Dobry den, cca poslednich 14 dni se mi nahodne otviraji nevyzadane stranky. Stranky se otviraji nahodne (neni to vzdy tataz stranka). K otevreni vetsinou dojde kdyz kliknu na nejaky odkaz. Tj. misto me chtene stranky se otevre stranka uplne jina (jako novy Tab). Pri opetovnem kliknuti na ten stejny odkaz se jiz otevre spravna stranka.
Prikladam log z RSIT. Dekuji za pomoc. Petra
Logfile of random's system information tool 1.10 (written by random/random)
Run by trestidlo at 2015-04-30 02:37:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 12 GB (5%) free of 221 GB
Total RAM: 2991 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:12, on 30.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe
C:\ProgramData\DTH\DTH_Taskbar.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\bfgclient\bfgclient.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\Osobni\Downloads new\RSIT.exe
C:\Program Files\trend micro\trestidlo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4111G0N105SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [DTH_Taskbar] C:\ProgramData\DTH\DTH_Taskbar.exe C:\Program Files\Design This Home\
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\windows\Jaksta\AC\x86\jaudcap.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
--
End of file - 13166 bytes
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleFortrestidlo.job - C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleFortrestidlo (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\trestidlo\AppData\Roaming\Mozilla\Firefox\Profiles\jl94csmo.default-1430069893418
"otis@digitalpersona.com"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Users\trestidlo\AppData\Roaming\Mozilla\Firefox\Profiles\jl94csmo.default-1430069893418\extensions\
foxmarks@kei.com
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2012-02-06 1471824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-12 287800]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-04-05 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-28 8192]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-11-04 111640]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2010-01-21 495708]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 978520]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-02-22 143856]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-02-22 178672]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-02-22 179184]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3520 series (NET)"=C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]
"Xvid"=C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
"QIP Internet Guardian"=C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe [2014-03-04 436720]
"DTH_Taskbar"=C:\ProgramData\DTH\DTH_Taskbar.exe [2013-11-13 875008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\Jaksta\AC\x86\jaudcap.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2013-02-19 293888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=3
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"vidc.ffds"=C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-30 02:37:10 ----D---- C:\Program Files\trend micro
2015-04-30 02:37:09 ----D---- C:\rsit
2015-04-29 20:46:31 ----D---- C:\Users\trestidlo\AppData\Roaming\Anuman
2015-04-29 20:20:53 ----D---- C:\Program Files\Monument Builders - Alcatraz
2015-04-26 16:32:39 ----A---- C:\TDSSKiller.3.0.0.44_26.04.2015_16.32.39_log.txt
2015-04-21 21:44:52 ----D---- C:\Program Files\Mozilla Firefox
2015-04-15 06:33:53 ----A---- C:\windows\system32\clfsw32.dll
2015-04-15 06:33:53 ----A---- C:\windows\system32\clfs.sys
2015-04-15 06:33:50 ----A---- C:\windows\system32\ntoskrnl.exe
2015-04-15 06:33:50 ----A---- C:\windows\system32\ntdll.dll
2015-04-15 06:33:49 ----A---- C:\windows\system32\ntkrnlpa.exe
2015-04-15 06:33:48 ----A---- C:\windows\system32\wdigest.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\TSpkg.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\sspicli.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\srcore.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\srclient.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\smss.exe
2015-04-15 06:33:48 ----A---- C:\windows\system32\schannel.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\rstrui.exe
2015-04-15 06:33:48 ----A---- C:\windows\system32\ncrypt.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\msv1_0.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\lsass.exe
2015-04-15 06:33:48 ----A---- C:\windows\system32\lsasrv.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\kerberos.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2015-04-15 06:33:48 ----A---- C:\windows\system32\drivers\ksecdd.sys
2015-04-15 06:33:48 ----A---- C:\windows\system32\csrsrv.dll
2015-04-15 06:33:48 ----A---- C:\windows\system32\auditpol.exe
2015-04-15 06:33:47 ----A---- C:\windows\system32\sspisrv.dll
2015-04-15 06:33:47 ----A---- C:\windows\system32\secur32.dll
2015-04-15 06:33:47 ----A---- C:\windows\system32\msobjs.dll
2015-04-15 06:33:47 ----A---- C:\windows\system32\msaudite.dll
2015-04-15 06:33:47 ----A---- C:\windows\system32\credssp.dll
2015-04-15 06:33:47 ----A---- C:\windows\system32\apisetschema.dll
2015-04-15 06:33:47 ----A---- C:\windows\system32\adtschema.dll
2015-04-15 06:33:38 ----A---- C:\windows\system32\gdi32.dll
2015-04-15 06:33:37 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 06:33:36 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 06:33:36 ----A---- C:\windows\system32\iernonce.dll
2015-04-15 06:33:36 ----A---- C:\windows\system32\ieetwproxystub.dll
2015-04-15 06:33:36 ----A---- C:\windows\system32\ieetwcollector.exe
2015-04-15 06:33:36 ----A---- C:\windows\system32\ie4uinit.exe
2015-04-15 06:33:35 ----A---- C:\windows\system32\urlmon.dll
2015-04-15 06:33:35 ----A---- C:\windows\system32\jsproxy.dll
2015-04-15 06:33:35 ----A---- C:\windows\system32\jscript9diag.dll
2015-04-15 06:33:35 ----A---- C:\windows\system32\ieUnatt.exe
2015-04-15 06:33:35 ----A---- C:\windows\system32\iedkcs32.dll
2015-04-15 06:33:35 ----A---- C:\windows\system32\dxtmsft.dll
2015-04-15 06:33:34 ----A---- C:\windows\system32\msfeeds.dll
2015-04-15 06:33:34 ----A---- C:\windows\system32\ieapfltr.dll
2015-04-15 06:33:33 ----A---- C:\windows\system32\wininet.dll
2015-04-15 06:33:33 ----A---- C:\windows\system32\msrating.dll
2015-04-15 06:33:33 ----A---- C:\windows\system32\iesetup.dll
2015-04-15 06:33:33 ----A---- C:\windows\system32\ieetwcollectorres.dll
2015-04-15 06:33:32 ----A---- C:\windows\system32\dxtrans.dll
2015-04-15 06:33:31 ----A---- C:\windows\system32\ieui.dll
2015-04-15 06:33:31 ----A---- C:\windows\system32\ieframe.dll
2015-04-15 06:33:30 ----A---- C:\windows\system32\mshtmlmedia.dll
2015-04-15 06:33:30 ----A---- C:\windows\system32\mshtmled.dll
2015-04-15 06:33:29 ----A---- C:\windows\system32\MshtmlDac.dll
2015-04-15 06:33:29 ----A---- C:\windows\system32\iertutil.dll
2015-04-15 06:33:28 ----A---- C:\windows\system32\mshtml.dll
2015-04-15 06:33:27 ----A---- C:\windows\system32\vbscript.dll
2015-04-15 06:33:27 ----A---- C:\windows\system32\jscript9.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wuwebv.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wups2.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wups.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wudriver.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wucltux.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wuauclt.exe
