Ahoj, můžete mi někdo prosím pomoct? Mám pocit, že jsem si do počítače stáhnul nějaký balast, asi btc miner. Dělal jsem kontrolu Malwarebytes a ten nic nenašel, ale stejně chci mít jistotu.. Děkuji
RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by email_000 at 2015-04-24 19:43:36
Microsoft Windows 8.1
System drive C: has 45 GB (5%) free of 938 GB
Total RAM: 3546 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:39, on 24. 4. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\email_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Program Files\trend micro\email_000.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - Startup: SkinSpotlightsReplays.RELEASE – zástupce.lnk = C:\Downloads\LoLCameraSharp 5.5\SkinSpotlightsReplays.RELEASE.exe
O4 - Startup: SynTPEnh – zástupce.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\email_000\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Vyplňování formulářů - file://C:\Users\email_000\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem9.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\Windows\SysWOW64\tbaseprovisioning.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12233 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\SysWOW64\tbaseprovisioning.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 171197386336
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
dashost.exe {5ad00ebb-c27a-4289-985e96ee745e2788}
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Explorer.EXE
C:\Windows\System32\skydrive.exe -Embedding
taskhostex.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE" -Embedding
"C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
"C:\Program Files (x86)\Gyazo\GyStation.exe"
"C:\Program Files\AMD Quick Stream\AMDQuickStream.exe" -h
"C:\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
"C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe" -sync_complete
"C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe"
"C:\Users\email_000\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe" --type=gpu-process --channel="7468.0.1194983877\460394071" --no-sandbox --lang=en-US --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27 --gpu-vendor-id=0x1002 --gpu-device-id=0x9851 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.502.1014.0 --lang=en-US /prefetch:822062411
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereportingnopester
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 026B769E-720B-C8A7-4D3A-EBD4CFE70679 -Reinvoke
"C:\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForemail_000.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForemail_000 (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@lastpass.com/NPLastPass]
"Description"=
"Path"=C:\Program Files (x86)\LastPass\nplastpass64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@lastpass.com/NPLastPass]
"Description"=
"Path"=C:\Program Files (x86)\LastPass\nplastpass64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=
C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\extensions\
cs@dictionaries.addons.mozilla.org
en-US@dictionaries.addons.mozilla.org
FavIconReloader@mozilla.org
support@lastpass.com
{B64D9B05-48E1-4CEB-BF58-E0643994E900}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]
LastPass Vault - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29 1045560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07 357376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]
LastPass Vault - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29 724536]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2015-03-18 1729752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11 323752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29 1045560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29 724536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-03-10 7546072]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-03-15 1959992]
"Gyazo"=C:\Program Files (x86)\Gyazo\GyStation.exe [2014-10-27 3095840]
"AppEx Accelerator UI"=C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [2014-03-31 482528]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=C:\iTunes\iTunesHelper.exe [2014-10-15 157480]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2014-03-26 475448]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-10-02 421888]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2014-04-01 126240]
"IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-24 206240]
""= []
"Razer Synapse"=C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2015-03-12 590144]
"RazerCortex"=C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun []
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-03-31 767176]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Install LastPass FF RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe
Install LastPass IE RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe
C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SkinSpotlightsReplays.RELEASE – zástupce.lnk - C:\Downloads\LoLCameraSharp 5.5\SkinSpotlightsReplays.RELEASE.exe
SynTPEnh – zástupce.lnk - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-04-23 22:41:20 ----D---- C:\FRST
2015-04-23 22:16:11 ----D---- C:\Program Files\trend micro
2015-04-23 22:16:10 ----D---- C:\rsit
2015-04-20 12:50:49 ----D---- C:\ProgramData\ATI
2015-04-20 12:46:35 ----D---- C:\Program Files\AMD Quick Stream
2015-04-20 12:46:25 ----D---- C:\Program Files (x86)\AMD AVT
2015-04-20 12:39:56 ----D---- C:\Windows\LastGood.Tmp
2015-04-18 13:19:51 ----D---- C:\Program Files (x86)\Rockstar Games
2015-04-18 13:19:16 ----D---- C:\Program Files\Rockstar Games
2015-04-15 13:34:03 ----D---- C:\Windows\system32\appraiser
2015-04-15 11:42:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:42:35 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 11:42:35 ----A---- C:\Windows\system32\tdh.dll
2015-04-15 11:42:35 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 11:42:34 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-04-15 11:42:34 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-04-15 11:42:34 ----A---- C:\Windows\system32\sechost.dll
2015-04-15 11:42:34 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 11:42:33 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-04-15 11:42:33 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 11:42:33 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 11:42:33 ----A---- C:\Windows\system32\tracerpt.exe
2015-04-15 11:42:32 ----A---- C:\Windows\system32\msctf.dll
2015-04-15 11:42:31 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2015-04-15 11:42:31 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-04-15 11:42:31 ----A---- C:\Windows\system32\pku2u.dll
2015-04-15 11:42:31 ----A---- C:\Windows\system32\lsm.dll
2015-04-15 11:41:44 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 11:41:44 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 11:41:43 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 11:41:43 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 11:41:42 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 11:41:42 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 11:41:42 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 11:41:41 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 11:41:27 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 11:41:26 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-15 11:41:26 ----A---- C:\Windows\system32\drivers\clfs.sys
2015-04-15 11:41:26 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 11:41:19 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 11:41:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 11:41:10 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 11:41:09 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 11:41:08 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 11:41:06 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 11:41:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 11:41:01 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 11:41:00 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 11:40:59 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 11:40:58 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 11:40:58 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 11:40:58 ----A---- C:\Windows\system32\inetcomm.dll
2015-04-15 11:40:57 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 11:40:57 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-04-15 11:40:57 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 11:40:56 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 11:40:56 ----A---- C:\Windows\system32\jscript.dll
2015-04-15 11:40:55 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-04-15 11:40:55 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 11:40:54 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 11:40:54 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 11:40:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-15 11:40:54 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 11:40:44 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 11:40:43 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 11:40:42 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 11:40:42 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 11:40:42 ----A---- C:\Windows\system32\wups.dll
2015-04-15 11:40:42 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 11:40:42 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 11:40:42 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:40:42 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:40:41 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 11:40:41 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 11:40:41 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 11:40:41 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 11:40:41 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 11:40:41 ----A---- C:\Windows\system32\storewuauth.dll
2015-04-15 11:40:40 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 11:40:40 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 11:40:40 ----A---- C:\Windows\system32\wuapp.exe
2015-04-06 08:28:15 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-06 08:28:15 ----SD---- C:\Windows\system32\GWX
2015-04-05 14:54:53 ----D---- C:\Users\email_000\AppData\Roaming\Sony Creative Software Inc
2015-04-03 21:21:26 ----D---- C:\Users\email_000\AppData\Roaming\Steam
2015-04-03 15:15:41 ----A---- C:\Windows\SYSWOW64\vp6vfw.dll
2015-04-01 21:41:58 ----D---- C:\Users\email_000\AppData\Roaming\REAPER
2015-03-31 22:47:20 ----A---- C:\Windows\system32\amdave64.dll
2015-03-31 22:47:18 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2015-03-31 22:47:16 ----A---- C:\Windows\system32\amdmiracast.dll
2015-03-31 22:47:14 ----A---- C:\Windows\system32\amdhcp64.dll
2015-03-31 22:47:12 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2015-03-31 22:47:08 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2015-03-31 22:47:08 ----A---- C:\Windows\system32\atimpc64.dll
2015-03-31 22:47:00 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2015-03-31 22:47:00 ----A---- C:\Windows\system32\amdpcom64.dll
2015-03-31 22:46:56 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2015-03-31 22:46:52 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2015-03-31 22:46:52 ----A---- C:\Windows\system32\atiu9p64.dll
2015-03-31 22:46:44 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2015-03-31 22:46:34 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2015-03-31 22:46:26 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2015-03-31 22:46:18 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2015-03-31 22:46:12 ----A---- C:\Windows\system32\atiumd6a.dll
2015-03-31 22:46:08 ----A---- C:\Windows\system32\atiumd64.dll
2015-03-31 22:43:56 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2015-03-31 22:41:18 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2015-03-31 22:33:56 ----A---- C:\Windows\system32\clinfo.exe
2015-03-31 22:33:52 ----A---- C:\Windows\SYSWOW64\amdocl_ld32.exe
2015-03-31 22:33:52 ----A---- C:\Windows\SYSWOW64\amdocl_as32.exe
2015-03-31 22:33:52 ----A---- C:\Windows\system32\amdocl_ld64.exe
2015-03-31 22:33:52 ----A---- C:\Windows\system32\amdocl_as64.exe
2015-03-31 22:33:50 ----A---- C:\Windows\SYSWOW64\OpenVideo.dll
2015-03-31 22:33:50 ----A---- C:\Windows\system32\OpenVideo64.dll
2015-03-31 22:33:48 ----A---- C:\Windows\system32\OVDecode64.dll
2015-03-31 22:33:46 ----A---- C:\Windows\SYSWOW64\OVDecode.dll
2015-03-31 22:33:44 ----A---- C:\Windows\system32\amdocl64.dll
2015-03-31 22:32:50 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2015-03-31 22:32:00 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-03-31 22:32:00 ----A---- C:\Windows\system32\OpenCL.dll
2015-03-31 22:30:40 ----A---- C:\Windows\system32\amdhsasc64.dll
2015-03-31 22:30:38 ----A---- C:\Windows\SYSWOW64\amdhsasc.dll
2015-03-31 22:26:44 ----A---- C:\Windows\system32\amdhdl64.dll
2015-03-31 22:26:42 ----A---- C:\Windows\SYSWOW64\amdhdl32.dll
2015-03-31 22:26:00 ----A---- C:\Windows\system32\atio6axx.dll
2015-03-31 22:20:44 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2015-03-31 22:20:10 ----A---- C:\Windows\system32\mantle64.dll
2015-03-31 22:20:08 ----A---- C:\Windows\system32\amdmmcl6.dll
2015-03-31 22:20:06 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2015-03-31 22:20:06 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2015-03-31 22:20:02 ----A---- C:\Windows\system32\amdmantle64.dll
