Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:48:50, on 17. 1. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\VVCap\VVCap.exe
C:\Program Files (x86)\MSI\KLM\KLM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [VVCap] C:\Program Files (x86)\VVCap\VVCap.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Windows\SysWOW64\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - c:\Users\Enryuu\.openvpn\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9530 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím k tonrolu logu mám podezření na vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Je podrobnější, než HJT.
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Je podrobnější, než HJT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
Dobrý den... zde je nový log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Enryuu (administrator) on GARISON on 17-01-2015 21:47:46
Running from C:\Users\Enryuu\Desktop
Loaded Profiles: Enryuu (Available profiles: Enryuu)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(G Central) C:\Program Files (x86)\VVCap\VVCap.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(BitTorrent Inc.) D:\uTorrent\utorrent.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-03] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1566344 2014-04-08] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKU\S-1-5-21-4255434928-1930536331-337215360-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4255434928-1930536331-337215360-1001\...\Run: [VVCap] => C:\Program Files (x86)\VVCap\VVCap.exe [778752 2011-08-11] (G Central)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Dokumenty Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Disk Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (YouTube) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Adblock Plus) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Tampermonkey) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-03]
CHR Extension: (Tabulky Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (AdBlock) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-03]
CHR Extension: (Diablo 3 profile +) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoghbpbhlmmoajjnhienleaanmaagaj [2014-12-03]
CHR Extension: (Peněženka Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 OpenVPNService; c:\Users\Enryuu\.openvpn\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [516608 2013-08-21] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-31] (REALiX(tm))
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-12-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-12-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 21:47 - 2015-01-17 21:48 - 00012949 _____ () C:\Users\Enryuu\Desktop\FRST.txt
2015-01-17 21:46 - 2015-01-17 21:47 - 00000000 ____D () C:\FRST
2015-01-17 21:46 - 2015-01-17 21:44 - 02125824 _____ (Farbar) C:\Users\Enryuu\Desktop\FRST64.exe
2015-01-17 21:03 - 2015-01-17 21:05 - 00000000 ____D () C:\AdwCleaner
2015-01-17 20:59 - 2015-01-17 20:58 - 02186752 _____ () C:\Users\Enryuu\Desktop\adwcleaner_4.108.exe
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 __SHD () C:\Users\Enryuu\AppData\Local\EmieUserList
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 __SHD () C:\Users\Enryuu\AppData\Local\EmieSiteList
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 __SHD () C:\Users\Enryuu\AppData\Local\EmieBrowserModeList
2015-01-13 20:06 - 2015-01-13 20:06 - 00000000 ___SD () C:\Users\Enryuu\Documents\Passwords Database
2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\ESET
2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\ESET
2015-01-13 19:38 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:38 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:38 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 19:38 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 19:38 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 19:38 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 19:38 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:38 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 19:38 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 19:38 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 19:38 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 19:38 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 19:38 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 19:38 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 19:38 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 19:38 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 19:38 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 19:38 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 19:38 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 19:38 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 19:38 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 19:38 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 19:38 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 19:38 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 12:22 - 2015-01-10 12:20 - 00007786 _____ () C:\Users\Enryuu\Desktop\TV-Vse.xspf
2015-01-10 12:14 - 2015-01-10 12:17 - 00000000 ____D () C:\Users\Enryuu\Desktop\TV
