Ahoj,
po 1 roku potřebuji zase používat ntb, ale jelikož jsem ho používal v mých 11-13 letech, tak jsem do něj jistojistě natahal spousty věcí. Počítač je abnormálně pomalý. Přikládám FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by VHomuta (administrator) on VHOMUTA-NTB on 01-07-2015 14:43:09
Running from C:\Users\VHomuta\Desktop
Loaded Profiles: VHomuta (Available Profiles: VHomuta)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Windows\System32\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\QueryAppBlock.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\VHomuta\Downloads\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\...\Run: [Syncables] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [530736 2010-05-18] (Hewlett-Packard)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-12-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=116987 ... 52af7299ee
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> DefaultScope {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> DefaultScope {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... 52af7299ee
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 228BD97CB9
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-06-10] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-19] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{10415656-794D-4FCA-ACAD-2391FA1E13D4}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default
FF NewTab: hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=NT_ss&mntrId=d2f41abe000000000000cc52af7299ee
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=HP_ss&mntrId=d2f41abe000000000000cc52af7299ee
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default\searchplugins\askcom.xml [2012-10-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-11-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-15]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-08-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-01]
CHR Extension: (Google Search) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-01]
CHR Extension: (Note Board) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\goficmpcgcnombioohjcgdhbaloknabb [2013-02-24]
CHR Extension: (Voice Search) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2013-03-13]
CHR Extension: (Google Wallet) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-06-10] (DigitalPersona, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed]
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-06-19] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-07-13] (IDT, Inc.)
R2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-03] (ArcSoft, Inc.)
S3 BRCMDECO; C:\windows\System32\DRIVERS\BRCMHD32.sys [116224 2010-06-22] (Broadcom Corporation)
R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [294952 2010-06-10] (Broadcom Corporation.)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2010-05-21] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2010-02-02] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
S3 Synnetdrv; system32\DRIVERS\Synnetdrv.sys [X]
S3 SynnetdrvMP; system32\DRIVERS\Synnetdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 14:43 - 2015-07-01 14:44 - 00017494 _____ C:\Users\VHomuta\Desktop\FRST.txt
2015-07-01 14:41 - 2015-07-01 14:43 - 00000000 ____D C:\FRST
2015-07-01 14:41 - 2015-07-01 14:41 - 00112640 _____ (forum.viry.cz) C:\Users\VHomuta\Downloads\FRSTLauncher.exe
2015-07-01 14:38 - 2015-07-01 14:38 - 01636352 _____ (Farbar) C:\Users\VHomuta\Desktop\FRST.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 14:42 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:42 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:37 - 2012-11-01 20:34 - 00000940 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 14:37 - 2012-07-22 19:02 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-07-01 14:37 - 2012-07-22 19:02 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 14:37 - 2012-07-22 19:02 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 14:35 - 2013-01-23 12:18 - 00000000 ___RD C:\Users\VHomuta\Desktop\Blbosti
2015-07-01 14:34 - 2012-03-16 15:13 - 00000000 ___RD C:\Users\VHomuta\Desktop\Vojta
2015-07-01 14:28 - 2012-03-15 17:23 - 01355382 _____ C:\windows\WindowsUpdate.log
2015-07-01 14:25 - 2012-07-25 14:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-07-01 14:25 - 2012-03-15 17:30 - 00099528 _____ C:\Users\VHomuta\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-01 14:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-07-01 14:23 - 2013-09-13 15:02 - 00000000 ____D C:\Users\VHomuta\AppData\Local\Unity
2015-07-01 14:23 - 2013-01-17 19:19 - 00000000 ____D C:\Program Files\VideoLAN
2015-07-01 14:18 - 2012-03-13 05:53 - 00000000 ____D C:\ProgramData\SMART Technologies
2015-07-01 14:07 - 2012-03-16 16:16 - 00000000 ___RD C:\Program Files\Skype
2015-07-01 14:07 - 2011-12-10 12:00 - 00000000 ____D C:\ProgramData\Skype
2015-07-01 14:06 - 2013-05-30 18:30 - 00000000 __SHD C:\windows\system32\AI_RecycleBin
2015-07-01 13:52 - 2010-08-31 21:00 - 00006264 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 13:49 - 2012-07-20 10:57 - 00000000 ___RD C:\Users\VHomuta\Desktop\Filmy
2015-07-01 13:46 - 2010-08-31 21:23 - 00000000 ____D C:\ProgramData\HPQLOG
2015-07-01 13:45 - 2012-11-01 20:34 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 13:45 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-01 13:45 - 2009-07-14 06:39 - 00148144 _____ C:\windows\setupact.log