2015-03-31 22:17:46 ----A---- C:\Windows\system32\atiapfxx.exe
2015-03-31 22:17:44 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2015-03-31 22:17:44 ----A---- C:\Windows\system32\aticalrt64.dll
2015-03-31 22:17:40 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2015-03-31 22:17:40 ----A---- C:\Windows\system32\aticalcl64.dll
2015-03-31 22:17:34 ----A---- C:\Windows\system32\aticaldd64.dll
2015-03-31 22:17:06 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2015-03-31 22:17:02 ----A---- C:\Windows\SYSWOW64\ativvsvl.dat
2015-03-31 22:17:02 ----A---- C:\Windows\SYSWOW64\ativvsva.dat
2015-03-31 22:17:02 ----A---- C:\Windows\system32\ativvsvl.dat
2015-03-31 22:17:02 ----A---- C:\Windows\system32\ativvsva.dat
2015-03-31 22:16:44 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2015-03-31 22:14:38 ----A---- C:\Windows\system32\mantleaxl64.dll
2015-03-31 22:14:34 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2015-03-31 22:13:30 ----A---- C:\Windows\system32\atidemgy.dll
2015-03-31 22:13:28 ----A---- C:\Windows\system32\atimuixx.dll
2015-03-31 22:13:26 ----A---- C:\Windows\system32\atieclxx.exe
2015-03-31 22:13:18 ----A---- C:\Windows\system32\atiesrxx.exe
2015-03-31 22:13:04 ----A---- C:\Windows\system32\atitmm64.dll
2015-03-31 22:10:36 ----A---- C:\Windows\system32\coinst_14.50.dll
2015-03-31 22:10:22 ----A---- C:\Windows\system32\atisamu64.dll
2015-03-31 22:10:20 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2015-03-31 22:09:42 ----A---- C:\Windows\system32\atiadlxx.dll
2015-03-31 22:09:40 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2015-03-31 22:09:36 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2015-03-31 22:09:36 ----A---- C:\Windows\system32\atiglpxx.dll
2015-03-31 22:09:36 ----A---- C:\Windows\system32\atig6pxx.dll
2015-03-31 22:09:34 ----A---- C:\Windows\system32\atig6txx.dll
2015-03-31 22:09:32 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2015-03-31 22:09:30 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2015-03-31 22:09:30 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2015-03-31 16:37:16 ----A---- C:\Windows\system32\kdbsdk64.dll
2015-03-31 16:35:44 ----A---- C:\Windows\SYSWOW64\kdbsdk32.dll
2015-03-30 16:06:33 ----D---- C:\Users\email_000\AppData\Roaming\WiseUpdate
2015-03-29 12:39:47 ----D---- C:\Program Files (x86)\LastPass
2015-03-29 12:39:31 ----D---- C:\Users\email_000\AppData\Roaming\Local
======List of files/folders modified in the last 1 month======
2015-04-24 19:40:59 ----D---- C:\Windows
2015-04-24 19:33:27 ----D---- C:\Users\email_000\AppData\Roaming\uTorrent
2015-04-24 19:17:38 ----D---- C:\Filmy
2015-04-24 19:04:29 ----D---- C:\Windows\Temp
2015-04-24 19:02:05 ----D---- C:\Windows\system32\sru
2015-04-24 18:07:28 ----D---- C:\Windows\system32\Tasks
2015-04-24 14:12:51 ----D---- C:\Torrent
2015-04-24 14:08:09 ----D---- C:\Downloads
2015-04-24 11:16:00 ----D---- C:\Windows\Microsoft.NET
2015-04-24 10:52:03 ----D---- C:\Program Files\KMSnano
2015-04-24 10:47:53 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-23 22:16:11 ----RD---- C:\Program Files
2015-04-23 11:05:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-22 12:02:09 ----D---- C:\Windows\system32\config
2015-04-21 14:47:52 ----D---- C:\Windows\rescache
2015-04-20 12:50:49 ----HD---- C:\ProgramData
2015-04-20 12:48:44 ----RD---- C:\Windows\System32
2015-04-20 12:48:44 ----D---- C:\Windows\SysWOW64
2015-04-20 12:48:13 ----D---- C:\Windows\system32\catroot
2015-04-20 12:46:47 ----D---- C:\Windows\system32\drivers
2015-04-20 12:46:46 ----D---- C:\Windows\system32\DriverStore
2015-04-20 12:46:26 ----D---- C:\ProgramData\AMD
2015-04-20 12:46:25 ----RD---- C:\Program Files (x86)
2015-04-20 12:45:22 ----D---- C:\Program Files\AMD
2015-04-20 12:25:41 ----D---- C:\AMD
2015-04-19 15:36:14 ----D---- C:\Windows\SYSWOW64\directx
2015-04-19 15:35:01 ----HD---- C:\Windows\msdownld.tmp
2015-04-19 11:53:58 ----D---- C:\Hry
2015-04-19 10:03:29 ----D---- C:\Windows\WinSxS
2015-04-19 06:52:41 ----D---- C:\Windows\system32\catroot2
2015-04-18 09:59:42 ----D---- C:\Windows\AppCompat
2015-04-18 08:46:37 ----D---- C:\Windows\system32\cs-CZ
2015-04-18 08:46:36 ----D---- C:\Windows\apppatch
2015-04-18 08:44:04 ----D---- C:\Windows\AppReadiness
2015-04-18 05:40:33 ----HD---- C:\Program Files\WindowsApps
2015-04-17 22:21:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-17 21:14:40 ----SHD---- C:\System Volume Information
2015-04-17 19:37:35 ----RSD---- C:\Windows\assembly
2015-04-17 18:17:04 ----D---- C:\BackupPC
2015-04-16 17:43:06 ----D---- C:\Windows\CbsTemp
2015-04-16 17:42:14 ----D---- C:\ProgramData\Microsoft Help
2015-04-16 13:39:42 ----D---- C:\Škola
2015-04-16 12:19:53 ----SHD---- C:\Windows\Installer
2015-04-16 12:18:39 ----D---- C:\Program Files (x86)\Common Files
2015-04-16 12:16:51 ----D---- C:\Program Files (x86)\Battle.net
2015-04-16 11:09:02 ----RD---- C:\Dropbox
2015-04-16 11:08:51 ----D---- C:\Users\email_000\AppData\Roaming\Dropbox
2015-04-16 00:19:08 ----D---- C:\Windows\Inf
2015-04-15 13:34:03 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 13:34:03 ----D---- C:\Windows\system32\wbem
2015-04-15 13:34:02 ----SD---- C:\ProgramData\Microsoft
2015-04-15 13:34:02 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-04-15 13:34:02 ----D---- C:\Program Files\Internet Explorer
2015-04-15 13:32:30 ----D---- C:\Windows\system32\MRT
2015-04-15 13:23:20 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 13:16:32 ----A---- C:\Windows\win.ini
2015-04-15 11:36:00 ----A---- C:\Windows\system32\wuaext.dll
2015-04-14 01:24:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-12 22:47:08 ----D---- C:\Users\email_000\AppData\Roaming\iFunBox.NXGen
2015-04-12 22:42:01 ----D---- C:\iPhone
2015-04-12 21:38:24 ----D---- C:\Users\email_000\AppData\Roaming\OBS
2015-04-11 21:52:34 ----D---- C:\Fraps rec
2015-04-11 21:48:48 ----D---- C:\Program Files (x86)\OBS
2015-04-06 20:19:23 ----D---- C:\Users\email_000\AppData\Roaming\vlc
2015-04-06 08:31:55 ----D---- C:\Windows\Logs
2015-04-05 15:38:29 ----D---- C:\Windows\Minidump
2015-04-05 14:44:44 ----D---- C:\LoLReplays
2015-04-04 10:51:46 ----D---- C:\ProgramData\Orbit
2015-04-03 21:21:28 ----D---- C:\ProgramData\Codemasters
2015-04-03 11:17:57 ----A---- C:\Windows\system32\wrap_oal.dll
2015-04-03 11:17:56 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2015-04-03 11:17:56 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2015-04-03 11:17:56 ----A---- C:\Windows\system32\OpenAL32.dll
2015-04-03 10:39:43 ----D---- C:\ProgramData\CyberLink
2015-03-31 22:46:56 ----A---- C:\Windows\system32\atiuxp64.dll
2015-03-31 22:46:48 ----A---- C:\Windows\system32\aticfx64.dll
2015-03-31 22:46:38 ----A---- C:\Windows\system32\atidxx64.dll
2015-03-25 15:34:47 ----D---- C:\ProgramData\Razer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2014-03-21 81608]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2014-03-21 23752]
R0 amdkmpfd;@oem48.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2014-10-28 62152]
R0 amdpsp;@oem60.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\Windows\system32\DRIVERS\amdpsp.sys [2015-01-16 264392]
R0 hpdskflt;@oem9.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-23 30520]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2013-11-12 91912]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2007-04-13 105176]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 APXACC;@oem50.inf,%APPEX_ACC_SERVICE_NAME%;AppEx Networks Accelerator LWF; C:\Windows\system32\DRIVERS\appexDrv.sys [2014-10-28 229056]
R2 rzpmgrk;rzpmgrk; \??\C:\Windows\system32\drivers\rzpmgrk.sys [2015-02-05 37184]
R2 rzpnk;rzpnk; \??\C:\Windows\system32\drivers\rzpnk.sys [2015-02-04 129600]
R3 Accelerometer;@oem9.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-23 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-03-31 19338752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-03-31 591872]
R3 AtiHDAudioService;@oem59.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2014-12-21 223232]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-04-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 clwvd;@oem16.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2014-01-28 41704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-12 3891800]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RtkBtFilter;@oem7.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [2014-01-06 558296]
R3 RTL8168;@oem13.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-02-19 839896]
R3 RTSPER;@oem14.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\Windows\system32\DRIVERS\RtsPer.sys [2014-02-22 466648]
R3 RTWlanE;@oem42.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\Windows\system32\DRIVERS\rtwlane.sys [2014-10-21 3410136]
R3 SynTP;@oem12.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-02-25 541424]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 amdkmafd;@oem47.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\Windows\System32\drivers\amdkmafd.sys [2012-09-23 21160]
S3 amdkmcsp;@oem60.inf,%amdkmcsp.SVCDESC%;AMD Kernel Mode CSP Service; C:\Windows\system32\DRIVERS\amdkmcsp.sys [2015-01-16 92360]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-11-21 64216]
S3 Netaapl;@oem41.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2014-08-15 23040]
S3 rzdaendpt;@oem19.inf,%rzdaendpt.SvcDesc%;Razer DeathAdder end point; C:\Windows\System32\drivers\rzdaendpt.sys [2014-12-30 33448]
S3 rzudd;@oem56.inf,%Razer.SvcDesc%;Razer Mouse Driver; C:\Windows\System32\drivers\rzudd.sys [2014-12-30 177832]
S3 rzvkeyboard;@oem33.inf,%rzvkeyboard%;Razer Virtual Keyboard Driver; C:\Windows\System32\drivers\rzvkeyboard.sys [2014-12-30 31912]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys []
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys []
S3 USBAAPL64;@oem40.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2014-04-18 121088]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-03-31 246272]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-03-31 344064]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2014-10-29 38792]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 BTDevManager;BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [2014-03-05 88064]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2014-01-13 92160]
R2 hpsrv;@oem9.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-23 43320]
R2 HPWMISVC;HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2014-03-26 469304]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-12-09 76152]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-01-09 290520]
R2 tbaseprovisioning;tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [2014-02-25 51712]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-11-01 1129760]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04 107912]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14 268464]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-16 50864]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-23 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04 107912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-23 148080]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-03-01 1910640]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-02-19 835776]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\Windows\system32\svchost.exe [2014-10-29 38792]
S4 Razer Game Scanner Service;Razer Game Scanner; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-02-05 187072]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logů - Podezření na Bitcoin miner
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Ještě FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 01
Ran by email_000 (administrator) on 355G2 on 24-04-2015 19:34:40
Running from C:\Users\email_000\Desktop
Loaded Profiles: email_000 & (Available profiles: email_000)
Platform: Windows 8 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\email_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Spotify Web Helper] => C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-15] (Spotify Ltd)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-15] (Spotify Ltd)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\CCleaner64.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkinSpotlightsReplays.RELEASE – zástupce.lnk [2015-03-18]
ShortcutTarget: SkinSpotlightsReplays.RELEASE – zástupce.lnk -> C:\Downloads\LoLCameraSharp 5.5\SkinSpotlightsReplays.RELEASE.exe ()
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh – zástupce.lnk [2015-03-18]
ShortcutTarget: SynTPEnh – zástupce.lnk -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2796280922-3190028296-2612705438-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\email_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\email_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\cs@dictionaries.addons.mozilla.org [2014-11-10]
FF Extension: United States English Spellchecker - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-11-04]
FF Extension: FavIconReloader - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\FavIconReloader@mozilla.org [2014-10-23]
FF Extension: LastPass - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\support@lastpass.com [2015-04-23]
FF Extension: Download videos and MP3s from YouTube - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-20]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-10-20]
FF Extension: KodyRabatowe.pl - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\coupon.checker@kodyrabatowe.pl.xpi [2014-10-20]
