04 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 16:39 - 2015-01-12 07:49 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:39 - 2015-01-12 07:48 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:39 - 2015-01-12 07:47 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:39 - 2015-01-12 06:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:39 - 2015-01-12 06:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:38 - 2015-01-12 07:49 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:38 - 2015-01-12 07:49 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:38 - 2015-01-12 07:49 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:38 - 2015-01-12 07:49 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-02-11 16:38 - 2015-01-12 07:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:38 - 2015-01-12 07:47 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:38 - 2015-01-12 07:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 16:38 - 2015-01-12 07:47 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:38 - 2015-01-12 07:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:38 - 2015-01-12 06:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:38 - 2015-01-12 06:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:38 - 2015-01-12 06:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:38 - 2015-01-12 06:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:38 - 2015-01-12 06:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:38 - 2015-01-12 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 16:38 - 2015-01-12 06:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:38 - 2015-01-12 06:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:38 - 2015-01-12 05:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 16:38 - 2015-01-12 04:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 16:38 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:38 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 16:37 - 2015-01-15 22:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-01 15:30 - 2015-02-01 15:30 - 00038836 _____ () C:\Users\Greg\Downloads\[kickass.so]the.warwick.rowers.2014.bigger.longer.uncut.avi.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 17:24 - 2015-01-05 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-02 16:08 - 2012-11-22 04:49 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-02 16:08 - 2012-09-26 09:53 - 00000932 _____ () C:\Windows\SysWOW64\bscs.ini
2015-03-02 16:07 - 2014-10-14 18:04 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForGreg.job
2015-03-02 16:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\L2Schemas
2015-03-02 16:07 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 09:45 - 2014-10-14 18:04 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGreg
2015-03-01 09:45 - 2014-08-29 12:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-01 09:45 - 2014-08-15 13:41 - 00000000 ____D () C:\Users\Greg
2015-02-28 21:18 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-28 17:01 - 2012-12-15 14:41 - 00000032 _____ () C:\Windows\0
2015-02-28 16:58 - 2012-08-02 22:20 - 00000000 ____D () C:\swsetup
2015-02-28 16:46 - 2012-11-22 04:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-28 16:45 - 2012-12-15 14:59 - 00000000 ____D () C:\Windows\Hewlett-Packard
2015-02-28 16:44 - 2014-08-15 13:49 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\hpqlog
2015-02-28 16:38 - 2015-01-27 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-28 16:19 - 2014-08-08 18:28 - 00000000 ____D () C:\AdwCleaner
2015-02-28 13:50 - 2014-10-18 16:43 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-28 13:50 - 2014-10-18 16:43 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-28 13:43 - 2015-01-05 19:04 - 00000000 ____D () C:\Program Files\trend micro
2015-02-28 11:33 - 2014-11-21 22:52 - 00000000 ___HD () C:\$Windows.~BT
2015-02-27 19:45 - 2013-05-17 17:44 - 00000000 ____D () C:\Users\Greg\dwhelper
2015-02-26 19:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-02-26 11:34 - 2013-06-24 21:01 - 00000000 ____D () C:\Users\Greg\Documents\Freemake
2015-02-26 08:40 - 2013-04-20 19:50 - 00000000 ____D () C:\pesničky
2015-02-15 12:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-02-15 11:39 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-15 11:38 - 2014-08-15 13:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-314600275-898652346-4024885708-1002
2015-02-15 11:15 - 2012-12-15 15:01 - 00001648 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2015-02-15 11:15 - 2012-11-22 05:01 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2015-02-14 13:58 - 2014-10-17 14:56 - 00318408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 13:56 - 2014-08-15 19:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 13:56 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-02-14 13:53 - 2014-08-15 19:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 16:01 - 2015-01-30 06:09 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\tixati
2015-02-08 14:16 - 2014-08-29 12:30 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-06 14:59 - 2014-08-16 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 20:26 - 2015-01-05 18:15 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:32 - 2015-01-30 06:09 - 00000834 _____ () C:\Users\Greg\Desktop\Tixati.lnk
2015-02-03 20:29 - 2014-11-14 07:16 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:29 - 2014-11-14 07:16 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-28 08:59