2015-06-30 21:54 - 2013-07-30 23:43 - 00000000 ____D C:\windows\system32\MRT
2015-06-30 21:04 - 2010-08-31 21:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 22:16 - 2012-05-01 21:03 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-19 22:16 - 2012-03-06 23:43 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-19 22:15 - 2012-03-06 23:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-19 22:14 - 2010-08-31 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-06 00:08 - 2009-07-14 06:33 - 00405752 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-06 00:05 - 2015-01-15 21:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-06 00:05 - 2014-05-11 12:00 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-06 00:05 - 2009-07-14 04:37 - 00000000 ____D C:\windows\tracing
==================== Files in the root of some directories =======
2012-11-05 21:45 - 2012-11-05 21:45 - 0003584 _____ () C:\Users\VHomuta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-02 18:04 - 2013-12-06 20:30 - 0007605 _____ () C:\Users\VHomuta\AppData\Local\resmon.resmoncfg
2012-03-16 16:03 - 2014-09-04 19:16 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\VHomuta\AppData\Local\Temp\UniCD9A.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\VHomuta\Desktop" je 109139 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot
C:\Program Files\Dexpot\dexpot.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES
C:\windows\system32\StikyNot.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Sync Helper Service
"C:\Program Files\SMART Technologies\Sync Student\SyncClient.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^VHomuta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by VHomuta (administrator) on VHOMUTA-NTB on 01-07-2015 14:53:15
Running from C:\Users\VHomuta\Desktop
Loaded Profiles: VHomuta (Available Profiles: VHomuta)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Windows\System32\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(forum.viry.cz) C:\Users\VHomuta\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\...\Run: [Syncables] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [530736 2010-05-18] (Hewlett-Packard)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-12-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=116987 ... 52af7299ee
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> DefaultScope {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> DefaultScope {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... 52af7299ee
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 228BD97CB9
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-06-10] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-19] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{10415656-794D-4FCA-ACAD-2391FA1E13D4}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default
FF NewTab: hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=NT_ss&mntrId=d2f41abe000000000000cc52af7299ee
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=HP_ss&mntrId=d2f41abe000000000000cc52af7299ee
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default\searchplugins\askcom.xml [2012-10-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-11-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-15]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-08-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-01]
CHR Extension: (Google Search) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-01]
CHR Extension: (Note Board) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\goficmpcgcnombioohjcgdhbaloknabb [2013-02-24]
CHR Extension: (Voice Search) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2013-03-13]
CHR Extension: (Google Wallet) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-06-10] (DigitalPersona, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed]
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-06-19] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-07-13] (IDT, Inc.)
R2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-03] (ArcSoft, Inc.)
S3 BRCMDECO; C:\windows\System32\DRIVERS\BRCMHD32.sys [116224 2010-06-22] (Broadcom Corporation)
R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [294952 2010-06-10] (Broadcom Corporation.)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2010-05-21] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2010-02-02] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
S3 Synnetdrv; system32\DRIVERS\Synnetdrv.sys [X]
S3 SynnetdrvMP; system32\DRIVERS\Synnetdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 14:53 - 2015-07-01 14:54 - 00017430 _____ C:\Users\VHomuta\Desktop\FRST.txt
2015-07-01 14:46 - 2015-07-01 14:46 - 00026198 _____ C:\Users\VHomuta\Desktop\FRST3.txt
2015-07-01 14:41 - 2015-07-01 14:53 - 00000000 ____D C:\FRST
2015-07-01 14:41 - 2015-07-01 14:41 - 00112640 _____ (forum.viry.cz) C:\Users\VHomuta\Desktop\FRSTLauncher.exe
2015-07-01 14:38 - 2015-07-01 14:38 - 01636352 _____ (Farbar) C:\Users\VHomuta\Desktop\FRST.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 14:52 - 2012-03-15 17:23 - 01534277 _____ C:\windows\WindowsUpdate.log
2015-07-01 14:42 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:42 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:37 - 2012-11-01 20:34 - 00000940 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 14:37 - 2012-07-22 19:02 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-07-01 14:37 - 2012-07-22 19:02 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 14:37 - 2012-07-22 19:02 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 14:35 - 2013-01-23 12:18 - 00000000 ___RD C:\Users\VHomuta\Desktop\Blbosti