FF Extension: Firebug - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-20]
FF Extension: MEGA - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firefox@mega.co.nz.xpi [2015-04-12]
FF Extension: Emoji Cheatsheet for GitHub, Basecamp etc. - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2014-11-01]
FF Extension: Reddit Enhancement Suite - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-10-20]
FF Extension: PopVideo - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\lmnPopVideo@lshai.com.xpi [2014-10-20]
FF Extension: Personas Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\personas@christopher.beard.xpi [2014-10-20]
FF Extension: Google Translator for Firefox - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\translator@zoli.bod.xpi [2014-10-20]
FF Extension: YouTube High Definition - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-22]
FF Extension: Facebook Photo Zoom - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2014-10-30]
FF Extension: Video DownloadHelper - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: QuickNote - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-10-20]
FF Extension: Adblock Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]
FF Extension: Greasemonkey - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-20]
FF HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-13]
FF HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR Profile: C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (YouTube) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-11-04]
CHR Extension: (Adblock Plus) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07]
CHR Extension: (Google Search) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Bookmark Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-31] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-09] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-16] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-21] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [105176 2007-04-13] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-10-21] (Realtek Semiconductor Corporation )
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-02-04] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 19:34 - 2015-04-24 19:35 - 00027994 _____ () C:\Users\email_000\Desktop\FRST.txt
2015-04-23 22:47 - 2015-04-23 22:48 - 00040519 _____ () C:\Users\email_000\Desktop\Addition1.txt
2015-04-23 22:45 - 2015-04-23 22:48 - 00059467 _____ () C:\Users\email_000\Desktop\FRST1.txt
2015-04-23 22:41 - 2015-04-24 19:35 - 00000000 ____D () C:\FRST
2015-04-23 22:37 - 2015-04-23 22:37 - 02099712 _____ (Farbar) C:\Users\email_000\Desktop\FRST64.exe
2015-04-23 22:16 - 2015-04-23 22:16 - 00000000 ____D () C:\rsit
2015-04-23 22:16 - 2015-04-23 22:16 - 00000000 ____D () C:\Program Files\trend micro
2015-04-21 21:06 - 2015-04-21 21:06 - 00000000 ____D () C:\Users\email_000\AppData\Local\Blizzard
2015-04-20 12:50 - 2015-04-20 12:50 - 00000000 ____D () C:\ProgramData\ATI
2015-04-20 12:46 - 2015-04-20 12:46 - 00058394 _____ () C:\Windows\SysWOW64\CCCInstall_201504201246197774.log
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-20 12:45 - 2015-04-20 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-20 12:39 - 2015-04-20 12:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-20 10:02 - 2015-04-24 18:07 - 00003488 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-19 14:34 - 2015-04-20 22:18 - 00001703 _____ () C:\Users\email_000\Desktop\Grand Theft Auto V.lnk
2015-04-18 13:26 - 2015-04-18 13:26 - 00000080 _____ () C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-04-18 13:26 - 2015-04-18 13:26 - 00000000 ____D () C:\Users\email_000\AppData\Local\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:00 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-18 13:13 - 2015-04-18 13:13 - 00000000 ____D () C:\Users\email_000\Documents\Rockstar Games
2015-04-17 20:49 - 2015-04-17 20:49 - 00001415 _____ () C:\Users\email_000\Desktop\SS Replays.lnk
2015-04-17 20:47 - 2015-04-17 20:47 - 00001052 _____ () C:\Users\email_000\Desktop\Shadow Warrior.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000992 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-15 13:34 - 2015-04-15 13:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:42 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:42 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 11:42 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 11:42 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:42 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 11:42 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 11:42 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 11:42 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 11:42 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 11:42 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 11:42 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 11:41 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:41 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:41 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:41 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:41 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:41 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:41 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 11:41 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:41 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 11:41 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:41 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-06 08:28 - 2015-04-06 08:31 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 08:28 - 2015-04-06 08:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 15:38 - 2015-04-05 15:44 - 01089320 _____ () C:\Windows\Minidump\040515-140250-01.dmp
2015-04-05 14:54 - 2015-04-05 14:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Sony Creative Software Inc
2015-04-03 23:58 - 2015-04-04 11:02 - 00000906 _____ () C:\Users\Public\Desktop\Far Cry 4.lnk
2015-04-03 23:58 - 2015-04-03 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-04-03 21:21 - 2015-04-03 21:21 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Steam
2015-04-03 15:40 - 2015-04-03 15:40 - 00000000 ____D () C:\Users\email_000\Documents\Electronic Arts
2015-04-03 15:15 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-03 10:39 - 2015-04-03 10:39 - 00003162 _____ () C:\Windows\System32\Tasks\CLVDLauncher
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\Users\email_000\Documents\REAPER Media
2015-04-01 21:41 - 2015-04-01 21:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\REAPER
2015-03-31 22:47 - 2015-03-31 22:47 - 00450744 _____ () C:\Windows\system32\amdmiracast.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00102128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00096448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 09406624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 01134688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-03-31 22:43 - 2015-03-31 22:43 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-03-31 22:41 - 2015-03-31 22:41 - 19338752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-03-31 22:33 - 2015-03-31 22:33 - 47902208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 40990208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 07915520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 06375936 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00134656 _____ () C:\Windows\system32\amdhdl64.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 05837824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-03-31 22:18 - 2015-03-31 22:18 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2015-03-31 22:17 - 2015-03-31 22:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\system32\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-03-31 22:16 - 2015-03-31 22:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2015-03-31 22:13 - 2015-03-31 22:13 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-03-31 22:09 - 2015-03-31 22:09 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-03-31 16:37 - 2015-03-31 16:37 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2015-03-31 16:35 - 2015-03-31 16:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2015-03-30 16:15 - 2015-03-30 16:15 - 00000112 ____H () C:\9D3A1B22EF28
2015-03-30 16:06 - 2015-03-30 16:07 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\WiseUpdate
2015-03-29 12:39 - 2015-03-29 12:42 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 19:33 - 2014-11-04 19:18 - 00000972 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 19:33 - 2014-10-20 16:10 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\uTorrent
2015-04-24 19:23 - 2014-10-20 16:20 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-24 19:17 - 2014-10-20 16:13 - 00000000 ____D () C:\Filmy
2015-04-24 19:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-24 19:01 - 2014-10-23 13:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 18:29 - 2014-10-21 13:49 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 355G2-email_000 355G2
2015-04-24 18:28 - 2014-11-17 01:36 - 01403999 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 18:14 - 2014-10-20 14:14 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BDA785C3-9C21-473B-B645-C421914F8BE9}
2015-04-24 18:11 - 2014-10-20 13:52 - 00000000 ____D () C:\Users\email_000\Documents\Youcam
2015-04-24 18:08 - 2014-11-04 19:18 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 18:08 - 2014-10-20 13:53 - 00000000 ___DO () C:\Users\email_000\OneDrive
2015-04-24 18:08 - 2014-10-20 13:48 - 00000000 ____D () C:\Users\email_000
2015-04-24 18:06 - 2014-05-30 17:32 - 06643429 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-24 18:06 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 18:05 - 2014-12-03 20:10 - 00031407 _____ () C:\Windows\setupact.log
2015-04-24 14:12 - 2014-10-20 16:13 - 00000000 ____D () C:\Torrent
2015-04-24 10:52 - 2014-12-01 17:17 - 00000000 ____D () C:\Program Files\KMSnano
2015-04-24 10:51 - 2014-10-20 16:20 - 00000000 ____D () C:\Users\email_000\AppData\Local\Adobe
2015-04-24 10:47 - 2014-10-20 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 00:21 - 2014-05-30 17:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-24 00:21 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-23 11:05 - 2014-10-20 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 21:49 - 2014-10-20 13:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2796280922-3190028296-2612705438-1001
2015-04-21 22:18 - 2015-03-06 23:47 - 00000000 ____D () C:\Users\email_000\AppData\Local\Battle.net
2015-04-21 21:08 - 2014-10-21 16:34 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForemail_000
2015-04-21 21:08 - 2014-10-21 16:34 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForemail_000.job
2015-04-21 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 14:10 - 2014-10-21 11:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 12:46 - 2014-05-30 17:23 - 00000000 ____D () C:\ProgramData\AMD
2015-04-20 12:45 - 2014-05-30 17:22 - 00000000 ____D () C:\Program Files\AMD
2015-04-20 12:25 - 2015-01-12 03:09 - 00000000 ____D () C:\AMD
2015-04-19 15:36 - 2014-11-17 01:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-19 15:35 - 2014-11-17 01:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-19 11:53 - 2014-10-20 14:28 - 00000000 ____D () C:\Hry
2015-04-18 09:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-17 22:51 - 2015-02-26 13:53 - 00000000 ____D () C:\Users\email_000\Desktop\RS
2015-04-17 22:21 - 2014-04-19 05:24 - 00768392 _____ () C:\Windows\system32\perfh005.dat
2015-04-17 22:21 - 2014-04-19 05:24 - 00166490 _____ () C:\Windows\system32\perfc005.dat
2015-04-17 22:21 - 2013-08-26 08:09 - 01883104 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 18:17 - 2014-10-20 22:14 - 00000000 ____D () C:\BackupPC
2015-04-17 15:34 - 2014-10-20 22:15 - 00000000 ____D () C:\Users\email_000\Desktop\Random
2015-04-16 17:43 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-16 17:42 - 2014-12-28 14:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 13:39 - 2014-10-20 22:10 - 00000000 ____D () C:\Škola
2015-04-16 12:45 - 2014-10-26 13:17 - 01448448 ___SH () C:\Users\email_000\Desktop\Thumbs.db
2015-04-16 12:16 - 2015-03-06 23:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-16 11:09 - 2014-11-01 14:44 - 00000000 ___RD () C:\Dropbox
2015-04-16 11:08 - 2014-11-01 14:40 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Dropbox
2015-04-15 13:34 - 2015-03-14 12:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 13:32 - 2014-10-23 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:23 - 2014-12-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-15 13:23 - 2014-10-23 23:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 13:16 - 2013-08-22 15:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-15 11:36 - 2014-11-12 14:08 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 18:23 - 2014-10-20 16:20 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2015-03-12 17:25 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-12 17:25 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 23:41 - 2014-11-01 14:42 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-12 22:47 - 2014-11-06 23:19 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\iFunBox.NXGen
2015-04-12 22:42 - 2014-10-23 21:34 - 00000000 ____D () C:\iPhone
