Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Vena (administrator) on VENA-PC (19-08-2015 10:57:38)
Running from C:\Users\Vena\Desktop
Loaded Profiles: Vena & postgres (Available Profiles: Vena & postgres)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( ) C:\Program Files (x86)\Miranda IM\miranda32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Vena\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [236544 2008-10-10] (Logitech, Inc.)
HKLM-x32\...\Run: [Alta Sticker Light] => "C:\Program Files (x86)\Alta Softworks\Alta Sticker Light\aslight.exe"
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-05] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3840632806-2365058407-692284029-1000\...\Run: [Display Stix - System tray] => C:\Program Files (x86)\Display Stix 2.1.1\dstix.exe
Startup: C:\Users\Vena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NBC, United States, Live TV, live, stream, streaming, watch, online(1).lnk [2015-02-02]
ShortcutTarget: NBC, United States, Live TV, live, stream, streaming, watch, online(1).lnk -> C:\ProgramData\{93dd39da-b3d4-fea3-93dd-d39dab3de76a}\NBC, United States, Live TV, live, stream, streaming, watch, online(1).exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3840632806-2365058407-692284029-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3840632806-2365058407-692284029-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com
HKU\S-1-5-21-3840632806-2365058407-692284029-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com
HKU\S-1-5-21-3840632806-2365058407-692284029-1002\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3840632806-2365058407-692284029-1000 -> {79EC2D5F-3F87-4a94-8027-6DECFF843520} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3840632806-2365058407-692284029-1000 -> {D68E0C8F-61CA-4ceb-948F-BD15CD4FDDAC} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-3840632806-2365058407-692284029-1000 -> {E9A79F7E-4FAA-40c1-A5F7-9997EB612BF8} URL = hxxp://
www.google.com/cse?cx=partner-pub-37942 ... earchTerms}
SearchScopes: HKU\S-1-5-21-3840632806-2365058407-692284029-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: BieestSAveFoRYou -> {632ff904-061e-4636-8036-de6d9c8da79b} -> C:\Program Files (x86)\BieestSAveFoRYou\SGGRzOdMYDj3Kv.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: MinniemumPrice -> {d29b7612-ea17-4d0b-96f6-34edead47bdc} -> C:\Program Files (x86)\MinniemumPrice\H8xOn14lwq6xZA.x64.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Vena\AppData\Roaming\Mozilla\Firefox\Profiles\cqxwrv9d.default
FF Homepage:
https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: RandomApp - C:\Users\Vena\AppData\Roaming\Mozilla\Firefox\Profiles\cqxwrv9d.default\Extensions\
e_txjxckvdfiqpjs__@rlweuafksowpdnq.org [2015-08-06]
FF Extension: DigiFreeApp - C:\Users\Vena\AppData\Roaming\Mozilla\Firefox\Profiles\cqxwrv9d.default\Extensions\
xwlskcuziufwbrtdhry@lyktvhanfduplxzbw.net [2015-07-27]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\Vena\AppData\Roaming\Mozilla\Firefox\Profiles\cqxwrv9d.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2014-08-28]
FF Extension: Multirow Bookmarks Toolbar - C:\Users\Vena\AppData\Roaming\Mozilla\Firefox\Profiles\cqxwrv9d.default\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2014-08-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Vena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Vena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-28]
CHR Extension: (Google Search) - C:\Users\Vena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-28]
CHR Extension: (Google Wallet) - C:\Users\Vena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-20]
CHR Extension: (Gmail) - C:\Users\Vena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-26] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-02] ()
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2009-06-27] (PostgreSQL Global Development Group) [File not signed]
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-14] (Gigabyte Technology CO., LTD.) [File not signed]
R2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-11] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-08-27] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2014-08-28] () [File not signed]
U3 avmj2065; C:\Windows\System32\Drivers\avmj2065.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-19 10:57 - 2015-08-19 10:58 - 00016234 _____ C:\Users\Vena\Desktop\FRST.txt
2015-08-19 10:57 - 2015-08-19 10:57 - 00000000 ____D C:\FRST
2015-08-19 10:56 - 2015-08-19 10:56 - 00112640 _____ (forum.viry.cz) C:\Users\Vena\Desktop\FRSTLauncher.exe
2015-08-19 10:56 - 2015-08-19 10:54 - 02173440 _____ (Farbar) C:\Users\Vena\Desktop\FRST64.exe
2015-08-17 10:56 - 2015-08-17 10:56 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-17 10:55 - 2015-08-17 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 10:55 - 2015-08-17 10:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 10:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-17 10:55 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-17 10:55 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-31 22:12 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-31 22:12 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-31 22:12 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-31 22:12 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-31 22:12 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-31 22:12 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-31 22:12 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-31 22:12 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-31 22:12 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-31 22:12 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-31 22:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-31 22:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-31 22:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-31 22:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-31 18:33 - 2015-07-31 18:33 - 00001305 _____ C:\Users\Vena\Desktop\Windows Live Movie Maker.lnk