2015-07-01 14:34 - 2012-03-16 15:13 - 00000000 ___RD C:\Users\VHomuta\Desktop\Vojta
2015-07-01 14:25 - 2012-07-25 14:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-07-01 14:25 - 2012-03-15 17:30 - 00099528 _____ C:\Users\VHomuta\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-01 14:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-07-01 14:23 - 2013-09-13 15:02 - 00000000 ____D C:\Users\VHomuta\AppData\Local\Unity
2015-07-01 14:23 - 2013-01-17 19:19 - 00000000 ____D C:\Program Files\VideoLAN
2015-07-01 14:18 - 2012-03-13 05:53 - 00000000 ____D C:\ProgramData\SMART Technologies
2015-07-01 14:07 - 2012-03-16 16:16 - 00000000 ___RD C:\Program Files\Skype
2015-07-01 14:07 - 2011-12-10 12:00 - 00000000 ____D C:\ProgramData\Skype
2015-07-01 14:06 - 2013-05-30 18:30 - 00000000 __SHD C:\windows\system32\AI_RecycleBin
2015-07-01 13:52 - 2010-08-31 21:00 - 00006264 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 13:49 - 2012-07-20 10:57 - 00000000 ___RD C:\Users\VHomuta\Desktop\Filmy
2015-07-01 13:46 - 2010-08-31 21:23 - 00000000 ____D C:\ProgramData\HPQLOG
2015-07-01 13:45 - 2012-11-01 20:34 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 13:45 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-01 13:45 - 2009-07-14 06:39 - 00148144 _____ C:\windows\setupact.log
2015-06-30 21:54 - 2013-07-30 23:43 - 00000000 ____D C:\windows\system32\MRT
2015-06-30 21:04 - 2010-08-31 21:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 22:16 - 2012-05-01 21:03 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-19 22:16 - 2012-03-06 23:43 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-19 22:15 - 2012-03-06 23:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-19 22:14 - 2010-08-31 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-06 00:08 - 2009-07-14 06:33 - 00405752 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-06 00:05 - 2015-01-15 21:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-06 00:05 - 2014-05-11 12:00 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-06 00:05 - 2009-07-14 04:37 - 00000000 ____D C:\windows\tracing
==================== Files in the root of some directories =======
2012-11-05 21:45 - 2012-11-05 21:45 - 0003584 _____ () C:\Users\VHomuta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-02 18:04 - 2013-12-06 20:30 - 0007605 _____ () C:\Users\VHomuta\AppData\Local\resmon.resmoncfg
2012-03-16 16:03 - 2014-09-04 19:16 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\VHomuta\AppData\Local\Temp\UniCD9A.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\VHomuta\Desktop" je 109139 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot
C:\Program Files\Dexpot\dexpot.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES
C:\windows\system32\StikyNot.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Sync Helper Service
"C:\Program Files\SMART Technologies\Sync Student\SyncClient.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^VHomuta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyčištění ntb
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119676
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyčištění ntb
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyčištění ntb
Přikládám log z ADWCleaneru.
# AdwCleaner v4.207 - Log vytvořen 01/07/2015 v 17:36:04
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-29.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x86)
# Uživatelské jméno : VHomuta - VHOMUTA-NTB
# Spuštěno z : C:\Users\VHomuta\Downloads\AdwCleaner.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\Ask
Složka Smazáno : C:\ProgramData\Babylon
Složka Smazáno : C:\Users\VHomuta\AppData\Local\Temp\apn
Složka Smazáno : C:\Users\VHomuta\AppData\Roaming\Babylon
Složka Smazáno : C:\Users\VHomuta\AppData\Roaming\OpenCandy
Soubor Smazáno : C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default\searchplugins\Askcom.xml
Soubor Smazáno : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.babylon.com_0.localstorage
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.babylon.com_0.localstorage-journal
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.babylon.com_0.localstorage-journal
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Klíč Smazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Klíč Smazáno : HKCU\Software\Softonic
Klíč Smazáno : HKLM\SOFTWARE\Babylon
Klíč Smazáno : HKLM\SOFTWARE\DeviceVM
Klíč Smazáno : HKLM\SOFTWARE\Speedchecker Limited
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.babylon.com
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17631
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=NT_ss&mntrId=d2f41abe000000000000cc52af7299ee");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultengine", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultenginename", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.order.1", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=HP_ss&mntrId=d2f41abe000000000000cc52af7299ee");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("extensions.BabylonToolbar_i.newTab", true);
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=NT_ss&mntrId=d2f41abe000000000000cc52af7299ee");
-\\ Google Chrome v43.0.2357.130
[C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] :