2015-04-15 06:33:01 ----A---- C:\windows\system32\wuapp.exe
2015-04-15 06:33:01 ----A---- C:\windows\system32\wuapi.dll
2015-04-15 06:33:01 ----A---- C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 06:33:00 ----A---- C:\windows\system32\wuaueng.dll
2015-04-15 06:33:00 ----A---- C:\windows\system32\WinSetupUI.dll
2015-04-15 06:32:56 ----A---- C:\windows\system32\drivers\http.sys
2015-04-15 06:32:55 ----A---- C:\windows\system32\msxml3r.dll
2015-04-15 06:32:55 ----A---- C:\windows\system32\msxml3.dll
2015-04-02 21:33:12 ----D---- C:\Program Files\Mozilla Thunderbird
======List of files/folders modified in the last 1 month======
2015-04-30 02:37:10 ----RD---- C:\Program Files
2015-04-30 02:33:10 ----D---- C:\windows\Temp
2015-04-30 02:32:47 ----D---- C:\AdwCleaner
2015-04-30 02:32:27 ----D---- C:\windows\system32\config
2015-04-30 02:21:37 ----D---- C:\windows\Prefetch
2015-04-29 20:53:47 ----AD---- C:\ProgramData\TEMP
2015-04-29 20:13:41 ----D---- C:\BigFishCache
2015-04-29 17:18:25 ----A---- C:\windows\system32\log.txt
2015-04-29 14:24:19 ----D---- C:\Program Files\QIP Infium
2015-04-29 13:01:54 ----D---- C:\windows\System32
2015-04-29 13:01:54 ----D---- C:\windows\inf
2015-04-29 13:01:54 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-04-29 12:57:50 ----D---- C:\ProgramData\HPQLOG
2015-04-28 20:19:51 ----SHD---- C:\System Volume Information
2015-04-27 15:21:53 ----D---- C:\windows\Microsoft.NET
2015-04-27 08:28:03 ----HD---- C:\ProgramData
2015-04-26 20:18:37 ----SHD---- C:\windows\Installer
2015-04-26 16:32:43 ----D---- C:\windows\system32\drivers
2015-04-26 15:43:47 ----D---- C:\Users\trestidlo\AppData\Roaming\gsak
2015-04-26 14:50:47 ----D---- C:\Program Files\gsak
2015-04-26 14:50:28 ----D---- C:\Osobni
2015-04-23 14:43:33 ----D---- C:\Windows
2015-04-23 08:00:58 ----D---- C:\windows\ModemLogs
2015-04-23 08:00:58 ----D---- C:\windows\debug
2015-04-23 01:31:55 ----D---- C:\KMPlayer
2015-04-23 01:22:05 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-04-17 21:27:21 ----D---- C:\windows\system32\DriverStore
2015-04-16 13:54:01 ----D---- C:\windows\rescache
2015-04-16 07:17:26 ----RSD---- C:\windows\assembly
2015-04-16 07:11:38 ----D---- C:\windows\winsxs
2015-04-16 07:09:31 ----D---- C:\windows\system32\en-US
2015-04-16 07:09:28 ----D---- C:\Program Files\Internet Explorer
2015-04-15 22:54:07 ----D---- C:\windows\system32\MRT
2015-04-15 22:50:12 ----A---- C:\windows\system32\MRT.exe
2015-04-15 22:49:59 ----D---- C:\ProgramData\Microsoft Help
2015-04-15 22:46:25 ----D---- C:\windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
R0 giveio;giveio; C:\windows\system32\giveio.sys [1996-04-03 5248]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 iaStor;Intel RAID Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-04-05 331288]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2014-11-15 239224]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 110520]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-12-16 51800]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 13256]
R0 speedfan;speedfan; C:\windows\system32\speedfan.sys [2012-12-29 24184]
R0 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 28032]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 appliand;Applian LightWeight Filter; C:\windows\system32\DRIVERS\appliand.sys [2013-02-06 25696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\windows\system32\drivers\HWiNFO32.SYS [2015-01-17 23840]
R1 MpKsl51a518c9;MpKsl51a518c9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C74DA669-08FF-4E96-9503-9BC176803B60}\MpKsl51a518c9.sys []
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 40088]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\windows\system32\DRIVERS\mdc8021x.sys [2014-04-01 15781]
R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 rimmptsk;rimmptsk; C:\windows\system32\DRIVERS\rimmptsk.sys [2009-06-26 48128]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-08-03 1161760]
R3 ALSysIO;ALSysIO; \??\C:\Users\TRESTI~1\AppData\Local\Temp\ALSysIO.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k6232.sys [2011-05-04 266408]
R3 gzflt;gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [2015-01-22 169992]
R3 HECI;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2013-02-19 10861056]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
R3 jakstaVA;Digital Video Recorder; C:\windows\system32\DRIVERS\jaksta_va.sys [2014-12-09 91784]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\windows\system32\DRIVERS\NETwNs32.sys [2014-04-05 7517696]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2014-06-21 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rismc32;RICOH Smart Card Reader; C:\windows\system32\DRIVERS\rismc32.sys [2009-07-21 49152]
R3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-06-03 1763968]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt.sys [2010-01-21 423424]
R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe86.sys [2009-10-27 48640]
S2 rimsptsk;rimsptsk; C:\windows\system32\DRIVERS\rimsptsk.sys [2009-06-26 44544]
S2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
S2 rismxdp;Ricoh xD-Picture Card Driver; C:\windows\system32\DRIVERS\rixdptsk.sys [2009-06-26 38400]
S2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe86.sys [2009-12-12 38912]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
S3 dsNcAdpt;Juniper Network Connect Adapter; C:\windows\system32\DRIVERS\dsNcAdpt.sys []
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 grmnusb;grmnusb; C:\windows\system32\drivers\grmnusb.sys [2012-04-18 15720]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 Trufos;Trufos; C:\windows\system32\DRIVERS\Trufos.sys [2015-01-22 408280]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe [2009-03-03 81920]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-08-03 14336]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-07-16 300880]
R2 HP ProtectTools Service;HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-28 102968]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom; C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-13 26168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-04-05 354840]
R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [2015-03-10 670808]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 22184]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 rgsender;Remote Graphics Sender Service; c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe [2010-01-21 229458]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-13 1129760]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-21 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2014-03-17 1343400]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nevyzadane otvirani stranek ve Firefox
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Nevyzadane otvirani stranek ve Firefox
Krasny den Vam preju 
Odinstalujte V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Odinstalujte - McAfee Security Scan - adware z instalace Adobe Flash Playeru http://forum.viry.cz/viewtopic.php?p=1374437#p1374437
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Nevyzadane otvirani stranek ve Firefox
Zdravim a dekuji za pomoc.
