VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosim o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=149047

Stránka 1 z 2

Prosim o kontrolu logu

Napsal: 24 kvě 2016 16:50
od Chmalka
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-05-2016
Ran by gabi (administrator) on GABI-PC (24-05-2016 11:39:10)
Running from C:\Users\gabi\Desktop
Loaded Profiles: gabi (Available Profiles: gabi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Users\gabi\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\...\Run: [Google Update] => C:\Users\gabi\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4097007782-1966444928-4019047729-1000] => :0
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A95C1F79-C963-44D3-88A2-B0540AD12411}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FC0D0F0F-DAEC-4297-9451-C8B98AD770E1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {62E1E48F-ED7E-4ECE-9E44-7D6F4223C188} URL =
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> buffer URL =
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> firmy.cz-020302 URL = hxxp://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> mapy.cz-020302 URL = hxxp://www.mapy.cz/?sourceid=quicksearch_6826& ... earchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> seznam.cz-020302 URL = hxxp://searchou.com/?q={searchTerms}&id=838fbb60000000000000f46d04641d3c&r=664
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> seznam.cz-091952 URL = hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> videa.seznam.cz-181817 URL = hxxp://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> zbozi.cz-020302 URL = hxxp://www.zbozi.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_cnet_150509&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-4097007782-1966444928-4019047729-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default
FF NewTab: hxxps://www.facebook.com/
FF DefaultSearchEngine: Google Default
FF DefaultSearchEngine,S:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF SelectedSearchEngine,S:
FF Homepage: hxxps://www.facebook.com/
FF Session Restore: -> is enabled.
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.no_proxies_on", "localhost, 127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.socks", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.socks_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.ssl", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.ssl_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.type", 5);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.http", "127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.http_port", 8888);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.no_proxies_on", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.socks", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.socks_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.ssl", "127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.ssl_port", 8888);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.type", 1);
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-21] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-06-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-06-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4097007782-1966444928-4019047729-1000: @tools.google.com/Google Update;version=3 -> C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-4097007782-1966444928-4019047729-1000: @tools.google.com/Google Update;version=9 -> C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\user.js [2015-11-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF SearchPlugin: C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\amazoncom-pro.xml [2015-05-09]
FF SearchPlugin: C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\facebook.xml [2015-12-10]
FF SearchPlugin: C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\google-default.xml [2015-05-09]
FF SearchPlugin: C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\youtube.xml [2015-05-09]
FF Extension: Empty Cache Button - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2016-04-28]
FF Extension: Search By Image (by Google) - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2016-04-28]
FF Extension: Greasemonkey - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-30]
FF Extension: saveensharie - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\8fa6m-h@iiyiyeeiyi.com [2013-09-13] [not signed]
FF Extension: Bing Search Engine - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\bingsearch.full@microsoft.com [2015-04-02] [not signed]
FF Extension: MyWordTool - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\emily@wilford.biz [2013-11-24] [not signed]
FF Extension: HTML5 Video Everywhere! - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\html5-video-everywhere@lejenome.me.xpi [2016-01-06]
FF Extension: User Agent RG (FFox update) - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\useragentrg-upd@mozilla.org.xpi [2016-04-27]
FF Extension: Charles Autoconfiguration - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi [2015-03-22] [not signed]
FF Extension: YouTube Flash Video Player - C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-05-03]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\...\Firefox\Extensions: [{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}] - C:\Program Files (x86)\LyriXeeker\130.xpi => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-20] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\gabi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cgdebfobecnopjndjbdoapgokdjfffpj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