[C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : 014E0C86BBEBFC42E8B85E4A442ABE80F9FEF5C717D095B6B3B89473A78AEB26"},"software_reporter":{"prompt_reason":"ED2AF9E2076FAE9CE35C881757C246F18DAE7C99FE4C04128FF4926F107AAB59","prompt_seed":"732B88773DC8BE120D01F68C78A97C352300CEC28920132CA5657764DCBF7793","prompt_version":"88BE14EF914A370A6F68B93FDF6A5DE95CCF3F865D4B01B15F275ABC4518BB88"},"sync":{"remaining_rollback_tries":"5EFAE8D97508A476F0A3FC5D769983DA55602495750F166D3425DB06D6F84245"}},"super_mac":"43B166B489408F129CE451F29B64DB26E732276B0B71270A58450557D0C8CEBD"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=HP_ss&mntrId=d2f41abe000000000000cc52af7299ee
*************************
AdwCleaner[R0].txt - [9490 bytů] - [01/07/2015 17:33:06]
AdwCleaner[S0].txt - [4977 bytů] - [01/07/2015 17:36:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5035 bytů] ##########
# AdwCleaner v4.207 - Log vytvořen 01/07/2015 v 17:36:04
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-29.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x86)
# Uživatelské jméno : VHomuta - VHOMUTA-NTB
# Spuštěno z : C:\Users\VHomuta\Downloads\AdwCleaner.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\Ask
Složka Smazáno : C:\ProgramData\Babylon
Složka Smazáno : C:\Users\VHomuta\AppData\Local\Temp\apn
Složka Smazáno : C:\Users\VHomuta\AppData\Roaming\Babylon
Složka Smazáno : C:\Users\VHomuta\AppData\Roaming\OpenCandy
Soubor Smazáno : C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default\searchplugins\Askcom.xml
Soubor Smazáno : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.babylon.com_0.localstorage
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.babylon.com_0.localstorage-journal
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
Soubor Smazáno : C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.babylon.com_0.localstorage-journal
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Klíč Smazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Klíč Smazáno : HKCU\Software\Softonic
Klíč Smazáno : HKLM\SOFTWARE\Babylon
Klíč Smazáno : HKLM\SOFTWARE\DeviceVM
Klíč Smazáno : HKLM\SOFTWARE\Speedchecker Limited
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.babylon.com
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17631
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=NT_ss&mntrId=d2f41abe000000000000cc52af7299ee");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultengine", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultenginename", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.order.1", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine", "Ask.com");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=HP_ss&mntrId=d2f41abe000000000000cc52af7299ee");
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("extensions.BabylonToolbar_i.newTab", true);
[r5sfnxbw.default\prefs.js] - Řádek Smazáno : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=NT_ss&mntrId=d2f41abe000000000000cc52af7299ee");
-\\ Google Chrome v43.0.2357.130
[C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] :
[C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : 014E0C86BBEBFC42E8B85E4A442ABE80F9FEF5C717D095B6B3B89473A78AEB26"},"software_reporter":{"prompt_reason":"ED2AF9E2076FAE9CE35C881757C246F18DAE7C99FE4C04128FF4926F107AAB59","prompt_seed":"732B88773DC8BE120D01F68C78A97C352300CEC28920132CA5657764DCBF7793","prompt_version":"88BE14EF914A370A6F68B93FDF6A5DE95CCF3F865D4B01B15F275ABC4518BB88"},"sync":{"remaining_rollback_tries":"5EFAE8D97508A476F0A3FC5D769983DA55602495750F166D3425DB06D6F84245"}},"super_mac":"43B166B489408F129CE451F29B64DB26E732276B0B71270A58450557D0C8CEBD"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://search.babylon.com/?affID=116987&tt=4712_8&babsrc=HP_ss&mntrId=d2f41abe000000000000cc52af7299ee
*************************
AdwCleaner[R0].txt - [9490 bytů] - [01/07/2015 17:33:06]
AdwCleaner[S0].txt - [4977 bytů] - [01/07/2015 17:36:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5035 bytů] ##########
-
Rudy
- Site Admin
- Příspěvky: 119676
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyčištění ntb
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyčištění ntb
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by VHomuta (administrator) on VHOMUTA-NTB on 01-07-2015 23:19:36
Running from C:\Users\VHomuta\Desktop
Loaded Profiles: VHomuta (Available Profiles: VHomuta)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Windows\System32\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\VHomuta\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\...\Run: [Syncables] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [530736 2010-05-18] (Hewlett-Packard)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-12-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-06-10] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-19] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{10415656-794D-4FCA-ACAD-2391FA1E13D4}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-15]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-08-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-01]
CHR Extension: (Google Wallet) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-06-10] (DigitalPersona, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed]
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-06-19] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-07-13] (IDT, Inc.)