Zatim jsem odinstalovala Mcafee ... Plus a spustila AdwCleaner jako administrator. Skoncila jsem se Scanem a pred tim, nez dam Clean, bych se chtela zeptat, co mi to vlastne vycisti.
V zalozce Scheduled Task mam "GPUP" a zadny dalsi popis.
V zalozce Registry mam "HKCU\Software\AppDataLow\Software\adawarebp"
To GPUP jsem na google nenasla vubec.
adawarebp by mozna mohlo mit spojitost s programem Ad-aware, ktery mam na svem compu nainstalovany a pouzivam ho. Mam presto tento zaznam nechat oznaceny ke smazani?
Dekuji Petra
Zatim jsem odinstalovala Mcafee ... Plus a spustila AdwCleaner jako administrator. Skoncila jsem se Scanem a pred tim, nez dam Clean, bych se chtela zeptat, co mi to vlastne vycisti.
V zalozce Scheduled Task mam "GPUP" a zadny dalsi popis.
V zalozce Registry mam "HKCU\Software\AppDataLow\Software\adawarebp"
To GPUP jsem na google nenasla vubec.
adawarebp by mozna mohlo mit spojitost s programem Ad-aware, ktery mam na svem compu nainstalovany a pouzivam ho. Mam presto tento zaznam nechat oznaceny ke smazani?
Dekuji Petra
Re: Nevyzadane otvirani stranek ve Firefox
Po kliknuti na tlacitko Scan se vytvoril log s nalezy, ktery je v
C:\AdwCleaner\AdwCleaner [Rx].txt
x znaci poradove cislo
Vlozte jeho obsah a koukneme na nalezy jeste pred smazanim (umistenim do karanteny AdwCleaneru).
C:\AdwCleaner\AdwCleaner [Rx].txt
x znaci poradove cislo
Vlozte jeho obsah a koukneme na nalezy jeste pred smazanim (umistenim do karanteny AdwCleaneru).
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Nevyzadane otvirani stranek ve Firefox
# AdwCleaner v4.202 - Logfile created 30/04/2015 at 12:09:02
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : trestidlo - TRESTIDLONTB
# Running from : C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
Task Found : GPUP
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
*************************
AdwCleaner[R0].txt - [7540 bytes] - [05/12/2014 18:41:03]
AdwCleaner[R1].txt - [961 bytes] - [30/04/2015 02:31:35]
AdwCleaner[R2].txt - [828 bytes] - [30/04/2015 12:09:02]
AdwCleaner[S0].txt - [7812 bytes] - [05/12/2014 18:42:38]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [945 bytes] ##########
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : trestidlo - TRESTIDLONTB
# Running from : C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
Task Found : GPUP
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
*************************
AdwCleaner[R0].txt - [7540 bytes] - [05/12/2014 18:41:03]
AdwCleaner[R1].txt - [961 bytes] - [30/04/2015 02:31:35]
AdwCleaner[R2].txt - [828 bytes] - [30/04/2015 12:09:02]
AdwCleaner[S0].txt - [7812 bytes] - [05/12/2014 18:42:38]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [945 bytes] ##########
Re: Nevyzadane otvirani stranek ve Firefox
Nic nemazte, podivame se na nalezy detailneji. Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Nevyzadane otvirani stranek ve Firefox
FRST.log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by trestidlo (administrator) on TRESTIDLONTB on 30-04-2015 13:22:54
Running from C:\Users\trestidlo\Desktop
Loaded Profiles: trestidlo (Available profiles: trestidlo & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard, Inc.) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Core Temp\Core Temp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(QIP.ru) C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe
() C:\ProgramData\DTH\DTH_Taskbar.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-28] (Hewlett-Packard)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [QIP Internet Guardian] => C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe [436720 2014-03-04] (QIP.ru)
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [DTH_Taskbar] => C:\ProgramData\DTH\DTH_Taskbar.exe [875008 2013-11-13] ()
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\MountPoints2: {1f5b183b-ac5a-11e3-a9a8-68b599efd76a} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-07-04] (Microsoft Corporation)
AppInit_DLLs: C:\windows\Jaksta\AC\x86\jaudcap.dll => C:\windows\Jaksta\AC\x86\jaudcap.dll [264992 2015-04-24] (Jaksta Technologies Pty Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM -> DefaultScope {70415402-EFA0-47C4-B8FD-0383DA77323D} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {70415402-EFA0-47C4-B8FD-0383DA77323D} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {70415402-EFA0-47C4-B8FD-0383DA77323D} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2012-02-06] (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/Juni ... Client.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\trestidlo\AppData\Roaming\Mozilla\Firefox\Profiles\jl94csmo.default-1430069893418
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Xmarks - C:\Users\trestidlo\AppData\Roaming\Mozilla\Firefox\Profiles\jl94csmo.default-1430069893418\Extensions\foxmarks@kei.com [2015-04-27]
FF Extension: ffChromeHelper - C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} [2015-04-21]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} [2015-04-21]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-04-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968 2010-01-28] (Hewlett-Packard)
R2 Hp.Skyroom.Windows.Service; C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 rgsender; c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.) [File not signed]
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe [229458 2010-01-21] (IDT, Inc.)
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 appliand; C:\windows\System32\DRIVERS\appliand.sys [25696 2013-02-06] (Applian Technologies Inc.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 giveio; C:\windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 grmnusb; C:\windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [169992 2015-01-22] (BitDefender LLC)
R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-17] (REALiX(tm))
R3 jakstaVA; C:\windows\System32\DRIVERS\jaksta_va.sys [91784 2014-12-09] (e2eSoft)
R2 MDC8021X; C:\windows\System32\DRIVERS\mdc8021x.sys [15781 2014-04-01] (Meetinghouse Data Communications) [File not signed]
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKslc4128231; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4ECA20EE-66AC-4378-A453-07BF255D32A2}\MpKslc4128231.sys [39464 2015-04-30] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7517696 2014-04-05] (Intel Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 risdpcie; C:\windows\system32\DRIVERS\risdpe86.sys [47616 2009-10-29] (REDC)
R3 rismc32; C:\windows\System32\DRIVERS\rismc32.sys [49152 2009-07-21] (RICOH Company, Ltd.)