2015-07-31 18:31 - 2015-07-31 18:31 - 00000000 ____D C:\Users\Vena\AppData\Local\{C252596A-FCF8-4AD5-80DA-A82FD7AAEF0E}
2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Windows\cs
2015-07-31 18:29 - 2015-07-31 18:29 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-07-31 18:29 - 2015-07-31 18:29 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-07-31 18:28 - 2015-07-31 18:28 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-07-31 18:28 - 2015-07-31 18:28 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-07-31 18:27 - 2015-07-31 18:27 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-31 18:25 - 2015-07-31 18:31 - 00000000 ____D C:\Users\Vena\AppData\Local\Windows Live
2015-07-28 14:24 - 2015-07-28 14:24 - 00000000 ____D C:\NVIDIA Corporation
2015-07-27 11:28 - 2015-08-18 17:43 - 00000024 _____ C:\Users\Vena\AppData\Roaming\appdataFr25.bin
2015-07-25 12:20 - 2015-07-25 12:20 - 00000085 _____ C:\Windows\wininit.ini
2015-07-25 12:17 - 2015-07-25 12:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-25 12:17 - 2015-07-25 12:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-25 12:17 - 2015-07-25 12:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-25 12:07 - 2015-07-25 12:07 - 00000000 ____D C:\Users\Vena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-25 11:45 - 2015-08-17 13:07 - 00000000 ____D C:\Program Files (x86)\Splendid Hurry
2015-07-25 11:45 - 2015-07-25 11:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-25 11:45 - 2015-07-25 11:45 - 00000000 _____ C:\autoexec.bat
2015-07-25 11:44 - 2015-07-25 11:59 - 00000000 ____D C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2015-07-24 18:06 - 2015-07-24 18:06 - 00000000 ____D C:\Users\Vena\AppData\Local\CEF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-19 10:46 - 2014-08-28 03:59 - 00000000 ____D C:\Users\Vena\AppData\Roaming\Skype
2015-08-19 10:32 - 2014-08-27 16:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-19 10:31 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 10:31 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 10:27 - 2014-08-27 15:03 - 01439381 _____ C:\Windows\WindowsUpdate.log
2015-08-19 10:24 - 2014-08-27 16:19 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-19 10:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-19 10:24 - 2009-07-14 06:51 - 00280634 _____ C:\Windows\setupact.log
2015-08-19 00:30 - 2015-02-02 20:48 - 03414280 _____ C:\blitzerr.txt
2015-08-17 16:58 - 2010-11-21 05:47 - 00034664 _____ C:\Windows\PFRO.log
2015-08-17 13:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech
2015-08-17 11:11 - 2015-05-14 23:22 - 00000000 ____D C:\Program Files (x86)\Digital Trends
2015-08-17 10:57 - 2015-02-22 13:33 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 17:06 - 2011-04-12 10:34 - 00665706 _____ C:\Windows\system32\perfh005.dat
2015-08-16 17:06 - 2011-04-12 10:34 - 00139402 _____ C:\Windows\system32\perfc005.dat
2015-08-16 17:06 - 2009-07-14 07:13 - 01575230 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-16 14:12 - 2014-08-27 22:34 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-08-16 14:05 - 2014-08-28 01:43 - 00000000 ____D C:\ProgramData\Origin
2015-08-15 11:32 - 2015-02-22 17:26 - 00000000 ____D C:\AdwCleaner
2015-08-13 21:39 - 2014-08-27 22:34 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-08-13 16:49 - 2009-07-14 07:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-13 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 20:46 - 2015-06-24 14:51 - 00000989 _____ C:\Users\Public\Desktop\WinaChat.lnk
2015-08-06 18:38 - 2015-07-04 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-02 18:23 - 2015-01-28 11:18 - 00000490 _____ C:\Users\Vena\Desktop\ukoly dnes.txt
2015-08-01 10:29 - 2014-09-11 17:46 - 00000000 ____D C:\Users\postgres.Vena-PC.000
2015-07-31 18:27 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-31 18:26 - 2014-08-28 20:07 - 00088961 _____ C:\Windows\DirectX.log
2015-07-31 18:11 - 2015-04-28 16:17 - 00000000 ____D C:\ProgramData\TechSmith
2015-07-31 17:17 - 2014-08-28 19:28 - 00000000 ____D C:\Users\Vena\AppData\Local\Google
2015-07-31 12:19 - 2015-05-16 17:33 - 00000000 ____D C:\Program Files (x86)\AVSVideoEditor
2015-07-30 22:50 - 2015-05-02 23:51 - 00000000 ____D C:\Users\Vena\AppData\Local\CrashDumps
2015-07-28 14:24 - 2014-08-27 16:09 - 00000000 ____D C:\NVIDIA
2015-07-26 23:27 - 2015-02-07 22:20 - 00000020 _____ C:\Users\Vena\AppData\Roaming\appdataFr3.bin
2015-07-26 12:39 - 2014-08-28 01:42 - 00000000 ____D C:\Program Files (x86)\Origin
==================== Files in the root of some directories =======
2015-07-27 11:28 - 2015-08-18 17:43 - 0000024 _____ () C:\Users\Vena\AppData\Roaming\appdataFr25.bin
2015-02-07 22:20 - 2015-07-26 23:27 - 0000020 _____ () C:\Users\Vena\AppData\Roaming\appdataFr3.bin
2014-08-27 23:57 - 2014-08-27 23:57 - 0000045 _____ () C:\Users\Vena\AppData\Local\machpro.dat
Some files in TEMP:
====================
C:\Users\Vena\AppData\Local\Temp\atcMedia5831418430944.exe
C:\Users\Vena\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\Vena\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Vena\AppData\Local\Temp\ochelper.exe
C:\Users\Vena\AppData\Local\Temp\Quarantine.exe
C:\Users\Vena\AppData\Local\Temp\SHSetup.exe
C:\Users\Vena\AppData\Local\Temp\shutdown1409175490.exe
C:\Users\Vena\AppData\Local\Temp\SIInvoker.exe
C:\Users\Vena\AppData\Local\Temp\sonarinst.exe
C:\Users\Vena\AppData\Local\Temp\sqlite3.dll
C:\Users\Vena\AppData\Local\Temp\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Users\Vena\AppData\Local\Temp\_is730.exe
C:\Users\Vena\AppData\Local\Temp\~8FA1.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Vena\Desktop" je 68 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent
"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent
"C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk
C:\Program Files (x86)\Logitech \SetPoint\SetPoint.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Jen se jeste zeptam, pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze 
Přispějete na provoz fóra?