R2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-03] (ArcSoft, Inc.)
S3 BRCMDECO; C:\windows\System32\DRIVERS\BRCMHD32.sys [116224 2010-06-22] (Broadcom Corporation)
R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [294952 2010-06-10] (Broadcom Corporation.)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2010-05-21] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2010-02-02] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
S3 Synnetdrv; system32\DRIVERS\Synnetdrv.sys [X]
S3 SynnetdrvMP; system32\DRIVERS\Synnetdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 17:32 - 2015-07-01 17:36 - 00000000 ____D C:\AdwCleaner
2015-07-01 17:30 - 2015-07-01 17:30 - 02244096 _____ C:\Users\VHomuta\Downloads\AdwCleaner.exe
2015-07-01 14:53 - 2015-07-01 23:22 - 00014947 _____ C:\Users\VHomuta\Desktop\FRST.txt
2015-07-01 14:41 - 2015-07-01 23:19 - 00000000 ____D C:\FRST
2015-07-01 14:41 - 2015-07-01 14:41 - 00112640 _____ (forum.viry.cz) C:\Users\VHomuta\Desktop\FRSTLauncher.exe
2015-07-01 14:38 - 2015-07-01 14:38 - 01636352 _____ (Farbar) C:\Users\VHomuta\Desktop\FRST.exe
2015-07-01 14:26 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-01 14:18 - 2015-01-09 01:44 - 00419936 _____ C:\windows\system32\locale.nls
2015-06-30 21:37 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-30 21:37 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-30 21:37 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-30 21:37 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-06-30 21:37 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-06-30 21:37 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-06-30 21:37 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-06-30 21:37 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-06-30 21:37 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-06-30 21:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-06-30 21:30 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-06-30 21:30 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-30 21:30 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-30 21:30 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-30 21:30 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-30 21:30 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-30 21:30 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-30 21:30 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-30 21:30 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-30 21:30 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-30 21:30 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-30 21:30 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-06-30 21:28 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-06-30 21:28 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-06-30 21:28 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-30 21:27 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-06-30 21:26 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-06-30 21:26 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-06-30 21:26 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-06-30 21:26 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-06-30 21:26 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-06-30 21:25 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-06-30 21:25 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-06-30 21:25 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-06-30 21:24 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-30 21:24 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-30 21:24 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-30 21:24 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-30 21:24 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-30 21:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-30 21:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-30 21:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-30 21:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-30 21:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-30 21:24 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-06-30 21:24 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-06-30 21:24 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-06-30 21:24 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-06-30 21:24 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-06-30 21:24 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-06-30 21:22 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-06-30 21:22 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-06-30 21:22 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-06-30 21:22 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-06-30 21:22 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-06-30 21:22 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-06-30 21:22 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-06-30 21:22 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-06-30 21:21 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-06-30 21:21 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-06-30 21:21 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-06-30 21:21 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-06-30 21:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 23:20 - 2010-08-31 21:00 - 00006264 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 23:19 - 2012-11-01 20:34 - 00000940 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 23:19 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-07-01 23:18 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 23:18 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 23:17 - 2012-07-22 19:02 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 23:17 - 2012-03-15 17:23 - 01638233 _____ C:\windows\WindowsUpdate.log