S2 rixdpcie; C:\windows\system32\DRIVERS\rixdpe86.sys [38912 2009-12-12] (REDC)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2009-12-16] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] ()
R0 speedfan; C:\windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\TRESTI~1\AppData\Local\Temp\ALSysIO.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 13:22 - 2015-04-30 13:23 - 00018244 _____ () C:\Users\trestidlo\Desktop\FRST.txt
2015-04-30 13:22 - 2015-04-30 13:22 - 00000000 ____D () C:\FRST
2015-04-30 13:07 - 2015-04-30 12:44 - 00112640 _____ (forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe
2015-04-30 12:42 - 2015-04-30 12:41 - 01140736 _____ (Farbar) C:\Users\trestidlo\Desktop\FRST.exe
2015-04-30 12:06 - 2015-04-30 02:31 - 02224640 _____ () C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\rsit
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\trend micro
2015-04-29 20:46 - 2015-04-29 20:46 - 00000000 ____D () C:\Users\trestidlo\AppData\Roaming\Anuman
2015-04-29 20:21 - 2015-04-29 20:21 - 00002021 _____ () C:\Users\Public\Desktop\Play Monument Builders - Alcatraz.lnk
2015-04-29 20:20 - 2015-04-29 20:21 - 00000000 ____D () C:\Program Files\Monument Builders - Alcatraz
2015-04-29 20:20 - 2015-04-29 20:20 - 00000000 ____D () C:\Users\trestidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monument Builders - Alcatraz
2015-04-29 20:20 - 2015-04-29 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monument Builders - Alcatraz
2015-04-26 19:38 - 2015-04-26 19:38 - 00000000 ____D () C:\Users\trestidlo\Desktop\Old Firefox Data
2015-04-23 14:43 - 2015-04-30 08:50 - 00000826 _____ () C:\windows\setupact.log
2015-04-23 14:43 - 2015-04-23 14:43 - 00000000 _____ () C:\windows\setuperr.log
2015-04-21 21:44 - 2015-04-21 21:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-15 06:33 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 06:33 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 06:33 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 06:33 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-04-15 06:33 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 06:33 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-15 06:33 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-15 06:33 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-15 06:33 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-15 06:33 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-15 06:33 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 06:33 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 06:33 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 06:33 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 06:33 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 06:33 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 06:33 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 06:33 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 06:33 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 06:33 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 06:33 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 06:33 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 06:33 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 06:33 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 06:33 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 06:33 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 06:33 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 06:33 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 06:33 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 06:33 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 06:33 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 06:33 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 06:33 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 06:33 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 06:33 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 06:33 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 06:33 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 06:33 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 06:33 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 06:33 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 06:33 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 06:33 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 06:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 06:32 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 06:32 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 06:32 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-11 07:17 - 2015-04-13 13:34 - 00010812 _____ () C:\Users\trestidlo\Desktop\PlenkyMarta.xlsx
2015-04-05 21:49 - 2015-04-05 22:04 - 00000000 ____D () C:\Users\trestidlo\Documents\AirDroid
2015-04-02 21:33 - 2015-04-03 04:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 12:48 - 2014-03-16 02:46 - 01145076 _____ () C:\windows\WindowsUpdate.log
2015-04-30 12:40 - 2014-03-16 10:35 - 00000000 ____D () C:\KMPlayer
2015-04-30 12:09 - 2014-12-05 18:41 - 00000000 ____D () C:\AdwCleaner
2015-04-30 08:59 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 08:59 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 08:55 - 2010-12-22 06:28 - 00785794 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-30 08:52 - 2010-12-22 06:38 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-04-30 08:51 - 2014-12-21 10:50 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-30 08:50 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-30 04:54 - 2014-12-05 19:06 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-30 04:31 - 2014-12-05 19:05 - 00000000 ____D () C:\BigFishCache
2015-04-30 03:42 - 2014-04-11 17:25 - 00000000 ____D () C:\Users\trestidlo\Desktop\Video
2015-04-29 20:20 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-29 14:43 - 2014-04-04 10:07 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFortrestidlo.job
2015-04-29 14:24 - 2014-03-15 21:23 - 00000000 ____D () C:\Program Files\QIP Infium
2015-04-27 15:21 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-04-26 16:52 - 2015-03-28 10:21 - 00014110 _____ () C:\Users\trestidlo\Desktop\SkolkaCervenec.xlsx
2015-04-26 15:43 - 2014-03-15 19:34 - 00000000 ____D () C:\Users\trestidlo\AppData\Roaming\gsak
2015-04-26 14:50 - 2014-03-15 19:10 - 00000000 ____D () C:\Program Files\gsak
2015-04-26 14:50 - 2014-03-15 18:18 - 00000000 ____D () C:\Osobni
2015-04-26 12:12 - 2014-10-10 19:46 - 00013455 _____ () C:\Users\trestidlo\Desktop\SkolkaHvezdicka.xlsx