2015-01-03 21:41 - 2015-01-03 21:41 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\MPC-HC
2015-01-03 21:40 - 2015-01-03 21:40 - 00000822 _____ () C:\Users\Enryuu\Desktop\MPC-HC.lnk
2015-01-03 21:40 - 2015-01-03 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-01-02 23:21 - 2015-01-02 23:21 - 00000000 ____D () C:\Windows\SysWOW64\bitstreams
2015-01-02 23:21 - 2013-12-10 01:30 - 10236928 ____S () C:\Windows\SysWOW64\acumncugcy.exe
2015-01-02 23:21 - 2013-10-26 21:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00972814 ____S () C:\Windows\SysWOW64\dcgmncugcy.exe
2015-01-02 23:21 - 2013-10-26 21:30 - 00538126 ____S () C:\Windows\SysWOW64\libcurl-4.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00192512 ____S () C:\Windows\SysWOW64\libidn-11.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\Windows\SysWOW64\libssh2.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00133632 ____S () C:\Windows\SysWOW64\librtmp.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00044727 ____S () C:\Windows\SysWOW64\diablo130302.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00043810 ____S () C:\Windows\SysWOW64\poclbm130302.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00030802 ____S () C:\Windows\SysWOW64\diakgcn121016.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00023825 ____S () C:\Windows\SysWOW64\scrypt130511.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00013062 ____S () C:\Windows\SysWOW64\phatk121016.cl
2015-01-02 23:21 - 2013-07-18 17:06 - 00187904 ____S () C:\Windows\SysWOW64\lcpmncugcy.exe
2015-01-02 23:21 - 2013-06-12 16:15 - 00119888 ____S (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadGC2.dll
2015-01-02 23:21 - 2013-06-12 16:15 - 00100864 ____S () C:\Windows\SysWOW64\zlib1.dll
2015-01-02 23:21 - 2012-09-26 00:46 - 00472424 ____S (NVIDIA Corporation) C:\Windows\SysWOW64\cudart32_50_35.dll
2015-01-02 23:21 - 2012-05-27 02:36 - 00055808 ____S (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadVC2.dll
2015-01-02 21:14 - 2011-06-12 21:53 - 00000000 ____D () C:\Users\Enryuu\Desktop\Online - TV VLC 1.1.9.+TV stanice+návod
2015-01-01 13:36 - 2015-01-01 13:36 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-01-01 13:36 - 2015-01-01 13:36 - 00000000 ____D () C:\Windows\system32\NV
2015-01-01 13:34 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-01 13:34 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-31 21:58 - 2014-12-31 21:58 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-31 12:55 - 2014-12-31 14:20 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\wf-launcher
2014-12-31 12:55 - 2014-12-31 14:13 - 00000000 ____D () C:\ProgramData\GFACE
2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\Users\Enryuu\.openvpn
2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-25 10:32 - 2014-12-25 10:32 - 00000000 ____D () C:\Users\Enryuu\Documents\Diablo III
2014-12-25 09:25 - 2014-12-25 09:25 - 00000669 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-12-25 09:25 - 2014-12-25 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-12-21 10:44 - 2015-01-13 20:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-21 10:27 - 2015-01-17 21:06 - 00000776 _____ () C:\Windows\system32\Service_KMS.log
2014-12-20 20:22 - 2014-12-20 20:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-20 20:21 - 2014-12-20 20:30 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-20 20:21 - 2014-12-20 20:30 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-12-20 20:21 - 2014-12-20 20:21 - 00001873 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-12-20 20:21 - 2014-12-20 20:21 - 00001819 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-12-20 20:21 - 2014-12-20 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-12-20 20:20 - 2014-12-20 20:26 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-20 20:20 - 2014-12-20 20:20 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Bluestacks
2014-12-20 20:10 - 2014-12-20 20:10 - 00000010 _____ () C:\Windows\SysWOW64\810429tv4-test.jun
2014-12-20 11:59 - 2015-01-11 11:59 - 00000649 _____ () C:\Windows\system32\AutoPico.log
2014-12-19 18:05 - 2014-12-19 18:05 - 00001895 _____ () C:\Users\Enryuu\Desktop\VVCap.lnk
2014-12-19 18:05 - 2014-12-19 18:05 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VVCap
2014-12-19 18:05 - 2014-12-19 18:05 - 00000000 ____D () C:\Program Files (x86)\VVCap
2014-12-19 17:40 - 2014-12-19 17:53 - 00000000 ____D () C:\Users\Enryuu\Desktop\EFT 71
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 21:28 - 2014-12-03 13:38 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\Skype
2015-01-17 21:28 - 2014-12-03 12:39 - 01620088 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 21:18 - 2014-12-03 14:01 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\vlc
2015-01-17 21:15 - 2014-12-03 12:47 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A2F1471F-052E-4E08-A638-D34B6E42B464}
2015-01-17 21:10 - 2014-12-03 12:47 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4255434928-1930536331-337215360-1001
2015-01-17 21:05 - 2014-12-03 12:56 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 21:05 - 2013-09-29 20:09 - 00009324 _____ () C:\Windows\PFRO.log