2015-04-12 21:38 - 2015-01-02 19:17 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\OBS
2015-04-11 21:52 - 2015-01-02 19:19 - 00000000 ____D () C:\Fraps rec
2015-04-11 21:48 - 2015-01-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-06 20:19 - 2014-10-23 20:58 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\vlc
2015-04-05 15:38 - 2015-02-09 16:05 - 456868850 _____ () C:\Windows\MEMORY.DMP
2015-04-05 15:38 - 2014-10-23 00:08 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 14:44 - 2015-03-18 10:20 - 00000000 ____D () C:\LoLReplays
2015-04-04 10:52 - 2014-10-23 14:16 - 00000000 ____D () C:\Users\email_000\Documents\My Games
2015-04-04 10:51 - 2014-11-18 00:22 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-03 21:21 - 2014-10-23 14:20 - 00000000 ____D () C:\ProgramData\Codemasters
2015-04-03 11:17 - 2014-10-23 13:21 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-04-03 10:39 - 2014-05-30 17:35 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-31 22:46 - 2014-04-02 23:11 - 11083488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 01358192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-03-30 16:22 - 2014-10-26 17:56 - 00000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-29 13:19 - 2015-01-31 22:21 - 00001281 _____ () C:\Users\email_000\Desktop\After Effects.lnk
2015-03-25 15:34 - 2014-10-20 16:08 - 00000000 ____D () C:\Users\email_000\AppData\Local\Razer
2015-03-25 15:34 - 2014-10-20 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-25 15:34 - 2014-10-20 15:22 - 00000000 ____D () C:\ProgramData\Razer
2015-03-25 11:22 - 2014-11-19 01:35 - 00037718 _____ () C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2015-03-29 12:40 - 2015-03-29 12:42 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-10-26 13:17 - 2014-10-26 14:01 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2014-10-26 17:56 - 2015-03-30 16:22 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-17 12:22 - 2014-12-17 12:31 - 0000600 _____ () C:\Users\email_000\AppData\Local\PUTTY.RND
2014-11-16 23:40 - 2014-11-16 23:40 - 0000016 _____ () C:\ProgramData\mntemp
Some content of TEMP:
====================
C:\Users\email_000\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\email_000\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\email_000\AppData\Local\Temp\AutoRun.exe
C:\Users\email_000\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\email_000\AppData\Local\Temp\CH.dll
C:\Users\email_000\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\email_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxbkig.dll
C:\Users\email_000\AppData\Local\Temp\EAInstall.dll
C:\Users\email_000\AppData\Local\Temp\eauninstall.exe
C:\Users\email_000\AppData\Local\Temp\Extract.exe
C:\Users\email_000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\email_000\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\email_000\AppData\Local\Temp\PidGenX.dll
C:\Users\email_000\AppData\Local\Temp\raptrpatch.exe
C:\Users\email_000\AppData\Local\Temp\raptr_stub.exe
C:\Users\email_000\AppData\Local\Temp\Social%20Club%20v1.1.5.8%20Setup.exe
C:\Users\email_000\AppData\Local\Temp\SP67280.exe
C:\Users\email_000\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-18 09:01
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 01
Ran by email_000 (administrator) on 355G2 on 24-04-2015 19:34:40
Running from C:\Users\email_000\Desktop
Loaded Profiles: email_000 & (Available profiles: email_000)
Platform: Windows 8 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\email_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Spotify Web Helper] => C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-15] (Spotify Ltd)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-15] (Spotify Ltd)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\CCleaner64.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkinSpotlightsReplays.RELEASE – zástupce.lnk [2015-03-18]
ShortcutTarget: SkinSpotlightsReplays.RELEASE – zástupce.lnk -> C:\Downloads\LoLCameraSharp 5.5\SkinSpotlightsReplays.RELEASE.exe ()
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh – zástupce.lnk [2015-03-18]
ShortcutTarget: SynTPEnh – zástupce.lnk -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2796280922-3190028296-2612705438-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\email_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\email_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\cs@dictionaries.addons.mozilla.org [2014-11-10]
FF Extension: United States English Spellchecker - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-11-04]
FF Extension: FavIconReloader - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\FavIconReloader@mozilla.org [2014-10-23]
FF Extension: LastPass - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\support@lastpass.com [2015-04-23]
FF Extension: Download videos and MP3s from YouTube - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-20]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-10-20]
FF Extension: KodyRabatowe.pl - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\coupon.checker@kodyrabatowe.pl.xpi [2014-10-20]
FF Extension: Firebug - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-20]
FF Extension: MEGA - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firefox@mega.co.nz.xpi [2015-04-12]
FF Extension: Emoji Cheatsheet for GitHub, Basecamp etc. - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2014-11-01]
FF Extension: Reddit Enhancement Suite - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-10-20]
FF Extension: PopVideo - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\lmnPopVideo@lshai.com.xpi [2014-10-20]
FF Extension: Personas Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\personas@christopher.beard.xpi [2014-10-20]
FF Extension: Google Translator for Firefox - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\translator@zoli.bod.xpi [2014-10-20]
FF Extension: YouTube High Definition - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-22]
FF Extension: Facebook Photo Zoom - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2014-10-30]
FF Extension: Video DownloadHelper - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: QuickNote - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-10-20]
FF Extension: Adblock Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]
FF Extension: Greasemonkey - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-20]
FF HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-13]
FF HKU\S-1-5-21-2796280922-3190028296-2612705438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR Profile: C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (YouTube) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-11-04]
CHR Extension: (Adblock Plus) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07]
CHR Extension: (Google Search) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Bookmark Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-31] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-09] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-16] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-21] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [105176 2007-04-13] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-10-21] (Realtek Semiconductor Corporation )
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-02-04] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 19:34 - 2015-04-24 19:35 - 00027994 _____ () C:\Users\email_000\Desktop\FRST.txt
2015-04-23 22:47 - 2015-04-23 22:48 - 00040519 _____ () C:\Users\email_000\Desktop\Addition1.txt
2015-04-23 22:45 - 2015-04-23 22:48 - 00059467 _____ () C:\Users\email_000\Desktop\FRST1.txt
2015-04-23 22:41 - 2015-04-24 19:35 - 00000000 ____D () C:\FRST
2015-04-23 22:37 - 2015-04-23 22:37 - 02099712 _____ (Farbar) C:\Users\email_000\Desktop\FRST64.exe
2015-04-23 22:16 - 2015-04-23 22:16 - 00000000 ____D () C:\rsit
2015-04-23 22:16 - 2015-04-23 22:16 - 00000000 ____D () C:\Program Files\trend micro
2015-04-21 21:06 - 2015-04-21 21:06 - 00000000 ____D () C:\Users\email_000\AppData\Local\Blizzard
2015-04-20 12:50 - 2015-04-20 12:50 - 00000000 ____D () C:\ProgramData\ATI
2015-04-20 12:46 - 2015-04-20 12:46 - 00058394 _____ () C:\Windows\SysWOW64\CCCInstall_201504201246197774.log
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-20 12:45 - 2015-04-20 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-20 12:39 - 2015-04-20 12:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-20 10:02 - 2015-04-24 18:07 - 00003488 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-19 14:34 - 2015-04-20 22:18 - 00001703 _____ () C:\Users\email_000\Desktop\Grand Theft Auto V.lnk
2015-04-18 13:26 - 2015-04-18 13:26 - 00000080 _____ () C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-04-18 13:26 - 2015-04-18 13:26 - 00000000 ____D () C:\Users\email_000\AppData\Local\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:00 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-18 13:13 - 2015-04-18 13:13 - 00000000 ____D () C:\Users\email_000\Documents\Rockstar Games
2015-04-17 20:49 - 2015-04-17 20:49 - 00001415 _____ () C:\Users\email_000\Desktop\SS Replays.lnk
2015-04-17 20:47 - 2015-04-17 20:47 - 00001052 _____ () C:\Users\email_000\Desktop\Shadow Warrior.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000992 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-15 13:34 - 2015-04-15 13:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:42 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:42 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 11:42 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 11:42 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:42 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 11:42 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 11:42 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 11:42 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 11:42 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 11:42 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 11:42 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 11:41 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:41 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:41 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:41 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:41 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:41 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:41 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 11:41 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:41 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 11:41 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:41 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-06 08:28 - 2015-04-06 08:31 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 08:28 - 2015-04-06 08:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 15:38 - 2015-04-05 15:44 - 01089320 _____ () C:\Windows\Minidump\040515-140250-01.dmp
2015-04-05 14:54 - 2015-04-05 14:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Sony Creative Software Inc
2015-04-03 23:58 - 2015-04-04 11:02 - 00000906 _____ () C:\Users\Public\Desktop\Far Cry 4.lnk
2015-04-03 23:58 - 2015-04-03 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-04-03 21:21 - 2015-04-03 21:21 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Steam
2015-04-03 15:40 - 2015-04-03 15:40 - 00000000 ____D () C:\Users\email_000\Documents\Electronic Arts
2015-04-03 15:15 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-03 10:39 - 2015-04-03 10:39 - 00003162 _____ () C:\Windows\System32\Tasks\CLVDLauncher
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\Users\email_000\Documents\REAPER Media
2015-04-01 21:41 - 2015-04-01 21:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\REAPER
2015-03-31 22:47 - 2015-03-31 22:47 - 00450744 _____ () C:\Windows\system32\amdmiracast.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00102128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00096448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 09406624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 01134688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-03-31 22:43 - 2015-03-31 22:43 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-03-31 22:41 - 2015-03-31 22:41 - 19338752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-03-31 22:33 - 2015-03-31 22:33 - 47902208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 40990208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 07915520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 06375936 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00134656 _____ () C:\Windows\system32\amdhdl64.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 05837824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-03-31 22:18 - 2015-03-31 22:18 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2015-03-31 22:17 - 2015-03-31 22:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\system32\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-03-31 22:16 - 2015-03-31 22:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2015-03-31 22:13 - 2015-03-31 22:13 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-03-31 22:09 - 2015-03-31 22:09 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-03-31 16:37 - 2015-03-31 16:37 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2015-03-31 16:35 - 2015-03-31 16:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2015-03-30 16:15 - 2015-03-30 16:15 - 00000112 ____H () C:\9D3A1B22EF28