2015-04-26 12:02 - 2015-01-14 11:45 - 00018425 _____ () C:\Users\trestidlo\Desktop\PraceObedJIzdneUtrata.xlsx
2015-04-23 18:08 - 2015-01-25 14:03 - 00016031 _____ () C:\Users\trestidlo\Desktop\Klfree.xlsx
2015-04-23 15:30 - 2015-01-17 08:11 - 00001302 _____ () C:\windows\system32\debug.log
2015-04-23 01:22 - 2014-03-19 13:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-20 14:49 - 2015-02-02 16:41 - 00565400 _____ () C:\Users\trestidlo\Desktop\PlenkyHOME.xlsx
2015-04-18 13:46 - 2014-09-09 18:53 - 00211169 _____ () C:\Users\trestidlo\Documents\SarkaCviceni.xlsx
2015-04-17 21:27 - 2015-03-11 23:02 - 00002340 _____ () C:\Users\trestidlo\Documents\Default.RDP
2015-04-16 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-04-15 22:54 - 2014-03-21 10:02 - 00000000 ____D () C:\windows\system32\MRT
2015-04-15 22:50 - 2014-03-21 10:02 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-15 22:49 - 2014-03-16 08:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2014-06-20 20:41 - 2014-06-21 07:35 - 0087608 _____ () C:\Users\trestidlo\AppData\Roaming\inst.exe
2014-06-20 20:41 - 2014-06-21 07:35 - 0007887 _____ () C:\Users\trestidlo\AppData\Roaming\pcouffin.cat
2014-06-20 20:41 - 2014-06-21 07:35 - 0001144 _____ () C:\Users\trestidlo\AppData\Roaming\pcouffin.inf
2014-06-20 20:41 - 2014-06-21 07:37 - 0000034 _____ () C:\Users\trestidlo\AppData\Roaming\pcouffin.log
2014-06-20 20:41 - 2014-06-21 07:35 - 0047360 _____ (VSO Software) C:\Users\trestidlo\AppData\Roaming\pcouffin.sys
2014-06-21 07:37 - 2014-06-21 08:18 - 0001057 _____ () C:\Users\trestidlo\AppData\Roaming\vso_ts_preview.xml
2014-03-15 18:12 - 2014-03-15 18:12 - 0000000 _____ () C:\Users\trestidlo\AppData\Local\AtStart.txt
2015-02-14 19:53 - 2015-02-14 19:54 - 0005120 _____ () C:\Users\trestidlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-15 18:12 - 2014-03-15 18:12 - 0000000 _____ () C:\Users\trestidlo\AppData\Local\DSwitch.txt
2014-03-15 18:12 - 2014-03-15 18:12 - 0000000 _____ () C:\Users\trestidlo\AppData\Local\QSwitch.txt
2015-01-03 17:18 - 2015-01-03 17:18 - 0013304 _____ () C:\Users\trestidlo\AppData\Local\recently-used.xbel
2014-04-18 04:15 - 2015-03-16 22:04 - 0007600 _____ () C:\Users\trestidlo\AppData\Local\Resmon.ResmonCfg
2014-03-22 09:33 - 2014-03-22 09:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-16 13:48 - 2014-03-16 13:48 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\HPCeeScheduleFortrestidlo.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:1656EE95
AlternateDataStreams: C:\ProgramData\TEMP:268A5068
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40
AlternateDataStreams: C:\ProgramData\TEMP:7C5E403A
AlternateDataStreams: C:\ProgramData\TEMP:A8369371
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
==================== Security Center ==================
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\trestidlo\Desktop" je 611 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by trestidlo (administrator) on TRESTIDLONTB on 30-04-2015 13:22:54
Running from C:\Users\trestidlo\Desktop
Loaded Profiles: trestidlo (Available profiles: trestidlo & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard, Inc.) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Core Temp\Core Temp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(QIP.ru) C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe
() C:\ProgramData\DTH\DTH_Taskbar.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-28] (Hewlett-Packard)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [QIP Internet Guardian] => C:\Users\trestidlo\AppData\Roaming\QipGuard\QipGuard.exe [436720 2014-03-04] (QIP.ru)
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [DTH_Taskbar] => C:\ProgramData\DTH\DTH_Taskbar.exe [875008 2013-11-13] ()
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\MountPoints2: {1f5b183b-ac5a-11e3-a9a8-68b599efd76a} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-07-04] (Microsoft Corporation)
AppInit_DLLs: C:\windows\Jaksta\AC\x86\jaudcap.dll => C:\windows\Jaksta\AC\x86\jaudcap.dll [264992 2015-04-24] (Jaksta Technologies Pty Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM -> DefaultScope {70415402-EFA0-47C4-B8FD-0383DA77323D} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {70415402-EFA0-47C4-B8FD-0383DA77323D} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {70415402-EFA0-47C4-B8FD-0383DA77323D} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2012-02-06] (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/Juni ... Client.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\trestidlo\AppData\Roaming\Mozilla\Firefox\Profiles\jl94csmo.default-1430069893418
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Xmarks - C:\Users\trestidlo\AppData\Roaming\Mozilla\Firefox\Profiles\jl94csmo.default-1430069893418\Extensions\foxmarks@kei.com [2015-04-27]
FF Extension: ffChromeHelper - C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} [2015-04-21]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} [2015-04-21]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-04-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968 2010-01-28] (Hewlett-Packard)
R2 Hp.Skyroom.Windows.Service; C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 rgsender; c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.) [File not signed]
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe [229458 2010-01-21] (IDT, Inc.)
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 appliand; C:\windows\System32\DRIVERS\appliand.sys [25696 2013-02-06] (Applian Technologies Inc.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 giveio; C:\windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 grmnusb; C:\windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [169992 2015-01-22] (BitDefender LLC)
R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-17] (REALiX(tm))
R3 jakstaVA; C:\windows\System32\DRIVERS\jaksta_va.sys [91784 2014-12-09] (e2eSoft)
R2 MDC8021X; C:\windows\System32\DRIVERS\mdc8021x.sys [15781 2014-04-01] (Meetinghouse Data Communications) [File not signed]
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKslc4128231; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4ECA20EE-66AC-4378-A453-07BF255D32A2}\MpKslc4128231.sys [39464 2015-04-30] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7517696 2014-04-05] (Intel Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 risdpcie; C:\windows\system32\DRIVERS\risdpe86.sys [47616 2009-10-29] (REDC)
R3 rismc32; C:\windows\System32\DRIVERS\rismc32.sys [49152 2009-07-21] (RICOH Company, Ltd.)