2015-01-17 21:05 - 2013-08-22 15:46 - 00026198 _____ () C:\Windows\setupact.log
2015-01-17 21:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 21:01 - 2014-12-03 12:56 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-17 20:57 - 2014-12-03 15:55 - 00000000 ____D () C:\Users\Enryuu\Documents\Assassin's Creed Unity
2015-01-17 20:47 - 2014-12-03 12:41 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\VirtualStore
2015-01-17 20:13 - 2013-09-30 05:20 - 01658450 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 20:13 - 2013-09-30 04:57 - 00705506 _____ () C:\Windows\system32\perfh005.dat
2015-01-17 20:13 - 2013-09-30 04:57 - 00143830 _____ () C:\Windows\system32\perfc005.dat
2015-01-17 20:09 - 2014-12-03 12:45 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Enryuu)
2015-01-17 20:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-16 21:56 - 2014-12-05 14:53 - 00007218 _____ () C:\Users\Enryuu\Desktop\zavolat v utery po druhé DMG.txt
2015-01-16 20:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-16 14:02 - 2014-12-03 12:56 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 20:41 - 2014-12-03 13:32 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\TS3Client
2015-01-13 20:08 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-13 20:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-13 19:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-13 19:51 - 2014-12-06 15:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 19:47 - 2014-12-06 15:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 20:06 - 2014-12-03 12:52 - 00062662 _____ () C:\Windows\DirectX.log
2015-01-06 01:08 - 2014-12-09 19:30 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-12-09 19:30 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-03 21:55 - 2014-12-03 15:43 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Popcorn-Time
2015-01-01 21:59 - 2014-12-03 13:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-01 21:59 - 2014-12-03 13:37 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 21:16 - 2014-12-03 13:13 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Battle.net
2015-01-01 13:36 - 2014-12-03 12:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 21:59 - 2014-12-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-31 21:58 - 2014-12-03 12:45 - 00002160 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-12-31 21:58 - 2014-12-03 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-31 12:14 - 2014-12-05 14:37 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 00:37 - 2014-12-03 12:41 - 00000000 ____D () C:\Users\Enryuu
2014-12-26 09:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-25 17:14 - 2014-12-03 14:02 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Popcorn Time
2014-12-25 09:23 - 2014-12-03 13:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-22 17:17 - 2014-12-03 21:43 - 00009728 ___SH () C:\Users\Enryuu\Downloads\Thumbs.db
2014-12-21 12:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-21 11:26 - 2014-12-17 17:27 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-21 11:17 - 2014-12-03 13:38 - 00002549 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-21 11:17 - 2014-12-03 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-21 11:11 - 2013-08-22 15:44 - 00483016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 10:26 - 2013-09-30 05:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-21 10:26 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-20 20:21 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
Some content of TEMP:
====================
C:\Users\Enryuu\AppData\Local\Temp\InstHelper.exe
C:\Users\Enryuu\AppData\Local\Temp\Quarantine.exe
C:\Users\Enryuu\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 20:36
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Enryuu (administrator) on GARISON on 17-01-2015 21:47:46
Running from C:\Users\Enryuu\Desktop
Loaded Profiles: Enryuu (Available profiles: Enryuu)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(G Central) C:\Program Files (x86)\VVCap\VVCap.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(BitTorrent Inc.) D:\uTorrent\utorrent.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-03] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1566344 2014-04-08] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKU\S-1-5-21-4255434928-1930536331-337215360-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4255434928-1930536331-337215360-1001\...\Run: [VVCap] => C:\Program Files (x86)\VVCap\VVCap.exe [778752 2011-08-11] (G Central)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Dokumenty Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Disk Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (YouTube) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Adblock Plus) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Tampermonkey) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-03]
CHR Extension: (Tabulky Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (AdBlock) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-03]
CHR Extension: (Diablo 3 profile +) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoghbpbhlmmoajjnhienleaanmaagaj [2014-12-03]