CHR HKLM-x32\...\Chrome\Extension: [oddhjgogndegicgabhgibhfoompkifcn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - <no Path/update_url>
StartMenuInternet: Google Chrome - C:\Users\gabi\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
S3 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
S3 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-19] (Electronic Arts)
S3 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
S3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-18] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-23] (GFI Software)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-16] (REALiX(tm))
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2015-07-05] (QUALCOMM Incorporated)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S3 TuneUpUtilitiesDrv; no ImagePath
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-12-29] (ZTE Incorporated)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz137; \??\C:\Users\gabi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-24 11:39 - 2016-05-24 11:39 - 00031048 _____ C:\Users\gabi\Desktop\FRST.txt
2016-05-24 11:39 - 2016-05-24 11:39 - 00000000 ____D C:\FRST
2016-05-24 11:37 - 2016-05-24 11:37 - 02383360 _____ (Farbar) C:\Users\gabi\Desktop\FRST64.exe
2016-05-24 10:43 - 2016-05-24 10:43 - 00000263 _____ C:\Users\gabi\Desktop\ORGONIT, chemtrails a obrana před ovlivňováním lidí EZOpress.URL
2016-05-23 16:39 - 2016-05-23 16:40 - 292445609 _____ C:\Users\gabi\Downloads\MLUVENÉ SLOVO - Simenon, Georges_ Přístav v mlze (DETEKTIVKA).mp4
2016-05-23 14:17 - 2016-05-23 14:17 - 00001188 _____ C:\Users\gabi\Documents\cc_20160523_141706.reg
2016-05-23 12:34 - 2016-05-19 21:45 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-23 12:32 - 2016-05-21 17:10 - 01581624 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2016-05-23 12:32 - 2016-05-21 17:10 - 00141256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-23 12:32 - 2016-05-21 17:10 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 31600696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 25372096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 21794064 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 21336720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 19110968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 18138232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 17732936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 17236560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 13412408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-23 12:32 - 2016-05-20 03:01 - 10642728 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 08733096 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 03447232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 03001792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00984512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00911416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00770496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00476848 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00153232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-23 12:32 - 2016-05-20 03:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-23 12:32 - 2016-05-20 03:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-23 11:07 - 2016-05-23 11:07 - 00000209 _____ C:\Users\gabi\Desktop\WeTransfer.URL
2016-05-23 08:46 - 2016-05-23 08:46 - 00444656 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2016-05-23 08:44 - 2016-05-23 08:44 - 00003130 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2016-05-23 08:44 - 2016-05-23 08:44 - 00003128 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2016-05-23 08:44 - 2016-05-23 08:44 - 00000000 ____D C:\Windows\IObit
2016-05-23 08:44 - 2016-05-23 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-05-23 02:24 - 2016-05-23 02:24 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-23 02:24 - 2016-05-23 02:24 - 00001151 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-05-23 00:31 - 2016-05-24 02:01 - 00000000 ____D C:\Users\gabi\Downloads\Mluvene knihy
2016-05-22 23:43 - 2016-05-22 23:43 - 00001654 _____ C:\Users\gabi\Documents\cc_20160522_234339.reg
2016-05-21 19:34 - 2016-05-24 11:18 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 19:34 - 2016-05-23 09:18 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-21 19:34 - 2016-05-23 09:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-21 19:34 - 2016-05-23 09:18 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-20 09:35 - 2016-05-20 09:35 - 00000251 _____ C:\Users\gabi\Desktop\(103) II.Kat Rum Meyhanesi.URL
2016-05-17 09:40 - 2016-05-17 09:40 - 00000224 _____ C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
2016-05-15 16:45 - 2016-05-15 16:45 - 00000228 _____ C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
2016-05-15 12:28 - 2016-05-15 12:28 - 00000292 _____ C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
2016-05-13 12:21 - 2016-05-10 00:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-13 12:21 - 2016-05-10 00:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-13 12:18 - 2016-04-14 01:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-13 12:18 - 2016-04-14 01:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-13 12:18 - 2016-04-14 01:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-13 10:28 - 2016-05-13 15:08 - 711588193 _____ C:\Users\gabi\Downloads\Linka.c.657.720p.BluRay.x264.CZ.dabing.mkv
2016-05-13 07:32 - 2016-05-13 08:16 - 791111680 _____ C:\Users\gabi\Downloads\Poldove-a-zlodeji.avi