2015-07-01 17:42 - 2010-08-31 21:23 - 00000000 ____D C:\ProgramData\HPQLOG
2015-07-01 17:41 - 2012-11-01 20:36 - 00002201 _____ C:\Users\VHomuta\Desktop\Google Chrome.lnk
2015-07-01 17:41 - 2012-11-01 20:34 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 17:40 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-01 17:40 - 2009-07-14 06:39 - 00148200 _____ C:\windows\setupact.log
2015-07-01 17:40 - 2009-07-14 06:33 - 00405720 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-01 17:39 - 2010-08-31 22:31 - 00071140 _____ C:\windows\PFRO.log
2015-07-01 17:37 - 2015-01-15 21:12 - 00000000 ____D C:\windows\system32\appraiser
2015-07-01 17:37 - 2014-05-11 12:00 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-01 17:36 - 2010-04-25 22:36 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-01 14:37 - 2012-07-22 19:02 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-07-01 14:37 - 2012-07-22 19:02 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 14:35 - 2013-01-23 12:18 - 00000000 ___RD C:\Users\VHomuta\Desktop\Blbosti
2015-07-01 14:34 - 2012-03-16 15:13 - 00000000 ___RD C:\Users\VHomuta\Desktop\Vojta
2015-07-01 14:25 - 2012-07-25 14:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-07-01 14:25 - 2012-03-15 17:30 - 00099528 _____ C:\Users\VHomuta\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-01 14:23 - 2013-09-13 15:02 - 00000000 ____D C:\Users\VHomuta\AppData\Local\Unity
2015-07-01 14:23 - 2013-01-17 19:19 - 00000000 ____D C:\Program Files\VideoLAN
2015-07-01 14:18 - 2012-03-13 05:53 - 00000000 ____D C:\ProgramData\SMART Technologies
2015-07-01 14:07 - 2012-03-16 16:16 - 00000000 ___RD C:\Program Files\Skype
2015-07-01 14:07 - 2011-12-10 12:00 - 00000000 ____D C:\ProgramData\Skype
2015-07-01 14:06 - 2013-05-30 18:30 - 00000000 __SHD C:\windows\system32\AI_RecycleBin
2015-07-01 13:49 - 2012-07-20 10:57 - 00000000 ___RD C:\Users\VHomuta\Desktop\Filmy
2015-06-30 21:54 - 2013-07-30 23:43 - 00000000 ____D C:\windows\system32\MRT
2015-06-30 21:04 - 2010-08-31 21:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 22:16 - 2012-05-01 21:03 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-19 22:16 - 2012-03-06 23:43 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-19 22:15 - 2012-03-06 23:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-19 22:14 - 2010-08-31 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-06 00:05 - 2009-07-14 04:37 - 00000000 ____D C:\windows\tracing
==================== Files in the root of some directories =======
2012-11-05 21:45 - 2012-11-05 21:45 - 0003584 _____ () C:\Users\VHomuta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-02 18:04 - 2013-12-06 20:30 - 0007605 _____ () C:\Users\VHomuta\AppData\Local\resmon.resmoncfg
2012-03-16 16:03 - 2014-09-04 19:16 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\VHomuta\AppData\Local\Temp\Quarantine.exe
C:\Users\VHomuta\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\VHomuta\Desktop" je 109139 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot
C:\Program Files\Dexpot\dexpot.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES
C:\windows\system32\StikyNot.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Sync Helper Service
"C:\Program Files\SMART Technologies\Sync Student\SyncClient.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^VHomuta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by VHomuta (administrator) on VHOMUTA-NTB on 01-07-2015 23:19:36
Running from C:\Users\VHomuta\Desktop
Loaded Profiles: VHomuta (Available Profiles: VHomuta)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Windows\System32\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\VHomuta\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\...\Run: [Syncables] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [530736 2010-05-18] (Hewlett-Packard)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-12-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-06-10] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-19] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{10415656-794D-4FCA-ACAD-2391FA1E13D4}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\VHomuta\AppData\Roaming\Mozilla\Firefox\Profiles\r5sfnxbw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-15]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-08-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-01]
CHR Extension: (Google Wallet) - C:\Users\VHomuta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-06-10] (DigitalPersona, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed]
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-06-19] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-07-13] (IDT, Inc.)
R2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-03] (ArcSoft, Inc.)