CHR Extension: (Peněženka Google) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Enryuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 OpenVPNService; c:\Users\Enryuu\.openvpn\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [516608 2013-08-21] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-31] (REALiX(tm))
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-12-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-12-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 21:47 - 2015-01-17 21:48 - 00012949 _____ () C:\Users\Enryuu\Desktop\FRST.txt
2015-01-17 21:46 - 2015-01-17 21:47 - 00000000 ____D () C:\FRST
2015-01-17 21:46 - 2015-01-17 21:44 - 02125824 _____ (Farbar) C:\Users\Enryuu\Desktop\FRST64.exe
2015-01-17 21:03 - 2015-01-17 21:05 - 00000000 ____D () C:\AdwCleaner
2015-01-17 20:59 - 2015-01-17 20:58 - 02186752 _____ () C:\Users\Enryuu\Desktop\adwcleaner_4.108.exe
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 __SHD () C:\Users\Enryuu\AppData\Local\EmieUserList
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 __SHD () C:\Users\Enryuu\AppData\Local\EmieSiteList
2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 __SHD () C:\Users\Enryuu\AppData\Local\EmieBrowserModeList
2015-01-13 20:06 - 2015-01-13 20:06 - 00000000 ___SD () C:\Users\Enryuu\Documents\Passwords Database
2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\ESET
2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\ESET
2015-01-13 19:38 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:38 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:38 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 19:38 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 19:38 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 19:38 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 19:38 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 19:38 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:38 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 19:38 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 19:38 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 19:38 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 19:38 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 19:38 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 19:38 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 19:38 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 19:38 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 19:38 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 19:38 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 19:38 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 19:38 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 19:38 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 19:38 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 19:38 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 19:38 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 12:22 - 2015-01-10 12:20 - 00007786 _____ () C:\Users\Enryuu\Desktop\TV-Vse.xspf
2015-01-10 12:14 - 2015-01-10 12:17 - 00000000 ____D () C:\Users\Enryuu\Desktop\TV
2015-01-03 21:41 - 2015-01-03 21:41 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\MPC-HC
2015-01-03 21:40 - 2015-01-03 21:40 - 00000822 _____ () C:\Users\Enryuu\Desktop\MPC-HC.lnk
2015-01-03 21:40 - 2015-01-03 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-01-02 23:21 - 2015-01-02 23:21 - 00000000 ____D () C:\Windows\SysWOW64\bitstreams
2015-01-02 23:21 - 2013-12-10 01:30 - 10236928 ____S () C:\Windows\SysWOW64\acumncugcy.exe
2015-01-02 23:21 - 2013-10-26 21:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00972814 ____S () C:\Windows\SysWOW64\dcgmncugcy.exe
2015-01-02 23:21 - 2013-10-26 21:30 - 00538126 ____S () C:\Windows\SysWOW64\libcurl-4.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00192512 ____S () C:\Windows\SysWOW64\libidn-11.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\Windows\SysWOW64\libssh2.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00133632 ____S () C:\Windows\SysWOW64\librtmp.dll
2015-01-02 23:21 - 2013-10-26 21:30 - 00044727 ____S () C:\Windows\SysWOW64\diablo130302.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00043810 ____S () C:\Windows\SysWOW64\poclbm130302.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00030802 ____S () C:\Windows\SysWOW64\diakgcn121016.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00023825 ____S () C:\Windows\SysWOW64\scrypt130511.cl
2015-01-02 23:21 - 2013-10-26 21:30 - 00013062 ____S () C:\Windows\SysWOW64\phatk121016.cl
2015-01-02 23:21 - 2013-07-18 17:06 - 00187904 ____S () C:\Windows\SysWOW64\lcpmncugcy.exe
2015-01-02 23:21 - 2013-06-12 16:15 - 00119888 ____S (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadGC2.dll
2015-01-02 23:21 - 2013-06-12 16:15 - 00100864 ____S () C:\Windows\SysWOW64\zlib1.dll
2015-01-02 23:21 - 2012-09-26 00:46 - 00472424 ____S (NVIDIA Corporation) C:\Windows\SysWOW64\cudart32_50_35.dll
2015-01-02 23:21 - 2012-05-27 02:36 - 00055808 ____S (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadVC2.dll
2015-01-02 21:14 - 2011-06-12 21:53 - 00000000 ____D () C:\Users\Enryuu\Desktop\Online - TV VLC 1.1.9.+TV stanice+návod