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Greg at 2015-03-02 17:56:51
Running from C:\Users\Greg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{45324571-83B7-307A-6114-DAE65A50DC8E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1924 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.2006 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4330 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3231 - CyberLink Corp.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.0.3 - Hewlett-Packard Company)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.0.4542 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.0.4542 - Hewlett-Packard Company) Hidden
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.67.5221 - Gretech Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{29989969-FED8-4EFB-8FB2-39429D37E471}) (Version: 5.1.5.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{FCD58C04-324A-40D1-BA9E-1A754DF1736D}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 8.0.0.1314 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{B50981AD-95E8-4E4D-912A-7C4B738387CA}) (Version: 3.4.6.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D82ABA2F-492B-440F-A9BC-12331B17EEA9}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{D1E7D876-6B86-4B35-A93D-15B0D6C43EAF}) (Version: 8.5.4.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{357FE1E9-5890-4697-95DD-B15E01B4AA2A}) (Version: 1.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.6.1002 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 sk)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.8 - PDF Complete, Inc)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Tixati (HKLM-x32\...\tixati) (Version: - )
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

12-02-2015 17:19:13 Windows Update
15-02-2015 12:49:57 HPSF Applying updates
22-02-2015 10:06:38 Windows Update
28-02-2015 11:22:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14B07A6E-0215-4453-9D05-5B981E7EFF06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1D89D7CD-0E33-4118-9E9F-349A3613DD78} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-19] (AVAST Software)
Task: {2D26D401-8C3D-4B1E-830C-712A0CB3059A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {32AF97F9-4515-47C8-A501-A83C95506232} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {35AAC897-BDFF-4466-89E4-7A0B5DB7F625} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {48BF4FD9-9871-42BA-B865-5FB852360CEA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-30] (Synaptics Incorporated)
Task: {82F83CEA-5C2A-4601-B987-7266857963BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-14] (Microsoft Corporation)
Task: {8C75622E-F128-4B9A-84B4-8F7DAA80A06E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CC4D13FC-FFD7-425E-9AD6-E367CA1658E1} - System32\Tasks\HPCeeScheduleForGreg => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E7892EC3-CB32-4A52-A939-0089876E735D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGreg.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\SYSTEM32\LIBEAY32.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2012-08-23 12:07 - 2012-08-23 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-06 20:54 - 2012-08-06 20:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-02 09:55 - 2015-03-02 09:55 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15030200\algo.dll
2015-03-02 17:42 - 2015-03-02 17:42 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15030201\algo.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2014-12-19 09:18 - 2014-12-19 09:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-18 17:34 - 2014-10-18 17:34 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\edf3b402d5c63fa40c600614d78bfc74\PSIClient.ni.dll
2012-12-15 14:38 - 2012-07-18 07:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-314600275-898652346-4024885708-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Greg\Pictures\pre spomienku\nasa trieda.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKU\S-1-5-21-314600275-898652346-4024885708-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-314600275-898652346-4024885708-500 - Administrator - Disabled) => C:\Users\Administrator
Greg (S-1-5-21-314600275-898652346-4024885708-1002 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-314600275-898652346-4024885708-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ralink Bluetooth PCIe Adapter
Description: Ralink Bluetooth PCIe Adapter
Class Guid: {d2de069d-7286-420b-baf8-225d700ce748}
Manufacturer: Ralink Technology Corp.
Service: rtbth
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 06:15:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (03/01/2015 09:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (03/01/2015 09:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (03/01/2015 09:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/01/2015 05:48:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: DPAgent.exe, verzia: 5.4.0.1813, časová značka: 0x5037cf4c
Názov chybujúceho modulu: ptdmlitemanagerdp.dll, verzia: 7.1.0.3, časová značka: 0x501914c6
Kód výnimky: 0xc000041d
Odstup chyby: 0x0003e6b2
Identifikácia chybujúceho procesu: 0xd44
Čas spustenia chybujúcej aplikácie: 0xDPAgent.exe0
Cesta chybujúcej aplikácie: DPAgent.exe1
Cesta chybujúceho modulu: DPAgent.exe2
Identifikácia hlásenia: DPAgent.exe3
Celé meno chybujúceho balíka: DPAgent.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: DPAgent.exe5