S3 BRCMDECO; C:\windows\System32\DRIVERS\BRCMHD32.sys [116224 2010-06-22] (Broadcom Corporation)
R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [294952 2010-06-10] (Broadcom Corporation.)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2010-05-21] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2010-02-02] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
S3 Synnetdrv; system32\DRIVERS\Synnetdrv.sys [X]
S3 SynnetdrvMP; system32\DRIVERS\Synnetdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 17:32 - 2015-07-01 17:36 - 00000000 ____D C:\AdwCleaner
2015-07-01 17:30 - 2015-07-01 17:30 - 02244096 _____ C:\Users\VHomuta\Downloads\AdwCleaner.exe
2015-07-01 14:53 - 2015-07-01 23:22 - 00014947 _____ C:\Users\VHomuta\Desktop\FRST.txt
2015-07-01 14:41 - 2015-07-01 23:19 - 00000000 ____D C:\FRST
2015-07-01 14:41 - 2015-07-01 14:41 - 00112640 _____ (forum.viry.cz) C:\Users\VHomuta\Desktop\FRSTLauncher.exe
2015-07-01 14:38 - 2015-07-01 14:38 - 01636352 _____ (Farbar) C:\Users\VHomuta\Desktop\FRST.exe
2015-07-01 14:26 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-01 14:18 - 2015-01-09 01:44 - 00419936 _____ C:\windows\system32\locale.nls
2015-06-30 21:37 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-30 21:37 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-30 21:37 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-30 21:37 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-30 21:37 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-06-30 21:37 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-06-30 21:37 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-06-30 21:37 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-06-30 21:37 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-06-30 21:37 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-06-30 21:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-06-30 21:30 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-06-30 21:30 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-30 21:30 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-30 21:30 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-30 21:30 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-30 21:30 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-30 21:30 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-30 21:30 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-30 21:30 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-30 21:30 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-30 21:30 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-30 21:30 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-30 21:30 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-30 21:30 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-06-30 21:28 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-06-30 21:28 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-06-30 21:28 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-30 21:27 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-06-30 21:26 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-06-30 21:26 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-06-30 21:26 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-06-30 21:26 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-06-30 21:26 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-06-30 21:25 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-06-30 21:25 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-06-30 21:25 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-06-30 21:24 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-30 21:24 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-30 21:24 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-30 21:24 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-30 21:24 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-30 21:24 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-30 21:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-30 21:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-30 21:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-30 21:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-30 21:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-30 21:24 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-06-30 21:24 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-06-30 21:24 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-06-30 21:24 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-06-30 21:24 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-06-30 21:24 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-06-30 21:23 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-06-30 21:22 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-06-30 21:22 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-06-30 21:22 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-06-30 21:22 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-06-30 21:22 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-06-30 21:22 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-06-30 21:22 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-06-30 21:22 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-06-30 21:22 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-06-30 21:21 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-06-30 21:21 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-06-30 21:21 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-06-30 21:21 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-06-30 21:21 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-06-30 21:21 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-06-30 21:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 23:20 - 2010-08-31 21:00 - 00006264 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 23:19 - 2012-11-01 20:34 - 00000940 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 23:19 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-07-01 23:18 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 23:18 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 23:17 - 2012-07-22 19:02 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 23:17 - 2012-03-15 17:23 - 01638233 _____ C:\windows\WindowsUpdate.log
2015-07-01 17:42 - 2010-08-31 21:23 - 00000000 ____D C:\ProgramData\HPQLOG
2015-07-01 17:41 - 2012-11-01 20:36 - 00002201 _____ C:\Users\VHomuta\Desktop\Google Chrome.lnk
2015-07-01 17:41 - 2012-11-01 20:34 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 17:40 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-01 17:40 - 2009-07-14 06:39 - 00148200 _____ C:\windows\setupact.log