2015-01-01 13:36 - 2015-01-01 13:36 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-01-01 13:36 - 2015-01-01 13:36 - 00000000 ____D () C:\Windows\system32\NV
2015-01-01 13:34 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-01 13:34 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-01 13:34 - 2014-12-13 11:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-12-31 21:58 - 2014-12-31 21:58 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-31 12:55 - 2014-12-31 14:20 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\wf-launcher
2014-12-31 12:55 - 2014-12-31 14:13 - 00000000 ____D () C:\ProgramData\GFACE
2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\Users\Enryuu\.openvpn
2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-29 00:37 - 2014-12-29 00:37 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-25 10:32 - 2014-12-25 10:32 - 00000000 ____D () C:\Users\Enryuu\Documents\Diablo III
2014-12-25 09:25 - 2014-12-25 09:25 - 00000669 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-12-25 09:25 - 2014-12-25 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-12-21 10:44 - 2015-01-13 20:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-21 10:27 - 2015-01-17 21:06 - 00000776 _____ () C:\Windows\system32\Service_KMS.log
2014-12-20 20:22 - 2014-12-20 20:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-20 20:21 - 2014-12-20 20:30 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-20 20:21 - 2014-12-20 20:30 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-12-20 20:21 - 2014-12-20 20:21 - 00001873 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-12-20 20:21 - 2014-12-20 20:21 - 00001819 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-12-20 20:21 - 2014-12-20 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-12-20 20:20 - 2014-12-20 20:26 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-20 20:20 - 2014-12-20 20:20 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Bluestacks
2014-12-20 20:10 - 2014-12-20 20:10 - 00000010 _____ () C:\Windows\SysWOW64\810429tv4-test.jun
2014-12-20 11:59 - 2015-01-11 11:59 - 00000649 _____ () C:\Windows\system32\AutoPico.log
2014-12-19 18:05 - 2014-12-19 18:05 - 00001895 _____ () C:\Users\Enryuu\Desktop\VVCap.lnk
2014-12-19 18:05 - 2014-12-19 18:05 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VVCap
2014-12-19 18:05 - 2014-12-19 18:05 - 00000000 ____D () C:\Program Files (x86)\VVCap
2014-12-19 17:40 - 2014-12-19 17:53 - 00000000 ____D () C:\Users\Enryuu\Desktop\EFT 71
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 21:28 - 2014-12-03 13:38 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\Skype
2015-01-17 21:28 - 2014-12-03 12:39 - 01620088 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 21:18 - 2014-12-03 14:01 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\vlc
2015-01-17 21:15 - 2014-12-03 12:47 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A2F1471F-052E-4E08-A638-D34B6E42B464}
2015-01-17 21:10 - 2014-12-03 12:47 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4255434928-1930536331-337215360-1001
2015-01-17 21:05 - 2014-12-03 12:56 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 21:05 - 2013-09-29 20:09 - 00009324 _____ () C:\Windows\PFRO.log
2015-01-17 21:05 - 2013-08-22 15:46 - 00026198 _____ () C:\Windows\setupact.log
2015-01-17 21:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 21:01 - 2014-12-03 12:56 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-17 20:57 - 2014-12-03 15:55 - 00000000 ____D () C:\Users\Enryuu\Documents\Assassin's Creed Unity
2015-01-17 20:47 - 2014-12-03 12:41 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\VirtualStore
2015-01-17 20:13 - 2013-09-30 05:20 - 01658450 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 20:13 - 2013-09-30 04:57 - 00705506 _____ () C:\Windows\system32\perfh005.dat
2015-01-17 20:13 - 2013-09-30 04:57 - 00143830 _____ () C:\Windows\system32\perfc005.dat
2015-01-17 20:09 - 2014-12-03 12:45 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Enryuu)
2015-01-17 20:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-16 21:56 - 2014-12-05 14:53 - 00007218 _____ () C:\Users\Enryuu\Desktop\zavolat v utery po druhé DMG.txt
2015-01-16 20:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-16 14:02 - 2014-12-03 12:56 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 20:41 - 2014-12-03 13:32 - 00000000 ____D () C:\Users\Enryuu\AppData\Roaming\TS3Client
2015-01-13 20:08 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-13 20:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-13 19:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-13 19:51 - 2014-12-06 15:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 19:47 - 2014-12-06 15:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 20:06 - 2014-12-03 12:52 - 00062662 _____ () C:\Windows\DirectX.log
2015-01-06 01:08 - 2014-12-09 19:30 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-12-09 19:30 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-03 21:55 - 2014-12-03 15:43 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Popcorn-Time
2015-01-01 21:59 - 2014-12-03 13:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-01 21:59 - 2014-12-03 13:37 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 21:16 - 2014-12-03 13:13 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Battle.net