S2 rixdpcie; C:\windows\system32\DRIVERS\rixdpe86.sys [38912 2009-12-12] (REDC)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2009-12-16] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] ()
R0 speedfan; C:\windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\TRESTI~1\AppData\Local\Temp\ALSysIO.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 13:22 - 2015-04-30 13:23 - 00018244 _____ () C:\Users\trestidlo\Desktop\FRST.txt
2015-04-30 13:22 - 2015-04-30 13:22 - 00000000 ____D () C:\FRST
2015-04-30 13:07 - 2015-04-30 12:44 - 00112640 _____ (forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe
2015-04-30 12:42 - 2015-04-30 12:41 - 01140736 _____ (Farbar) C:\Users\trestidlo\Desktop\FRST.exe
2015-04-30 12:06 - 2015-04-30 02:31 - 02224640 _____ () C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\rsit
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\trend micro
2015-04-29 20:46 - 2015-04-29 20:46 - 00000000 ____D () C:\Users\trestidlo\AppData\Roaming\Anuman
2015-04-29 20:21 - 2015-04-29 20:21 - 00002021 _____ () C:\Users\Public\Desktop\Play Monument Builders - Alcatraz.lnk
2015-04-29 20:20 - 2015-04-29 20:21 - 00000000 ____D () C:\Program Files\Monument Builders - Alcatraz
2015-04-29 20:20 - 2015-04-29 20:20 - 00000000 ____D () C:\Users\trestidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monument Builders - Alcatraz
2015-04-29 20:20 - 2015-04-29 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monument Builders - Alcatraz
2015-04-26 19:38 - 2015-04-26 19:38 - 00000000 ____D () C:\Users\trestidlo\Desktop\Old Firefox Data
2015-04-23 14:43 - 2015-04-30 08:50 - 00000826 _____ () C:\windows\setupact.log
2015-04-23 14:43 - 2015-04-23 14:43 - 00000000 _____ () C:\windows\setuperr.log
2015-04-21 21:44 - 2015-04-21 21:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-15 06:33 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 06:33 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 06:33 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 06:33 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 06:33 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-04-15 06:33 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 06:33 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-15 06:33 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-15 06:33 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-15 06:33 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-15 06:33 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-15 06:33 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 06:33 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 06:33 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 06:33 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 06:33 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 06:33 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 06:33 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 06:33 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 06:33 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 06:33 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 06:33 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 06:33 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 06:33 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 06:33 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 06:33 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 06:33 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 06:33 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 06:33 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 06:33 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 06:33 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 06:33 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 06:33 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 06:33 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 06:33 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 06:33 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 06:33 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 06:33 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 06:33 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 06:33 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 06:33 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 06:33 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 06:33 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 06:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 06:32 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 06:32 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 06:32 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-11 07:17 - 2015-04-13 13:34 - 00010812 _____ () C:\Users\trestidlo\Desktop\PlenkyMarta.xlsx
2015-04-05 21:49 - 2015-04-05 22:04 - 00000000 ____D () C:\Users\trestidlo\Documents\AirDroid
2015-04-02 21:33 - 2015-04-03 04:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 12:48 - 2014-03-16 02:46 - 01145076 _____ () C:\windows\WindowsUpdate.log
2015-04-30 12:40 - 2014-03-16 10:35 - 00000000 ____D () C:\KMPlayer
2015-04-30 12:09 - 2014-12-05 18:41 - 00000000 ____D () C:\AdwCleaner
2015-04-30 08:59 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 08:59 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 08:55 - 2010-12-22 06:28 - 00785794 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-30 08:52 - 2010-12-22 06:38 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-04-30 08:51 - 2014-12-21 10:50 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-30 08:50 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-30 04:54 - 2014-12-05 19:06 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-30 04:31 - 2014-12-05 19:05 - 00000000 ____D () C:\BigFishCache
2015-04-30 03:42 - 2014-04-11 17:25 - 00000000 ____D () C:\Users\trestidlo\Desktop\Video
2015-04-29 20:20 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-29 14:43 - 2014-04-04 10:07 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFortrestidlo.job
2015-04-29 14:24 - 2014-03-15 21:23 - 00000000 ____D () C:\Program Files\QIP Infium
2015-04-27 15:21 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-04-26 16:52 - 2015-03-28 10:21 - 00014110 _____ () C:\Users\trestidlo\Desktop\SkolkaCervenec.xlsx
2015-04-26 15:43 - 2014-03-15 19:34 - 00000000 ____D () C:\Users\trestidlo\AppData\Roaming\gsak
2015-04-26 14:50 - 2014-03-15 19:10 - 00000000 ____D () C:\Program Files\gsak
2015-04-26 14:50 - 2014-03-15 18:18 - 00000000 ____D () C:\Osobni
2015-04-26 12:12 - 2014-10-10 19:46 - 00013455 _____ () C:\Users\trestidlo\Desktop\SkolkaHvezdicka.xlsx
2015-04-26 12:02 - 2015-01-14 11:45 - 00018425 _____ () C:\Users\trestidlo\Desktop\PraceObedJIzdneUtrata.xlsx
2015-04-23 18:08 - 2015-01-25 14:03 - 00016031 _____ () C:\Users\trestidlo\Desktop\Klfree.xlsx
2015-04-23 15:30 - 2015-01-17 08:11 - 00001302 _____ () C:\windows\system32\debug.log
2015-04-23 01:22 - 2014-03-19 13:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-20 14:49 - 2015-02-02 16:41 - 00565400 _____ () C:\Users\trestidlo\Desktop\PlenkyHOME.xlsx
2015-04-18 13:46 - 2014-09-09 18:53 - 00211169 _____ () C:\Users\trestidlo\Documents\SarkaCviceni.xlsx
2015-04-17 21:27 - 2015-03-11 23:02 - 00002340 _____ () C:\Users\trestidlo\Documents\Default.RDP
2015-04-16 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-04-15 22:54 - 2014-03-21 10:02 - 00000000 ____D () C:\windows\system32\MRT
2015-04-15 22:50 - 2014-03-21 10:02 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-15 22:49 - 2014-03-16 08:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2014-06-20 20:41 - 2014-06-21 07:35 - 0087608 _____ () C:\Users\trestidlo\AppData\Roaming\inst.exe