2015-07-01 17:40 - 2009-07-14 06:33 - 00405720 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-01 17:39 - 2010-08-31 22:31 - 00071140 _____ C:\windows\PFRO.log
2015-07-01 17:37 - 2015-01-15 21:12 - 00000000 ____D C:\windows\system32\appraiser
2015-07-01 17:37 - 2014-05-11 12:00 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-01 17:36 - 2010-04-25 22:36 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-01 14:37 - 2012-07-22 19:02 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-07-01 14:37 - 2012-07-22 19:02 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 14:35 - 2013-01-23 12:18 - 00000000 ___RD C:\Users\VHomuta\Desktop\Blbosti
2015-07-01 14:34 - 2012-03-16 15:13 - 00000000 ___RD C:\Users\VHomuta\Desktop\Vojta
2015-07-01 14:25 - 2012-07-25 14:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-07-01 14:25 - 2012-03-15 17:30 - 00099528 _____ C:\Users\VHomuta\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-01 14:23 - 2013-09-13 15:02 - 00000000 ____D C:\Users\VHomuta\AppData\Local\Unity
2015-07-01 14:23 - 2013-01-17 19:19 - 00000000 ____D C:\Program Files\VideoLAN
2015-07-01 14:18 - 2012-03-13 05:53 - 00000000 ____D C:\ProgramData\SMART Technologies
2015-07-01 14:07 - 2012-03-16 16:16 - 00000000 ___RD C:\Program Files\Skype
2015-07-01 14:07 - 2011-12-10 12:00 - 00000000 ____D C:\ProgramData\Skype
2015-07-01 14:06 - 2013-05-30 18:30 - 00000000 __SHD C:\windows\system32\AI_RecycleBin
2015-07-01 13:49 - 2012-07-20 10:57 - 00000000 ___RD C:\Users\VHomuta\Desktop\Filmy
2015-06-30 21:54 - 2013-07-30 23:43 - 00000000 ____D C:\windows\system32\MRT
2015-06-30 21:04 - 2010-08-31 21:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 22:16 - 2012-05-01 21:03 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-19 22:16 - 2012-03-06 23:43 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-19 22:15 - 2012-03-06 23:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-19 22:14 - 2010-08-31 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-06 00:05 - 2009-07-14 04:37 - 00000000 ____D C:\windows\tracing
==================== Files in the root of some directories =======
2012-11-05 21:45 - 2012-11-05 21:45 - 0003584 _____ () C:\Users\VHomuta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-02 18:04 - 2013-12-06 20:30 - 0007605 _____ () C:\Users\VHomuta\AppData\Local\resmon.resmoncfg
2012-03-16 16:03 - 2014-09-04 19:16 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\VHomuta\AppData\Local\Temp\Quarantine.exe
C:\Users\VHomuta\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\VHomuta\Desktop" je 109139 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot
C:\Program Files\Dexpot\dexpot.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES
C:\windows\system32\StikyNot.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Sync Helper Service
"C:\Program Files\SMART Technologies\Sync Student\SyncClient.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^VHomuta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119676
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyčištění ntb
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\KGyGaAvL.sys
C:\Users\VHomuta\AppData\Local\Temp
End
Z logu:
To je ohromné množství, které vám zpomaluje start systému. Vytvořte složku v C:\Users\VHomuta, kam data přesuňte a pro snazší přístup dejte na plochu zástupce.Velikost slozky "C:\Users\VHomuta\Desktop" je 109139 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyčištění ntb
Jsem úplně zapomněl, že velikost plochy má být maximálně 30GB(nebo 20?).
Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by VHomuta at 2015-07-02 12:20:09 Run:1
Running from C:\Users\VHomuta\Desktop
Loaded Profiles: VHomuta (Available Profiles: VHomuta)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\KGyGaAvL.sys
C:\Users\VHomuta\AppData\Local\Temp
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{769CF727-168E-4F8A-957B-D952AABFA0CB}" => key removed successfully.
HKCR\CLSID\{769CF727-168E-4F8A-957B-D952AABFA0CB} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3973419330-238577520-3621508487-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{769CF727-168E-4F8A-957B-D952AABFA0CB}" => key removed successfully.
HKCR\CLSID\{769CF727-168E-4F8A-957B-D952AABFA0CB} => key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\ProgramData\KGyGaAvL.sys => moved successfully.
"C:\Users\VHomuta\AppData\Local\Temp" folder move:
Could not move "C:\Users\VHomuta\AppData\Local\Temp" folder => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-02 12:32:31)<=
C:\Users\VHomuta\AppData\Local\Temp => moved successfully
==== End of Fixlog 12:32:32 ====
Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by VHomuta at 2015-07-02 12:20:09 Run:1
Running from C:\Users\VHomuta\Desktop
Loaded Profiles: VHomuta (Available Profiles: VHomuta)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3973419330-238577520-3621508487-1002 -> {769CF727-168E-4F8A-957B-D952AABFA0CB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\KGyGaAvL.sys
C:\Users\VHomuta\AppData\Local\Temp
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-3973419330-238577520-3621508487-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{769CF727-168E-4F8A-957B-D952AABFA0CB}" => key removed successfully.
HKCR\CLSID\{769CF727-168E-4F8A-957B-D952AABFA0CB} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3973419330-238577520-3621508487-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{769CF727-168E-4F8A-957B-D952AABFA0CB}" => key removed successfully.
HKCR\CLSID\{769CF727-168E-4F8A-957B-D952AABFA0CB} => key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\ProgramData\KGyGaAvL.sys => moved successfully.
"C:\Users\VHomuta\AppData\Local\Temp" folder move:
Could not move "C:\Users\VHomuta\AppData\Local\Temp" folder => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-02 12:32:31)<=
C:\Users\VHomuta\AppData\Local\Temp => moved successfully
==== End of Fixlog 12:32:32 ====
-
Rudy
- Site Admin
- Příspěvky: 119676
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyčištění ntb
I 30GB je na některých konfiguracích hodně. Nejlépe je mít na ploše pouze zástupce, příp. nějaké dokumenty. Osobně tam mám hluboko pod 1GB. Jinak vše smazáno.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyčištění ntb
Teď je tam asi 3,3GB, tak to ještě promažu. Díky za pomoc, snad se rychlost zlepší 
-
Rudy
- Site Admin
- Příspěvky: 119676
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyčištění ntb
OK a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?