2015-03-30 16:06 - 2015-03-30 16:07 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\WiseUpdate
2015-03-29 12:39 - 2015-03-29 12:42 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 19:33 - 2014-11-04 19:18 - 00000972 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 19:33 - 2014-10-20 16:10 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\uTorrent
2015-04-24 19:23 - 2014-10-20 16:20 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-24 19:17 - 2014-10-20 16:13 - 00000000 ____D () C:\Filmy
2015-04-24 19:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-24 19:01 - 2014-10-23 13:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 18:29 - 2014-10-21 13:49 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 355G2-email_000 355G2
2015-04-24 18:28 - 2014-11-17 01:36 - 01403999 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 18:14 - 2014-10-20 14:14 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BDA785C3-9C21-473B-B645-C421914F8BE9}
2015-04-24 18:11 - 2014-10-20 13:52 - 00000000 ____D () C:\Users\email_000\Documents\Youcam
2015-04-24 18:08 - 2014-11-04 19:18 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 18:08 - 2014-10-20 13:53 - 00000000 ___DO () C:\Users\email_000\OneDrive
2015-04-24 18:08 - 2014-10-20 13:48 - 00000000 ____D () C:\Users\email_000
2015-04-24 18:06 - 2014-05-30 17:32 - 06643429 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-24 18:06 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 18:05 - 2014-12-03 20:10 - 00031407 _____ () C:\Windows\setupact.log
2015-04-24 14:12 - 2014-10-20 16:13 - 00000000 ____D () C:\Torrent
2015-04-24 10:52 - 2014-12-01 17:17 - 00000000 ____D () C:\Program Files\KMSnano
2015-04-24 10:51 - 2014-10-20 16:20 - 00000000 ____D () C:\Users\email_000\AppData\Local\Adobe
2015-04-24 10:47 - 2014-10-20 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 00:21 - 2014-05-30 17:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-24 00:21 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-23 11:05 - 2014-10-20 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 21:49 - 2014-10-20 13:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2796280922-3190028296-2612705438-1001
2015-04-21 22:18 - 2015-03-06 23:47 - 00000000 ____D () C:\Users\email_000\AppData\Local\Battle.net
2015-04-21 21:08 - 2014-10-21 16:34 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForemail_000
2015-04-21 21:08 - 2014-10-21 16:34 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForemail_000.job
2015-04-21 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 14:10 - 2014-10-21 11:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 12:46 - 2014-05-30 17:23 - 00000000 ____D () C:\ProgramData\AMD
2015-04-20 12:45 - 2014-05-30 17:22 - 00000000 ____D () C:\Program Files\AMD
2015-04-20 12:25 - 2015-01-12 03:09 - 00000000 ____D () C:\AMD
2015-04-19 15:36 - 2014-11-17 01:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-19 15:35 - 2014-11-17 01:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-19 11:53 - 2014-10-20 14:28 - 00000000 ____D () C:\Hry
2015-04-18 09:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-17 22:51 - 2015-02-26 13:53 - 00000000 ____D () C:\Users\email_000\Desktop\RS
2015-04-17 22:21 - 2014-04-19 05:24 - 00768392 _____ () C:\Windows\system32\perfh005.dat
2015-04-17 22:21 - 2014-04-19 05:24 - 00166490 _____ () C:\Windows\system32\perfc005.dat
2015-04-17 22:21 - 2013-08-26 08:09 - 01883104 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 18:17 - 2014-10-20 22:14 - 00000000 ____D () C:\BackupPC
2015-04-17 15:34 - 2014-10-20 22:15 - 00000000 ____D () C:\Users\email_000\Desktop\Random
2015-04-16 17:43 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-16 17:42 - 2014-12-28 14:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 13:39 - 2014-10-20 22:10 - 00000000 ____D () C:\Škola
2015-04-16 12:45 - 2014-10-26 13:17 - 01448448 ___SH () C:\Users\email_000\Desktop\Thumbs.db
2015-04-16 12:16 - 2015-03-06 23:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-16 11:09 - 2014-11-01 14:44 - 00000000 ___RD () C:\Dropbox
2015-04-16 11:08 - 2014-11-01 14:40 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Dropbox
2015-04-15 13:34 - 2015-03-14 12:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 13:32 - 2014-10-23 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:23 - 2014-12-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-15 13:23 - 2014-10-23 23:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 13:16 - 2013-08-22 15:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-15 11:36 - 2014-11-12 14:08 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 18:23 - 2014-10-20 16:20 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2015-03-12 17:25 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-12 17:25 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 23:41 - 2014-11-01 14:42 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-12 22:47 - 2014-11-06 23:19 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\iFunBox.NXGen
2015-04-12 22:42 - 2014-10-23 21:34 - 00000000 ____D () C:\iPhone
2015-04-12 21:38 - 2015-01-02 19:17 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\OBS
2015-04-11 21:52 - 2015-01-02 19:19 - 00000000 ____D () C:\Fraps rec
2015-04-11 21:48 - 2015-01-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-06 20:19 - 2014-10-23 20:58 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\vlc
2015-04-05 15:38 - 2015-02-09 16:05 - 456868850 _____ () C:\Windows\MEMORY.DMP
2015-04-05 15:38 - 2014-10-23 00:08 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 14:44 - 2015-03-18 10:20 - 00000000 ____D () C:\LoLReplays
2015-04-04 10:52 - 2014-10-23 14:16 - 00000000 ____D () C:\Users\email_000\Documents\My Games
2015-04-04 10:51 - 2014-11-18 00:22 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-03 21:21 - 2014-10-23 14:20 - 00000000 ____D () C:\ProgramData\Codemasters
2015-04-03 11:17 - 2014-10-23 13:21 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-04-03 10:39 - 2014-05-30 17:35 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-31 22:46 - 2014-04-02 23:11 - 11083488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 01358192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-03-30 16:22 - 2014-10-26 17:56 - 00000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-29 13:19 - 2015-01-31 22:21 - 00001281 _____ () C:\Users\email_000\Desktop\After Effects.lnk
2015-03-25 15:34 - 2014-10-20 16:08 - 00000000 ____D () C:\Users\email_000\AppData\Local\Razer
2015-03-25 15:34 - 2014-10-20 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-25 15:34 - 2014-10-20 15:22 - 00000000 ____D () C:\ProgramData\Razer
2015-03-25 11:22 - 2014-11-19 01:35 - 00037718 _____ () C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2015-03-29 12:40 - 2015-03-29 12:42 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-10-26 13:17 - 2014-10-26 14:01 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2014-10-26 17:56 - 2015-03-30 16:22 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-17 12:22 - 2014-12-17 12:31 - 0000600 _____ () C:\Users\email_000\AppData\Local\PUTTY.RND
2014-11-16 23:40 - 2014-11-16 23:40 - 0000016 _____ () C:\ProgramData\mntemp
Some content of TEMP:
====================
C:\Users\email_000\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\email_000\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\email_000\AppData\Local\Temp\AutoRun.exe
C:\Users\email_000\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\email_000\AppData\Local\Temp\CH.dll
C:\Users\email_000\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\email_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxbkig.dll
C:\Users\email_000\AppData\Local\Temp\EAInstall.dll
C:\Users\email_000\AppData\Local\Temp\eauninstall.exe
C:\Users\email_000\AppData\Local\Temp\Extract.exe
C:\Users\email_000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\email_000\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\email_000\AppData\Local\Temp\PidGenX.dll
C:\Users\email_000\AppData\Local\Temp\raptrpatch.exe
C:\Users\email_000\AppData\Local\Temp\raptr_stub.exe
C:\Users\email_000\AppData\Local\Temp\Social%20Club%20v1.1.5.8%20Setup.exe
C:\Users\email_000\AppData\Local\Temp\SP67280.exe
C:\Users\email_000\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-18 09:01
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Jelikož jsem myslel, že už nikdo neodpoví, tak jsem AdwCleaner projel už předevčírem, protože jsem si ho všimnul, když jsem se díval do ostatních příspěvků. Děkuji. Taky jsem ještě včera nechal počítač zkontrolovat Malwarebytes Antirootkit utilitou a ta nic nenašla, počítač teda celkem šlape bez problémů, jen ta jistota 
# AdwCleaner v4.202 - Log vytvořen 24/04/2015 v 21:32:39
# Aktualizováno 23/04/2015 by Xplode
# Databáze : 2015-04-23.2 [Server]
# Operační system : Windows 8 Pro (x64)
# Uživatelské jméno : email_000 - 355G2
# Spuštěno z : C:\Downloads\adwcleaner_4.202.exe
# Nastavení : Sken
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Nalezeno : C:\Users\email_000\AppData\Roaming\dvdvideosoftiehelpers
Soubor Nalezeno : C:\Users\EMAIL_~1\AppData\Local\Temp\Uninstall.exe
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Nalezeno : HKCU\Software\Classes\pokki
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 cs)
-\\ Google Chrome v42.0.2311.90
*************************
AdwCleaner[R0].txt - [1606 bytů] - [24/04/2015 21:32:39]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1664 bytů] ##########
# AdwCleaner v4.202 - Log vytvořen 24/04/2015 v 21:34:18
# Aktualizováno 23/04/2015 by Xplode
# Databáze : 2015-04-23.2 [Server]
# Operační system : Windows 8 Pro (x64)
# Uživatelské jméno : email_000 - 355G2
# Spuštěno z : C:\Downloads\adwcleaner_4.202.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\Users\email_000\AppData\Roaming\dvdvideosoftiehelpers
Soubor Smazáno : C:\Users\EMAIL_~1\AppData\Local\Temp\Uninstall.exe
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKCU\Software\Classes\pokki
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 cs)
-\\ Google Chrome v42.0.2311.90
*************************
AdwCleaner[R0].txt - [1750 bytů] - [24/04/2015 21:32:39]
AdwCleaner[S0].txt - [1657 bytů] - [24/04/2015 21:34:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1715 bytů] ##########
# AdwCleaner v4.202 - Log vytvořen 24/04/2015 v 21:32:39
# Aktualizováno 23/04/2015 by Xplode
# Databáze : 2015-04-23.2 [Server]
# Operační system : Windows 8 Pro (x64)
# Uživatelské jméno : email_000 - 355G2
# Spuštěno z : C:\Downloads\adwcleaner_4.202.exe
# Nastavení : Sken
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Nalezeno : C:\Users\email_000\AppData\Roaming\dvdvideosoftiehelpers
Soubor Nalezeno : C:\Users\EMAIL_~1\AppData\Local\Temp\Uninstall.exe
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Nalezeno : HKCU\Software\Classes\pokki
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 cs)
-\\ Google Chrome v42.0.2311.90
*************************
AdwCleaner[R0].txt - [1606 bytů] - [24/04/2015 21:32:39]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1664 bytů] ##########
# AdwCleaner v4.202 - Log vytvořen 24/04/2015 v 21:34:18
# Aktualizováno 23/04/2015 by Xplode
# Databáze : 2015-04-23.2 [Server]
# Operační system : Windows 8 Pro (x64)
# Uživatelské jméno : email_000 - 355G2
# Spuštěno z : C:\Downloads\adwcleaner_4.202.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\Users\email_000\AppData\Roaming\dvdvideosoftiehelpers
Soubor Smazáno : C:\Users\EMAIL_~1\AppData\Local\Temp\Uninstall.exe
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKCU\Software\Classes\pokki
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 cs)
-\\ Google Chrome v42.0.2311.90
*************************
AdwCleaner[R0].txt - [1750 bytů] - [24/04/2015 21:32:39]
AdwCleaner[S0].txt - [1657 bytů] - [24/04/2015 21:34:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1715 bytů] ##########
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Zde
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by email_000 (administrator) on 355G2 on 26-04-2015 22:34:50
Running from C:\Users\email_000\Desktop
Loaded Profiles: email_000 (Available profiles: email_000)
Platform: Windows 8 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\email_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Spotify Web Helper] => C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-15] (Spotify Ltd)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\CCleaner64.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkinSpotlightsReplays.RELEASE – zástupce.lnk [2015-03-18]
ShortcutTarget: SkinSpotlightsReplays.RELEASE – zástupce.lnk -> C:\Downloads\LoLCameraSharp 5.5\SkinSpotlightsReplays.RELEASE.exe ()
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh – zástupce.lnk [2015-03-18]
ShortcutTarget: SynTPEnh – zástupce.lnk -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2796280922-3190028296-2612705438-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\email_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\cs@dictionaries.addons.mozilla.org [2014-11-10]
FF Extension: United States English Spellchecker - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-11-04]
FF Extension: FavIconReloader - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\FavIconReloader@mozilla.org [2014-10-23]
FF Extension: LastPass - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\support@lastpass.com [2015-04-23]