2015-01-01 13:36 - 2014-12-03 12:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 21:59 - 2014-12-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-31 21:58 - 2014-12-03 12:45 - 00002160 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-12-31 21:58 - 2014-12-03 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-31 12:14 - 2014-12-05 14:37 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 00:37 - 2014-12-03 12:41 - 00000000 ____D () C:\Users\Enryuu
2014-12-26 09:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-25 17:14 - 2014-12-03 14:02 - 00000000 ____D () C:\Users\Enryuu\AppData\Local\Popcorn Time
2014-12-25 09:23 - 2014-12-03 13:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-22 17:17 - 2014-12-03 21:43 - 00009728 ___SH () C:\Users\Enryuu\Downloads\Thumbs.db
2014-12-21 12:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-21 11:26 - 2014-12-17 17:27 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-21 11:17 - 2014-12-03 13:38 - 00002549 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-21 11:17 - 2014-12-03 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-21 11:11 - 2013-08-22 15:44 - 00483016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 10:26 - 2013-09-30 05:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup
2014-12-21 10:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-21 10:26 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-20 20:21 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
Some content of TEMP:
====================
C:\Users\Enryuu\AppData\Local\Temp\InstHelper.exe
C:\Users\Enryuu\AppData\Local\Temp\Quarantine.exe
C:\Users\Enryuu\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 20:36
==================== End Of Log ============================
- Přílohy
-
- Addition.rar
- (6.36 KiB) Staženo 63 x
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\AutoKMS
C:\Users\Enryuu\AppData\Local\Temp
Task: {D1D6B352-6228-4BA5-9334-05F995397176} - \AutoKMS No Task File <==== ATTENTION
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
hotovo
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Enryuu at 2015-01-17 22:08:50 Run:1
Running from C:\Users\Enryuu\Desktop
Loaded Profiles: Enryuu (Available profiles: Enryuu)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\AutoKMS
C:\Users\Enryuu\AppData\Local\Temp
Task: {D1D6B352-6228-4BA5-9334-05F995397176} - \AutoKMS No Task File <==== ATTENTION
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Enryuu at 2015-01-17 22:08:50 Run:1
Running from C:\Users\Enryuu\Desktop
Loaded Profiles: Enryuu (Available profiles: Enryuu)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\AutoKMS
C:\Users\Enryuu\AppData\Local\Temp
Task: {D1D6B352-6228-4BA5-9334-05F995397176} - \AutoKMS No Task File <==== ATTENTION
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
nevypadá to ....ESET Endpoint Security stále nejde nainstalovat....
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
zde to je
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17. 1. 2015
Scan Time: 22:44:23
Logfile: log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.17.06
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Enryuu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323644
Time Elapsed: 17 min, 57 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncugcy.exe, , [1268aa4e6029f93dbb10bf620101b14f],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncugcy.exe, , [08720eea711880b696174be512ef1be5],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncugcy.exe, , [c4b69266c4c5de583a8c181a818153ad],
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17. 1. 2015
Scan Time: 22:44:23
Logfile: log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.17.06
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Enryuu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323644
Time Elapsed: 17 min, 57 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncugcy.exe, , [1268aa4e6029f93dbb10bf620101b14f],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncugcy.exe, , [08720eea711880b696174be512ef1be5],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncugcy.exe, , [c4b69266c4c5de583a8c181a818153ad],
Physical Sectors: 0
(No malicious items detected)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Vše nalezené smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
smazáno... bezezměny asi bude jednodušší přeinstalovat win co myslíte Vy?
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Kde se tan virus skrývá? To by vám měl řící antivir.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
ten vir blokuje instalaci antiviru...
-
Rudy
- Site Admin
- Příspěvky: 119665
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím k tonrolu logu mám podezření na vir
Jakéhokoliv? Nebo nějakého konkrétního?Narmo píše:ten vir blokuje instalaci antiviru...
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím k tonrolu logu mám podezření na vir
tohoto ESET Endpoint Security mám originální
ostatní jdou nainstalovat a nic nenajdou ....
ostatní jdou nainstalovat a nic nenajdou ....
Přispějete na provoz fóra?