2014-06-20 20:41 - 2014-06-21 07:35 - 0007887 _____ () C:\Users\trestidlo\AppData\Roaming\pcouffin.cat
2014-06-20 20:41 - 2014-06-21 07:35 - 0001144 _____ () C:\Users\trestidlo\AppData\Roaming\pcouffin.inf
2014-06-20 20:41 - 2014-06-21 07:37 - 0000034 _____ () C:\Users\trestidlo\AppData\Roaming\pcouffin.log
2014-06-20 20:41 - 2014-06-21 07:35 - 0047360 _____ (VSO Software) C:\Users\trestidlo\AppData\Roaming\pcouffin.sys
2014-06-21 07:37 - 2014-06-21 08:18 - 0001057 _____ () C:\Users\trestidlo\AppData\Roaming\vso_ts_preview.xml
2014-03-15 18:12 - 2014-03-15 18:12 - 0000000 _____ () C:\Users\trestidlo\AppData\Local\AtStart.txt
2015-02-14 19:53 - 2015-02-14 19:54 - 0005120 _____ () C:\Users\trestidlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-15 18:12 - 2014-03-15 18:12 - 0000000 _____ () C:\Users\trestidlo\AppData\Local\DSwitch.txt
2014-03-15 18:12 - 2014-03-15 18:12 - 0000000 _____ () C:\Users\trestidlo\AppData\Local\QSwitch.txt
2015-01-03 17:18 - 2015-01-03 17:18 - 0013304 _____ () C:\Users\trestidlo\AppData\Local\recently-used.xbel
2014-04-18 04:15 - 2015-03-16 22:04 - 0007600 _____ () C:\Users\trestidlo\AppData\Local\Resmon.ResmonCfg
2014-03-22 09:33 - 2014-03-22 09:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-16 13:48 - 2014-03-16 13:48 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\HPCeeScheduleFortrestidlo.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:1656EE95
AlternateDataStreams: C:\ProgramData\TEMP:268A5068
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40
AlternateDataStreams: C:\ProgramData\TEMP:7C5E403A
AlternateDataStreams: C:\ProgramData\TEMP:A8369371
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
==================== Security Center ==================
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\trestidlo\Desktop" je 611 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
- Přílohy
-
- Addition.zip
- (12.28 KiB) Staženo 32 x
Re: Nevyzadane otvirani stranek ve Firefox
Otestujte na virustotal.com C:\Program Files\GetPrivate\gpup.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy. Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC. Doporucuji hlavne velke soubory a slozky premistit napr. do Dokumentu a na plochu umistit pouze zastupce. Mate aktivni 2 antivirove i antispywarove stity. Jeden z nich odinstalujte. AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\MountPoints2: {1f5b183b-ac5a-11e3-a9a8-68b599efd76a} - "D:\WD SmartWare.exe" autoplay=true SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Extension: ffChromeHelper - C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} [2015-04-21] FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} [2015-04-21] R3 ALSysIO; \??\C:\Users\TRESTI~1\AppData\Local\Temp\ALSysIO.sys [X] S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X] 2015-04-30 13:07 - 2015-04-30 12:44 - 00112640 _____ (forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe 2015-04-30 12:06 - 2015-04-30 02:31 - 02224640 _____ () C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe 2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\rsit 2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\trend micro 2015-04-30 12:09 - 2014-12-05 18:41 - 00000000 ____D () C:\AdwCleaner AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7 AlternateDataStreams: C:\ProgramData\TEMP:1656EE95 AlternateDataStreams: C:\ProgramData\TEMP:268A5068 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8 AlternateDataStreams: C:\ProgramData\TEMP:61C6B926 AlternateDataStreams: C:\ProgramData\TEMP:6301CE40 AlternateDataStreams: C:\ProgramData\TEMP:7C5E403A AlternateDataStreams: C:\ProgramData\TEMP:A8369371 AlternateDataStreams: C:\ProgramData\TEMP:F2327E82 AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9 Task: {7B41D77E-4353-415E-8C42-B6AD37FCFD33} - System32\Tasks\{6CDC39AC-D64A-48B9-9969-E29311C8D781} => pcalua.exe -a "C:\Osobni\Downloads new\vcredist_x86.EXE" -d "C:\Osobni\Downloads new" EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Nevyzadane otvirani stranek ve Firefox
File "C:\Program Files\GetPrivate\gpup.exe" jiz v pocitaci neni. Ted v kontextu si vybavuji, ze GetPrivate byl nalezen a odstrane programem AdAware.
Dekuji moc za tip s plochou. To je velmi zajimava informace. Plochu jsem promazala, vytvorila zastupce a nyni je podstatne mensi.
Velikost slozky "C:\Users\trestidlo\Desktop" je 3 MB.
Antivirove a antispywarove stity: Pisete ze mam jeden odinstalovat. Microsoft Security Essentials si chci nechat zapnuty a AdAware pouzivam k obcasne kontrole spywaru. Staci prosim u AdAware pouze vypnout "Real time protection". Ted to vypada takto:
==================== Security Center ==================
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
Na dalsich ukolech jeste zapracuji, prosim o trpelivost.
Dekuji moc za tip s plochou. To je velmi zajimava informace. Plochu jsem promazala, vytvorila zastupce a nyni je podstatne mensi.
Velikost slozky "C:\Users\trestidlo\Desktop" je 3 MB.
Antivirove a antispywarove stity: Pisete ze mam jeden odinstalovat. Microsoft Security Essentials si chci nechat zapnuty a AdAware pouzivam k obcasne kontrole spywaru. Staci prosim u AdAware pouze vypnout "Real time protection". Ted to vypada takto:
==================== Security Center ==================
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
Na dalsich ukolech jeste zapracuji, prosim o trpelivost.
Re: Nevyzadane otvirani stranek ve Firefox
Spustila jsem ten FRST s Fixlistem a program se zda, ze se zastavil na "c:\Users\trestidlo\AppData\Local\Mozilla\Firefox\Profiles\"
Pak uz se nic nedelo. Presto jsem tedy rucne restartovala pocitac a kopiruji zde obsah Fixlog souboru, ktery byl vytvoren. Mozna bude nekompletni.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by trestidlo at 2015-04-30 19:14:12 Run:1
Running from C:\Users\trestidlo\Desktop
Loaded Profiles: trestidlo (Available profiles: trestidlo & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\MountPoints2: {1f5b183b-ac5a-11e3-a9a8-68b599efd76a} - "D:\WD SmartWare.exe" autoplay=true
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: ffChromeHelper - C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} [2015-04-21]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} [2015-04-21]
R3 ALSysIO; \??\C:\Users\TRESTI~1\AppData\Local\Temp\ALSysIO.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
2015-04-30 13:07 - 2015-04-30 12:44 - 00112640 _____ (forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe
2015-04-30 12:06 - 2015-04-30 02:31 - 02224640 _____ () C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\rsit
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\trend micro
2015-04-30 12:09 - 2014-12-05 18:41 - 00000000 ____D () C:\AdwCleaner
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:1656EE95
AlternateDataStreams: C:\ProgramData\TEMP:268A5068
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40
AlternateDataStreams: C:\ProgramData\TEMP:7C5E403A
AlternateDataStreams: C:\ProgramData\TEMP:A8369371
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
Task: {7B41D77E-4353-415E-8C42-B6AD37FCFD33} - System32\Tasks\{6CDC39AC-D64A-48B9-9969-E29311C8D781} => pcalua.exe -a "C:\Osobni\Downloads new\vcredist_x86.EXE" -d "C:\Osobni\Downloads new"
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid => value deleted successfully.
"HKU\S-1-5-21-4043883491-1030385743-105615961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f5b183b-ac5a-11e3-a9a8-68b599efd76a}" => Key deleted successfully.
HKCR\CLSID\{1f5b183b-ac5a-11e3-a9a8-68b599efd76a} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4043883491-1030385743-105615961-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} => Moved successfully.