FF Extension: Download videos and MP3s from YouTube - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-20]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-10-20]
FF Extension: KodyRabatowe.pl - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\coupon.checker@kodyrabatowe.pl.xpi [2014-10-20]
FF Extension: Firebug - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-20]
FF Extension: MEGA - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firefox@mega.co.nz.xpi [2015-04-12]
FF Extension: Emoji Cheatsheet for GitHub, Basecamp etc. - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2014-11-01]
FF Extension: Reddit Enhancement Suite - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-10-20]
FF Extension: PopVideo - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\lmnPopVideo@lshai.com.xpi [2014-10-20]
FF Extension: Personas Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\personas@christopher.beard.xpi [2014-10-20]
FF Extension: Google Translator for Firefox - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\translator@zoli.bod.xpi [2014-10-20]
FF Extension: YouTube High Definition - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-22]
FF Extension: Facebook Photo Zoom - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2014-10-30]
FF Extension: Video DownloadHelper - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: QuickNote - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-10-20]
FF Extension: Adblock Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]
FF Extension: Greasemonkey - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-20]
FF HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-13]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR Profile: C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (YouTube) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-11-04]
CHR Extension: (Adblock Plus) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07]
CHR Extension: (Google Search) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Bookmark Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-31] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-09] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-16] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-21] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [105176 2007-04-13] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-10-21] (Realtek Semiconductor Corporation )
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-02-04] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 22:34 - 2015-04-26 22:35 - 00026043 _____ () C:\Users\email_000\Desktop\FRST.txt
2015-04-25 14:25 - 2015-04-25 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-25 14:20 - 2015-04-25 14:20 - 00000000 ____D () C:\MBAR
2015-04-24 23:00 - 2015-04-24 23:00 - 00000000 ____D () C:\Pendulum Samples
2015-04-24 21:32 - 2015-04-24 21:34 - 00000000 ____D () C:\AdwCleaner
2015-04-23 22:41 - 2015-04-26 22:35 - 00000000 ____D () C:\FRST
2015-04-23 22:37 - 2015-04-26 22:17 - 02101248 _____ (Farbar) C:\Users\email_000\Desktop\FRST64.exe
2015-04-23 22:16 - 2015-04-24 19:43 - 00000000 ____D () C:\Program Files\trend micro
2015-04-23 22:16 - 2015-04-23 22:16 - 00000000 ____D () C:\rsit
2015-04-21 21:06 - 2015-04-21 21:06 - 00000000 ____D () C:\Users\email_000\AppData\Local\Blizzard
2015-04-20 12:50 - 2015-04-20 12:50 - 00000000 ____D () C:\ProgramData\ATI
2015-04-20 12:46 - 2015-04-20 12:46 - 00058394 _____ () C:\Windows\SysWOW64\CCCInstall_201504201246197774.log
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-20 12:45 - 2015-04-20 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-20 12:39 - 2015-04-20 12:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-20 10:02 - 2015-04-26 21:26 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-19 14:34 - 2015-04-20 22:18 - 00001703 _____ () C:\Users\email_000\Desktop\Grand Theft Auto V.lnk
2015-04-18 13:26 - 2015-04-18 13:26 - 00000080 _____ () C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-04-18 13:26 - 2015-04-18 13:26 - 00000000 ____D () C:\Users\email_000\AppData\Local\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:00 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-18 13:13 - 2015-04-18 13:13 - 00000000 ____D () C:\Users\email_000\Documents\Rockstar Games
2015-04-17 20:49 - 2015-04-17 20:49 - 00001415 _____ () C:\Users\email_000\Desktop\SS Replays.lnk
2015-04-17 20:47 - 2015-04-17 20:47 - 00001052 _____ () C:\Users\email_000\Desktop\Shadow Warrior.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000992 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-15 13:34 - 2015-04-15 13:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:42 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:42 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 11:42 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 11:42 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:42 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 11:42 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 11:42 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 11:42 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 11:42 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 11:42 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 11:42 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 11:41 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:41 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:41 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:41 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:41 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:41 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:41 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 11:41 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:41 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 11:41 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:41 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-06 08:28 - 2015-04-06 08:31 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 08:28 - 2015-04-06 08:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 15:38 - 2015-04-05 15:44 - 01089320 _____ () C:\Windows\Minidump\040515-140250-01.dmp
2015-04-05 14:54 - 2015-04-05 14:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Sony Creative Software Inc
2015-04-03 23:58 - 2015-04-04 11:02 - 00000906 _____ () C:\Users\Public\Desktop\Far Cry 4.lnk
2015-04-03 23:58 - 2015-04-03 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-04-03 21:21 - 2015-04-03 21:21 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Steam
2015-04-03 15:40 - 2015-04-03 15:40 - 00000000 ____D () C:\Users\email_000\Documents\Electronic Arts
2015-04-03 15:15 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-03 10:39 - 2015-04-03 10:39 - 00003162 _____ () C:\Windows\System32\Tasks\CLVDLauncher
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\Users\email_000\Documents\REAPER Media
2015-04-01 21:41 - 2015-04-01 21:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\REAPER
2015-03-31 22:47 - 2015-03-31 22:47 - 00450744 _____ () C:\Windows\system32\amdmiracast.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00102128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00096448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 09406624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 01134688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-03-31 22:43 - 2015-03-31 22:43 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-03-31 22:41 - 2015-03-31 22:41 - 19338752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-03-31 22:33 - 2015-03-31 22:33 - 47902208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 40990208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 07915520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 06375936 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00134656 _____ () C:\Windows\system32\amdhdl64.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 05837824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-03-31 22:18 - 2015-03-31 22:18 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2015-03-31 22:17 - 2015-03-31 22:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\system32\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-03-31 22:16 - 2015-03-31 22:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2015-03-31 22:13 - 2015-03-31 22:13 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-03-31 22:09 - 2015-03-31 22:09 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-03-31 16:37 - 2015-03-31 16:37 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2015-03-31 16:35 - 2015-03-31 16:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2015-03-30 16:15 - 2015-03-30 16:15 - 00000112 ____H () C:\9D3A1B22EF28
2015-03-30 16:06 - 2015-03-30 16:07 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\WiseUpdate
2015-03-29 12:39 - 2015-03-29 12:42 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 22:33 - 2014-11-04 19:18 - 00000972 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 22:28 - 2014-10-21 13:49 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 355G2-email_000 355G2
2015-04-26 22:23 - 2014-10-20 16:20 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-26 21:54 - 2014-11-17 01:36 - 01729694 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 21:39 - 2014-10-23 13:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 21:38 - 2014-10-20 13:52 - 00000000 ____D () C:\Users\email_000\Documents\Youcam
2015-04-26 21:35 - 2014-12-01 17:17 - 00000000 ____D () C:\Program Files\KMSnano
2015-04-26 21:35 - 2014-10-20 13:53 - 00000000 ___DO () C:\Users\email_000\OneDrive
2015-04-26 21:34 - 2014-11-04 19:18 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 21:26 - 2014-05-30 17:32 - 06706701 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-26 21:25 - 2014-12-03 20:10 - 00031639 _____ () C:\Windows\setupact.log
2015-04-26 21:25 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 15:39 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-26 15:38 - 2014-05-30 17:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-26 13:06 - 2014-10-20 16:20 - 00000000 ____D () C:\Users\email_000\AppData\Local\Adobe
2015-04-26 13:06 - 2014-10-20 14:14 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BDA785C3-9C21-473B-B645-C421914F8BE9}
2015-04-25 21:08 - 2014-10-21 16:34 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForemail_000
2015-04-25 21:08 - 2014-10-21 16:34 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForemail_000.job
2015-04-25 14:20 - 2014-10-23 13:22 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 11:42 - 2014-10-26 12:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-24 21:34 - 2014-10-20 13:48 - 00000000 ____D () C:\Users\email_000
2015-04-24 21:30 - 2014-10-20 16:10 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\uTorrent
2015-04-24 19:17 - 2014-10-20 16:13 - 00000000 ____D () C:\Filmy
2015-04-24 14:12 - 2014-10-20 16:13 - 00000000 ____D () C:\Torrent
2015-04-24 10:47 - 2014-10-20 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-23 11:05 - 2014-10-20 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 21:49 - 2014-10-20 13:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2796280922-3190028296-2612705438-1001
2015-04-21 22:18 - 2015-03-06 23:47 - 00000000 ____D () C:\Users\email_000\AppData\Local\Battle.net
2015-04-21 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 14:10 - 2014-10-21 11:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 12:46 - 2014-05-30 17:23 - 00000000 ____D () C:\ProgramData\AMD
2015-04-20 12:45 - 2014-05-30 17:22 - 00000000 ____D () C:\Program Files\AMD
2015-04-20 12:25 - 2015-01-12 03:09 - 00000000 ____D () C:\AMD
2015-04-19 15:36 - 2014-11-17 01:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-19 15:35 - 2014-11-17 01:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-19 11:53 - 2014-10-20 14:28 - 00000000 ____D () C:\Hry
2015-04-18 09:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-17 22:51 - 2015-02-26 13:53 - 00000000 ____D () C:\Users\email_000\Desktop\RS
2015-04-17 22:21 - 2014-04-19 05:24 - 00768392 _____ () C:\Windows\system32\perfh005.dat
2015-04-17 22:21 - 2014-04-19 05:24 - 00166490 _____ () C:\Windows\system32\perfc005.dat
2015-04-17 22:21 - 2013-08-26 08:09 - 01883104 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 18:17 - 2014-10-20 22:14 - 00000000 ____D () C:\BackupPC
2015-04-17 15:34 - 2014-10-20 22:15 - 00000000 ____D () C:\Users\email_000\Desktop\Random
2015-04-16 17:43 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-16 17:42 - 2014-12-28 14:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 13:39 - 2014-10-20 22:10 - 00000000 ____D () C:\Škola
2015-04-16 12:45 - 2014-10-26 13:17 - 01448448 ___SH () C:\Users\email_000\Desktop\Thumbs.db
2015-04-16 12:16 - 2015-03-06 23:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-16 11:09 - 2014-11-01 14:44 - 00000000 ___RD () C:\Dropbox
2015-04-16 11:08 - 2014-11-01 14:40 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Dropbox
2015-04-15 13:34 - 2015-03-14 12:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 13:32 - 2014-10-23 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:23 - 2014-12-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-15 13:23 - 2014-10-23 23:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 13:16 - 2013-08-22 15:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-15 11:36 - 2014-11-12 14:08 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 18:23 - 2014-10-20 16:20 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2015-03-12 17:25 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-12 17:25 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 23:41 - 2014-11-01 14:42 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-12 22:47 - 2014-11-06 23:19 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\iFunBox.NXGen