Error: (03/01/2015 05:48:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: DPAgent.exe, verzia: 5.4.0.1813, časová značka: 0x5037cf4c
Názov chybujúceho modulu: ptdmlitemanagerdp.dll, verzia: 7.1.0.3, časová značka: 0x501914c6
Kód výnimky: 0xc0000005
Odstup chyby: 0x0003e6b2
Identifikácia chybujúceho procesu: 0xd44
Čas spustenia chybujúcej aplikácie: 0xDPAgent.exe0
Cesta chybujúcej aplikácie: DPAgent.exe1
Cesta chybujúceho modulu: DPAgent.exe2
Identifikácia hlásenia: DPAgent.exe3
Celé meno chybujúceho balíka: DPAgent.exe4
Identifikácia chybujúcej aplikácie vzhľadom na balík: DPAgent.exe5

Error: (03/01/2015 03:13:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (03/01/2015 03:09:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (02/28/2015 08:12:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPSF.exe version 7.4.45.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1348

Start Time: 01d053892fd4bd67

Termination Time: 125

Application Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Report Id: a68339ef-bf7d-11e4-be96-b4b52f815bb4

Faulting package full name:

Faulting package-relative application ID:

Error: (02/26/2015 08:19:36 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error


System errors:
=============
Error: (03/02/2015 04:07:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/01/2015 10:42:12 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053TrustedInstallerUnavailable{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/01/2015 10:42:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Modules Installer zlyhalo kvôli nasledujúcej chybe:
%%1053

Error: (03/01/2015 10:42:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Windows Modules Installer bol dosiahnutý časový limit (30000 ms).

Error: (02/28/2015 09:18:24 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (02/28/2015 04:21:11 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (02/28/2015 11:33:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0xc190010f: Slovak ESD Bundle Parent.

Error: (02/26/2015 03:53:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/25/2015 09:33:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/23/2015 06:00:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x8024200d: Slovak ESD Bundle Parent.


Microsoft Office Sessions:
=========================
Error: (03/02/2015 06:15:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (03/01/2015 09:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (03/01/2015 09:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (03/01/2015 09:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/01/2015 05:48:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DPAgent.exe5.4.0.18135037cf4cptdmlitemanagerdp.dll7.1.0.3501914c6c000041d0003e6b2d4401d0539500af5f81c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exec:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\ptdmlitemanagerdp.dlld5a0b6dc-c032-11e4-be97-b4b52f815bb4

Error: (03/01/2015 05:48:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DPAgent.exe5.4.0.18135037cf4cptdmlitemanagerdp.dll7.1.0.3501914c6c00000050003e6b2d4401d0539500af5f81c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exec:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\ptdmlitemanagerdp.dlld3cfc6ba-c032-11e4-be97-b4b52f815bb4

Error: (03/01/2015 03:13:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (03/01/2015 03:09:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (02/28/2015 08:12:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPSF.exe7.4.45.4134801d053892fd4bd67125C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exea68339ef-bf7d-11e4-be96-b4b52f815bb4

Error: (02/26/2015 08:19:36 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 36%
Total physical RAM: 3978.76 MB
Available physical RAM: 2533.7 MB
Total Pagefile: 4682.76 MB
Available Pagefile: 2884.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:682.11 GB) (Free:125.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:13.33 GB) (Free:2.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type.

==================== End Of Log ============================

[benjamin777]

FRSTlauncher.exe mi nesiel stiahnut z odkazu, ktory uvadzate, vraj bol funkcny iba do 28.2.2015

[Márty84]

Diky za upozorneni!


Odinstalujte to MBAM, at se nepere s Avastem.


Napiste mi velikost adresare plochy (C:\Users\Greg\Plocha)



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-314600275-898652346-4024885708-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGreg.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[benjamin777]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Greg at 2015-03-02 20:05:07 Run:1
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available profiles: Greg & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-17] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-314600275-898652346-4024885708-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGreg.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDF Complete => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-314600275-898652346-4024885708-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForGreg.job => Moved successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 24 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:05:52 ====

Pracovna plocha ma 450B.

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[benjamin777]

Ccleaner pouzivam pravidelne, pouzil som aj defraggler, ale z nejakeho dovodu mi posledny tyzden pocitac zvykne zamrznut, hlavne ked som na nete - prehliadac mozilla. Mam v pocitac spyware?

[Márty84]

V lozich nebyl videt. Co je tam ted netusim.

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)


Postupujte podle navodu kolegy

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

29.3. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975