C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} => Moved successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
dsNcAdpt => Service deleted successfully.
C:\Users\trestidlo\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe" => File/Directory not found.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\ProgramData\TEMP => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\TEMP => ":1656EE95" ADS removed successfully.
C:\ProgramData\TEMP => ":268A5068" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":5ED747B8" ADS removed successfully.
C:\ProgramData\TEMP => ":61C6B926" ADS removed successfully.
C:\ProgramData\TEMP => ":6301CE40" ADS removed successfully.
C:\ProgramData\TEMP => ":7C5E403A" ADS removed successfully.
C:\ProgramData\TEMP => ":A8369371" ADS removed successfully.
C:\ProgramData\TEMP => ":F2327E82" ADS removed successfully.
C:\ProgramData\TEMP => ":FEE00EB9" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B41D77E-4353-415E-8C42-B6AD37FCFD33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B41D77E-4353-415E-8C42-B6AD37FCFD33}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6CDC39AC-D64A-48B9-9969-E29311C8D781} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CDC39AC-D64A-48B9-9969-E29311C8D781}" => Key deleted successfully.
Pak uz se nic nedelo. Presto jsem tedy rucne restartovala pocitac a kopiruji zde obsah Fixlog souboru, ktery byl vytvoren. Mozna bude nekompletni.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by trestidlo at 2015-04-30 19:14:12 Run:1
Running from C:\Users\trestidlo\Desktop
Loaded Profiles: trestidlo (Available profiles: trestidlo & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\...\MountPoints2: {1f5b183b-ac5a-11e3-a9a8-68b599efd76a} - "D:\WD SmartWare.exe" autoplay=true
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-4043883491-1030385743-105615961-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: ffChromeHelper - C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} [2015-04-21]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} [2015-04-21]
R3 ALSysIO; \??\C:\Users\TRESTI~1\AppData\Local\Temp\ALSysIO.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
2015-04-30 13:07 - 2015-04-30 12:44 - 00112640 _____ (forum.viry.cz) C:\Users\trestidlo\Desktop\FRSTLauncher.exe
2015-04-30 12:06 - 2015-04-30 02:31 - 02224640 _____ () C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\rsit
2015-04-30 02:37 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\trend micro
2015-04-30 12:09 - 2014-12-05 18:41 - 00000000 ____D () C:\AdwCleaner
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:1656EE95
AlternateDataStreams: C:\ProgramData\TEMP:268A5068
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40
AlternateDataStreams: C:\ProgramData\TEMP:7C5E403A
AlternateDataStreams: C:\ProgramData\TEMP:A8369371
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
Task: {7B41D77E-4353-415E-8C42-B6AD37FCFD33} - System32\Tasks\{6CDC39AC-D64A-48B9-9969-E29311C8D781} => pcalua.exe -a "C:\Osobni\Downloads new\vcredist_x86.EXE" -d "C:\Osobni\Downloads new"
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid => value deleted successfully.
"HKU\S-1-5-21-4043883491-1030385743-105615961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f5b183b-ac5a-11e3-a9a8-68b599efd76a}" => Key deleted successfully.
HKCR\CLSID\{1f5b183b-ac5a-11e3-a9a8-68b599efd76a} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-4043883491-1030385743-105615961-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4043883491-1030385743-105615961-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files\Mozilla Firefox\distribution\bundles\{53FB13BA4E64E9DDC501316FE8EC56E9} => Moved successfully.
C:\Program Files\Mozilla Firefox\distribution\bundles\{CB8C76C1CFAC918A2BADA3D6136DD7F9} => Moved successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
dsNcAdpt => Service deleted successfully.
C:\Users\trestidlo\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\trestidlo\Desktop\adwcleaner_4.202.exe" => File/Directory not found.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\ProgramData\TEMP => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\TEMP => ":1656EE95" ADS removed successfully.
C:\ProgramData\TEMP => ":268A5068" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":5ED747B8" ADS removed successfully.
C:\ProgramData\TEMP => ":61C6B926" ADS removed successfully.
C:\ProgramData\TEMP => ":6301CE40" ADS removed successfully.
C:\ProgramData\TEMP => ":7C5E403A" ADS removed successfully.
C:\ProgramData\TEMP => ":A8369371" ADS removed successfully.
C:\ProgramData\TEMP => ":F2327E82" ADS removed successfully.
C:\ProgramData\TEMP => ":FEE00EB9" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B41D77E-4353-415E-8C42-B6AD37FCFD33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B41D77E-4353-415E-8C42-B6AD37FCFD33}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6CDC39AC-D64A-48B9-9969-E29311C8D781} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CDC39AC-D64A-48B9-9969-E29311C8D781}" => Key deleted successfully.
Re: Nevyzadane otvirani stranek ve Firefox
Ano, takhle to stacitrestidlo píše:Staci prosim u AdAware pouze vypnout "Real time protection"
Nevyzadane stranky se stale otviraji? Zopakujte stejny krok s fixlistem (stejny skript) znovu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Nevyzadane otvirani stranek ve Firefox
Momentalne se nevyzadane stranky neotviraji, ale i drive to bylo spise nahodne.
Abych mohla rict finalni slovo, tak to musim tak dva dny zkouset.
Dekuji moc
Mate ty napovedy moc pekne zpracovane, clovek se v tom dobre orientuje a i Vy odvadite skvelou praci a velmi rychle reagujete.
Dekuji
Abych mohla rict finalni slovo, tak to musim tak dva dny zkouset.
Dekuji moc
Mate ty napovedy moc pekne zpracovane, clovek se v tom dobre orientuje a i Vy odvadite skvelou praci a velmi rychle reagujete.
Dekuji
Re: Nevyzadane otvirani stranek ve Firefox
Jasne, urcite to poradne otestujte.
Postupy se snazime zpracovavat, aby byly co nejsrozumitelnejsi, protoze nikdy nevime, zda za PC sedi slecna, ktera na PC umi jen zapnout facebook, babicka nebo naopak nekdo zkusenejsi. Je to krasny konicek, ktery je odmenen jeste krasnejsim pocitem. Dekuji za uznani
Postupy se snazime zpracovavat, aby byly co nejsrozumitelnejsi, protoze nikdy nevime, zda za PC sedi slecna, ktera na PC umi jen zapnout facebook, babicka nebo naopak nekdo zkusenejsi. Je to krasny konicek, ktery je odmenen jeste krasnejsim pocitem. Dekuji za uznani
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?