2015-04-12 22:42 - 2014-10-23 21:34 - 00000000 ____D () C:\iPhone
2015-04-12 21:38 - 2015-01-02 19:17 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\OBS
2015-04-11 21:52 - 2015-01-02 19:19 - 00000000 ____D () C:\Fraps rec
2015-04-11 21:48 - 2015-01-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-06 20:19 - 2014-10-23 20:58 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\vlc
2015-04-05 15:38 - 2015-02-09 16:05 - 456868850 _____ () C:\Windows\MEMORY.DMP
2015-04-05 15:38 - 2014-10-23 00:08 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 14:44 - 2015-03-18 10:20 - 00000000 ____D () C:\LoLReplays
2015-04-04 10:52 - 2014-10-23 14:16 - 00000000 ____D () C:\Users\email_000\Documents\My Games
2015-04-04 10:51 - 2014-11-18 00:22 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-03 21:21 - 2014-10-23 14:20 - 00000000 ____D () C:\ProgramData\Codemasters
2015-04-03 11:17 - 2014-10-23 13:21 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-04-03 10:39 - 2014-05-30 17:35 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-31 22:46 - 2014-04-02 23:11 - 11083488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 01358192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-03-30 16:22 - 2014-10-26 17:56 - 00000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-29 13:19 - 2015-01-31 22:21 - 00001281 _____ () C:\Users\email_000\Desktop\After Effects.lnk
==================== Files in the root of some directories =======
2015-03-29 12:40 - 2015-03-29 12:42 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-10-26 13:17 - 2014-10-26 14:01 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2014-10-26 17:56 - 2015-03-30 16:22 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-17 12:22 - 2014-12-17 12:31 - 0000600 _____ () C:\Users\email_000\AppData\Local\PUTTY.RND
2014-11-16 23:40 - 2014-11-16 23:40 - 0000016 _____ () C:\ProgramData\mntemp
Some content of TEMP:
====================
C:\Users\email_000\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\email_000\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\email_000\AppData\Local\Temp\AutoRun.exe
C:\Users\email_000\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\email_000\AppData\Local\Temp\CH.dll
C:\Users\email_000\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\email_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxbkig.dll
C:\Users\email_000\AppData\Local\Temp\EAInstall.dll
C:\Users\email_000\AppData\Local\Temp\eauninstall.exe
C:\Users\email_000\AppData\Local\Temp\Extract.exe
C:\Users\email_000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\email_000\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\email_000\AppData\Local\Temp\PidGenX.dll
C:\Users\email_000\AppData\Local\Temp\Quarantine.exe
C:\Users\email_000\AppData\Local\Temp\raptrpatch.exe
C:\Users\email_000\AppData\Local\Temp\raptr_stub.exe
C:\Users\email_000\AppData\Local\Temp\Social%20Club%20v1.1.5.8%20Setup.exe
C:\Users\email_000\AppData\Local\Temp\SP67280.exe
C:\Users\email_000\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-26 21:53
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by email_000 (administrator) on 355G2 on 26-04-2015 22:34:50
Running from C:\Users\email_000\Desktop
Loaded Profiles: email_000 (Available profiles: email_000)
Platform: Windows 8 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\email_000\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Spotify Web Helper] => C:\Users\email_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-15] (Spotify Ltd)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\CCleaner64.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkinSpotlightsReplays.RELEASE – zástupce.lnk [2015-03-18]
ShortcutTarget: SkinSpotlightsReplays.RELEASE – zástupce.lnk -> C:\Downloads\LoLCameraSharp 5.5\SkinSpotlightsReplays.RELEASE.exe ()
Startup: C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh – zástupce.lnk [2015-03-18]
ShortcutTarget: SynTPEnh – zástupce.lnk -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\email_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-29] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2796280922-3190028296-2612705438-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\email_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\cs@dictionaries.addons.mozilla.org [2014-11-10]
FF Extension: United States English Spellchecker - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-11-04]
FF Extension: FavIconReloader - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\FavIconReloader@mozilla.org [2014-10-23]
FF Extension: LastPass - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\support@lastpass.com [2015-04-23]
FF Extension: Download videos and MP3s from YouTube - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-20]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-10-20]
FF Extension: KodyRabatowe.pl - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\coupon.checker@kodyrabatowe.pl.xpi [2014-10-20]
FF Extension: Firebug - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-20]
FF Extension: MEGA - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\firefox@mega.co.nz.xpi [2015-04-12]
FF Extension: Emoji Cheatsheet for GitHub, Basecamp etc. - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2014-11-01]
FF Extension: Reddit Enhancement Suite - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-10-20]
FF Extension: PopVideo - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\lmnPopVideo@lshai.com.xpi [2014-10-20]
FF Extension: Personas Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\personas@christopher.beard.xpi [2014-10-20]
FF Extension: Google Translator for Firefox - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\translator@zoli.bod.xpi [2014-10-20]
FF Extension: YouTube High Definition - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-22]
FF Extension: Facebook Photo Zoom - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2014-10-30]
FF Extension: Video DownloadHelper - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: QuickNote - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-10-20]
FF Extension: Adblock Plus - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]
FF Extension: Greasemonkey - C:\Users\email_000\AppData\Roaming\Mozilla\Firefox\Profiles\89fp0sqf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-20]
FF HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-13]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR Profile: C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (YouTube) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-11-04]
CHR Extension: (Adblock Plus) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07]
CHR Extension: (Google Search) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Bookmark Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\email_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-31] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-09] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-16] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-21] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [105176 2007-04-13] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-10-21] (Realtek Semiconductor Corporation )
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-02-04] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 22:34 - 2015-04-26 22:35 - 00026043 _____ () C:\Users\email_000\Desktop\FRST.txt
2015-04-25 14:25 - 2015-04-25 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-25 14:20 - 2015-04-25 14:20 - 00000000 ____D () C:\MBAR
2015-04-24 23:00 - 2015-04-24 23:00 - 00000000 ____D () C:\Pendulum Samples
2015-04-24 21:32 - 2015-04-24 21:34 - 00000000 ____D () C:\AdwCleaner
2015-04-23 22:41 - 2015-04-26 22:35 - 00000000 ____D () C:\FRST
2015-04-23 22:37 - 2015-04-26 22:17 - 02101248 _____ (Farbar) C:\Users\email_000\Desktop\FRST64.exe
2015-04-23 22:16 - 2015-04-24 19:43 - 00000000 ____D () C:\Program Files\trend micro
2015-04-23 22:16 - 2015-04-23 22:16 - 00000000 ____D () C:\rsit
2015-04-21 21:06 - 2015-04-21 21:06 - 00000000 ____D () C:\Users\email_000\AppData\Local\Blizzard
2015-04-20 12:50 - 2015-04-20 12:50 - 00000000 ____D () C:\ProgramData\ATI
2015-04-20 12:46 - 2015-04-20 12:46 - 00058394 _____ () C:\Windows\SysWOW64\CCCInstall_201504201246197774.log
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-04-20 12:46 - 2015-04-20 12:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-20 12:45 - 2015-04-20 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-20 12:39 - 2015-04-20 12:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-20 10:02 - 2015-04-26 21:26 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-19 14:34 - 2015-04-20 22:18 - 00001703 _____ () C:\Users\email_000\Desktop\Grand Theft Auto V.lnk
2015-04-18 13:26 - 2015-04-18 13:26 - 00000080 _____ () C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-04-18 13:26 - 2015-04-18 13:26 - 00000000 ____D () C:\Users\email_000\AppData\Local\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 13:19 - 2015-04-19 16:00 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-18 13:13 - 2015-04-18 13:13 - 00000000 ____D () C:\Users\email_000\Documents\Rockstar Games
2015-04-17 20:49 - 2015-04-17 20:49 - 00001415 _____ () C:\Users\email_000\Desktop\SS Replays.lnk
2015-04-17 20:47 - 2015-04-17 20:47 - 00001052 _____ () C:\Users\email_000\Desktop\Shadow Warrior.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000992 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-04-16 12:18 - 2015-04-16 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-15 13:34 - 2015-04-15 13:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:42 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:42 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 11:42 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:42 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 11:42 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:42 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:42 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 11:42 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 11:42 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 11:42 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 11:42 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 11:42 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 11:42 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 11:42 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 11:41 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:41 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:41 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:41 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:41 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:41 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:41 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:41 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:41 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:41 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 11:41 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:41 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 11:41 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:41 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 11:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 11:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 11:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-06 08:28 - 2015-04-06 08:31 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 08:28 - 2015-04-06 08:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 15:38 - 2015-04-05 15:44 - 01089320 _____ () C:\Windows\Minidump\040515-140250-01.dmp
2015-04-05 14:54 - 2015-04-05 14:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Sony Creative Software Inc
2015-04-03 23:58 - 2015-04-04 11:02 - 00000906 _____ () C:\Users\Public\Desktop\Far Cry 4.lnk
2015-04-03 23:58 - 2015-04-03 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-04-03 21:21 - 2015-04-03 21:21 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Steam
2015-04-03 15:40 - 2015-04-03 15:40 - 00000000 ____D () C:\Users\email_000\Documents\Electronic Arts
2015-04-03 15:15 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-03 10:39 - 2015-04-03 10:39 - 00003162 _____ () C:\Windows\System32\Tasks\CLVDLauncher
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\Users\email_000\Documents\REAPER Media
2015-04-01 21:41 - 2015-04-01 21:54 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\REAPER
2015-03-31 22:47 - 2015-03-31 22:47 - 00450744 _____ () C:\Windows\system32\amdmiracast.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00102128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00096448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-03-31 22:47 - 2015-03-31 22:47 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 09406624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 01134688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-03-31 22:43 - 2015-03-31 22:43 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-03-31 22:41 - 2015-03-31 22:41 - 19338752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-03-31 22:33 - 2015-03-31 22:33 - 47902208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2015-03-31 22:33 - 2015-03-31 22:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-03-31 22:33 - 2015-03-31 22:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 40990208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-31 22:32 - 2015-03-31 22:32 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 07915520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2015-03-31 22:30 - 2015-03-31 22:30 - 06375936 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00134656 _____ () C:\Windows\system32\amdhdl64.dll
2015-03-31 22:26 - 2015-03-31 22:26 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 05837824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-03-31 22:20 - 2015-03-31 22:20 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-03-31 22:18 - 2015-03-31 22:18 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2015-03-31 22:17 - 2015-03-31 22:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00639392 _____ () C:\Windows\system32\atiapfxx.blb
2015-03-31 22:17 - 2015-03-31 22:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-03-31 22:17 - 2015-03-31 22:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-03-31 22:17 - 2015-03-31 22:17 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-03-31 22:16 - 2015-03-31 22:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-03-31 22:14 - 2015-03-31 22:14 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2015-03-31 22:13 - 2015-03-31 22:13 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-03-31 22:13 - 2015-03-31 22:13 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-03-31 22:13 - 2015-03-31 22:13 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-03-31 22:10 - 2015-03-31 22:10 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-03-31 22:09 - 2015-03-31 22:09 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-03-31 22:09 - 2015-03-31 22:09 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-03-31 16:37 - 2015-03-31 16:37 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2015-03-31 16:35 - 2015-03-31 16:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2015-03-30 16:15 - 2015-03-30 16:15 - 00000112 ____H () C:\9D3A1B22EF28
2015-03-30 16:06 - 2015-03-30 16:07 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\WiseUpdate
2015-03-29 12:39 - 2015-03-29 12:42 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-29 12:39 - 2015-03-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 22:33 - 2014-11-04 19:18 - 00000972 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 22:28 - 2014-10-21 13:49 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 355G2-email_000 355G2
2015-04-26 22:23 - 2014-10-20 16:20 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-26 21:54 - 2014-11-17 01:36 - 01729694 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 21:39 - 2014-10-23 13:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 21:38 - 2014-10-20 13:52 - 00000000 ____D () C:\Users\email_000\Documents\Youcam
2015-04-26 21:35 - 2014-12-01 17:17 - 00000000 ____D () C:\Program Files\KMSnano
2015-04-26 21:35 - 2014-10-20 13:53 - 00000000 ___DO () C:\Users\email_000\OneDrive
2015-04-26 21:34 - 2014-11-04 19:18 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 21:26 - 2014-05-30 17:32 - 06706701 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-26 21:25 - 2014-12-03 20:10 - 00031639 _____ () C:\Windows\setupact.log
2015-04-26 21:25 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 15:39 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-26 15:38 - 2014-05-30 17:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-26 13:06 - 2014-10-20 16:20 - 00000000 ____D () C:\Users\email_000\AppData\Local\Adobe
2015-04-26 13:06 - 2014-10-20 14:14 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BDA785C3-9C21-473B-B645-C421914F8BE9}
2015-04-25 21:08 - 2014-10-21 16:34 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForemail_000
2015-04-25 21:08 - 2014-10-21 16:34 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForemail_000.job
2015-04-25 14:20 - 2014-10-23 13:22 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 11:42 - 2014-10-26 12:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-24 21:34 - 2014-10-20 13:48 - 00000000 ____D () C:\Users\email_000
2015-04-24 21:30 - 2014-10-20 16:10 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\uTorrent
2015-04-24 19:17 - 2014-10-20 16:13 - 00000000 ____D () C:\Filmy
2015-04-24 14:12 - 2014-10-20 16:13 - 00000000 ____D () C:\Torrent
2015-04-24 10:47 - 2014-10-20 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-23 11:05 - 2014-10-20 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 21:49 - 2014-10-20 13:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2796280922-3190028296-2612705438-1001
2015-04-21 22:18 - 2015-03-06 23:47 - 00000000 ____D () C:\Users\email_000\AppData\Local\Battle.net
2015-04-21 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 14:10 - 2014-10-21 11:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 12:46 - 2014-05-30 17:23 - 00000000 ____D () C:\ProgramData\AMD
2015-04-20 12:45 - 2014-05-30 17:22 - 00000000 ____D () C:\Program Files\AMD
2015-04-20 12:25 - 2015-01-12 03:09 - 00000000 ____D () C:\AMD
2015-04-19 15:36 - 2014-11-17 01:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-19 15:35 - 2014-11-17 01:43 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-19 11:53 - 2014-10-20 14:28 - 00000000 ____D () C:\Hry
2015-04-18 09:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-17 22:51 - 2015-02-26 13:53 - 00000000 ____D () C:\Users\email_000\Desktop\RS
2015-04-17 22:21 - 2014-04-19 05:24 - 00768392 _____ () C:\Windows\system32\perfh005.dat
2015-04-17 22:21 - 2014-04-19 05:24 - 00166490 _____ () C:\Windows\system32\perfc005.dat
2015-04-17 22:21 - 2013-08-26 08:09 - 01883104 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 18:17 - 2014-10-20 22:14 - 00000000 ____D () C:\BackupPC
2015-04-17 15:34 - 2014-10-20 22:15 - 00000000 ____D () C:\Users\email_000\Desktop\Random
2015-04-16 17:43 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-16 17:42 - 2014-12-28 14:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 13:39 - 2014-10-20 22:10 - 00000000 ____D () C:\Škola
2015-04-16 12:45 - 2014-10-26 13:17 - 01448448 ___SH () C:\Users\email_000\Desktop\Thumbs.db
2015-04-16 12:16 - 2015-03-06 23:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-16 11:09 - 2014-11-01 14:44 - 00000000 ___RD () C:\Dropbox
2015-04-16 11:08 - 2014-11-01 14:40 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Dropbox
2015-04-15 13:34 - 2015-03-14 12:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 13:32 - 2014-10-23 23:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:23 - 2014-12-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-15 13:23 - 2014-10-23 23:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 13:16 - 2013-08-22 15:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-15 11:36 - 2014-11-12 14:08 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 18:23 - 2014-10-20 16:20 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2015-03-12 17:25 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-12 17:25 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 23:41 - 2014-11-01 14:42 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-12 22:47 - 2014-11-06 23:19 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\iFunBox.NXGen
2015-04-12 22:42 - 2014-10-23 21:34 - 00000000 ____D () C:\iPhone
2015-04-12 21:38 - 2015-01-02 19:17 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\OBS
2015-04-11 21:52 - 2015-01-02 19:19 - 00000000 ____D () C:\Fraps rec
2015-04-11 21:48 - 2015-01-02 19:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-06 20:19 - 2014-10-23 20:58 - 00000000 ____D () C:\Users\email_000\AppData\Roaming\vlc
2015-04-05 15:38 - 2015-02-09 16:05 - 456868850 _____ () C:\Windows\MEMORY.DMP
2015-04-05 15:38 - 2014-10-23 00:08 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 14:44 - 2015-03-18 10:20 - 00000000 ____D () C:\LoLReplays
2015-04-04 10:52 - 2014-10-23 14:16 - 00000000 ____D () C:\Users\email_000\Documents\My Games
2015-04-04 10:51 - 2014-11-18 00:22 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-03 21:21 - 2014-10-23 14:20 - 00000000 ____D () C:\ProgramData\Codemasters
2015-04-03 11:17 - 2014-10-23 13:21 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-03 11:17 - 2014-10-23 13:21 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-04-03 10:39 - 2014-05-30 17:35 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-31 22:46 - 2014-04-02 23:11 - 11083488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 01358192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-03-31 22:46 - 2014-04-02 23:11 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-03-30 16:22 - 2014-10-26 17:56 - 00000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-29 13:19 - 2015-01-31 22:21 - 00001281 _____ () C:\Users\email_000\Desktop\After Effects.lnk
==================== Files in the root of some directories =======
2015-03-29 12:40 - 2015-03-29 12:42 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-10-26 13:17 - 2014-10-26 14:01 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2014-10-26 17:56 - 2015-03-30 16:22 - 0000132 _____ () C:\Users\email_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-17 12:22 - 2014-12-17 12:31 - 0000600 _____ () C:\Users\email_000\AppData\Local\PUTTY.RND
2014-11-16 23:40 - 2014-11-16 23:40 - 0000016 _____ () C:\ProgramData\mntemp
Some content of TEMP:
====================
C:\Users\email_000\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\email_000\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\email_000\AppData\Local\Temp\AutoRun.exe
C:\Users\email_000\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\email_000\AppData\Local\Temp\CH.dll
C:\Users\email_000\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\email_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxbkig.dll
C:\Users\email_000\AppData\Local\Temp\EAInstall.dll
C:\Users\email_000\AppData\Local\Temp\eauninstall.exe
C:\Users\email_000\AppData\Local\Temp\Extract.exe
C:\Users\email_000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\email_000\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\email_000\AppData\Local\Temp\PidGenX.dll
C:\Users\email_000\AppData\Local\Temp\Quarantine.exe
C:\Users\email_000\AppData\Local\Temp\raptrpatch.exe
C:\Users\email_000\AppData\Local\Temp\raptr_stub.exe
C:\Users\email_000\AppData\Local\Temp\Social%20Club%20v1.1.5.8%20Setup.exe
C:\Users\email_000\AppData\Local\Temp\SP67280.exe
C:\Users\email_000\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-26 21:53
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
IFEO\CCleaner64.exe: [Debugger] svchost.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
C:\Windows\System32\Tasks\AutoKMS
C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
C:\9D3A1B22EF28
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\email_000\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Mám takový problém, při ukládání Poznámkový blok varuje před ztrátou znaků kvůli použití ANSI a že mám uložit do Unicode. Nebude potom problém s FRST, když změním Kódování na Unicode?Rudy píše:Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
....
Nakonec bez problémů:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by email_000 at 2015-04-28 17:33:19 Run:1
Running from C:\Users\email_000\Desktop
Loaded Profiles: email_000 (Available profiles: email_000)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
IFEO\CCleaner64.exe: [Debugger] svchost.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-29] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-29] (LastPass)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
C:\Windows\System32\Tasks\AutoKMS
C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
C:\9D3A1B22EF28
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\email_000\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner64.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2796280922-3190028296-2612705438-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}" => Key deleted successfully.
C:\Program Files (x86)\LastPass\LPToolbar.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E} => Key not found.
HKCR\Wow6432Node\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} => value deleted successfully.
"HKCR\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}" => Key deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
C:\Users\email_000\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 => Moved successfully.
C:\9D3A1B22EF28 => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
"C:\Users\email_000\AppData\Local\Temp" directory move:
Could not move "C:\Users\email_000\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-28 17:56:06)<=
C:\Users\email_000\AppData\Local\Temp => Moved successfully.
==== End of Fixlog 17:56:07 ====
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Celkově v pořádku, jen mi déle počítač startuje
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logů - Podezření na Bitcoin miner
Zkuste Startmenu>přík. řádek>(napsat) msconfig>Enter. V otevřené okně na záložkách "po spuštění" a "Služby" odstraňte zatržítka u těch položek, které nemusí automaticky startovat. Tj. u těch, které lze v případě potřeby spustit ručně.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?