2016-05-08 16:34 - 2016-05-08 17:26 - 933451776 _____ C:\Users\gabi\Downloads\Navrat-blbyho-a-blbejsiho-Komedie-2014-CZ-adriatic.avi
2016-05-08 00:56 - 2016-05-08 00:56 - 00011802 _____ C:\Users\gabi\Documents\Filip 10.txt
2016-05-07 11:34 - 2016-05-08 01:18 - 1712567876 _____ C:\Users\gabi\Downloads\Terminator.Genisys.2015.BluRay.1080p.TrueHD.7.1.Atmos.x264-EPiC.mkv
2016-05-06 21:49 - 2016-05-06 22:30 - 728084652 _____ C:\Users\gabi\Downloads\Vo-štvorici-po-opici-2-Komedie-2011-CZ-adriatic.avi
2016-05-06 12:03 - 2016-05-06 12:44 - 738929644 _____ C:\Users\gabi\Downloads\Viktor-Frankenstein---2015-CZ-dabing.avi
2016-05-05 17:35 - 2016-05-05 18:52 - 1378323908 _____ C:\Users\gabi\Downloads\S-láskou,-Rosie-(komedie,romantic.-2014)cz---IRISA.avi
2016-05-05 15:25 - 2016-05-05 16:31 - 1182362666 _____ C:\Users\gabi\Downloads\Pád-Země-(2015)-Xvid-⍟ℋ.avi
2016-05-03 22:23 - 2016-05-03 22:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 22:22 - 2016-05-03 22:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-03 22:22 - 2016-05-03 22:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 22:22 - 2016-05-03 22:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-05-02 21:25 - 2016-05-02 22:40 - 1299148676 _____ C:\Users\gabi\Downloads\Každý-milion-dobrý-Xvid-⍟ℋ.avi
2016-05-02 02:34 - 2016-05-02 02:34 - 00000308 _____ C:\Users\gabi\Desktop\Pokud někde uvidíte tohoto brouka, okamžitě běžte pryč. To, co s vámi totiž udělá, je děsivé!.URL
2016-05-02 00:35 - 2016-05-02 02:13 - 1762451456 _____ C:\Users\gabi\Downloads\Padesatka.2015.XviD.CZ.avi
2016-05-01 18:38 - 2016-05-01 20:20 - 1789501440 _____ C:\Users\gabi\Downloads\Superhypochondr-2014-Cz-dab..avi
2016-04-30 22:11 - 2016-04-30 23:04 - 762460160 _____ C:\Users\gabi\Downloads\Lucy-DVDRip_2014_CZ_Dab.avi
2016-04-30 15:00 - 2016-04-30 15:43 - 786511872 _____ C:\Users\gabi\Downloads\Mercy-(2014)-CZ-dabing.avi
2016-04-30 12:41 - 2016-04-30 13:31 - 891371520 _____ C:\Users\gabi\Downloads\Moje-segra-ma-prima-brachu-DVDRip_2014_CZ_Dabing.avi
2016-04-28 02:24 - 2016-04-28 02:24 - 00000742 _____ C:\Users\gabi\Documents\Kvasek.txt
2016-04-27 20:52 - 2016-04-27 21:41 - 734988288 _____ C:\Users\gabi\Downloads\The-Gambler-DVDRip_2015_Cz-Dabing.avi
2016-04-24 09:00 - 2016-04-24 10:59 - 00000000 ____D C:\Users\gabi\Downloads\Nová složka
2016-04-24 00:08 - 2016-04-24 00:08 - 00000842 _____ C:\Users\gabi\Documents\cc_20160424_000823.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-24 11:36 - 2015-05-16 15:46 - 00002870 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (gabi)
2016-05-24 11:34 - 2015-06-18 16:31 - 00000000 ____D C:\Users\gabi\Desktop\Cisteni a optimalizace
2016-05-24 11:33 - 2015-06-02 19:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 11:33 - 2015-05-16 15:44 - 00000000 ____D C:\ProgramData\ProductData
2016-05-24 11:33 - 2014-06-17 14:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a.job
2016-05-24 11:33 - 2012-03-11 22:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-24 11:33 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-24 11:32 - 2009-07-14 00:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-24 11:32 - 2009-07-14 00:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-24 10:33 - 2013-07-22 09:06 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-4097007782-1966444928-4019047729-1000.job
2016-05-24 02:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-23 20:29 - 2013-01-29 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-23 14:21 - 2012-03-14 00:55 - 13005042 _____ C:\Windows\system32\perfh005.dat
2016-05-23 14:21 - 2012-03-14 00:55 - 04364684 _____ C:\Windows\system32\perfc005.dat
2016-05-23 14:21 - 2009-07-14 01:13 - 09048678 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-23 12:34 - 2016-03-10 14:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-23 12:34 - 2014-02-05 23:38 - 00000000 ____D C:\temp
2016-05-23 12:34 - 2013-01-06 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-23 12:34 - 2012-03-11 22:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-23 11:12 - 2016-04-13 15:41 - 00000000 ____D C:\Program Files\TrueKey
2016-05-23 11:12 - 2015-05-16 14:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2.job
2016-05-23 11:12 - 2015-02-04 09:25 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26.job
2016-05-23 11:12 - 2015-02-03 17:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca.job
2016-05-23 11:12 - 2014-06-17 14:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e.job
2016-05-23 11:12 - 2014-06-17 09:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d.job
2016-05-23 11:12 - 2014-06-17 09:49 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9.job
2016-05-23 11:12 - 2012-12-22 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-23 08:44 - 2015-11-29 12:45 - 00003238 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-05-23 08:44 - 2015-11-29 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-05-23 08:44 - 2015-05-16 15:43 - 00000000 ____D C:\Users\gabi\AppData\Roaming\IObit
2016-05-23 08:44 - 2015-05-16 15:43 - 00000000 ____D C:\Program Files (x86)\IObit
2016-05-23 02:24 - 2013-04-11 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-23 02:24 - 2012-12-22 12:37 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-23 00:33 - 2016-04-19 12:09 - 00000000 ____D C:\Users\gabi\Downloads\Knihy
2016-05-22 23:44 - 2015-05-16 15:44 - 00002900 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_gabi
2016-05-22 23:43 - 2014-04-13 00:50 - 00000000 ____D C:\Users\gabi\AppData\Local\CrashDumps
2016-05-22 01:47 - 2016-01-06 10:41 - 00000000 ____D C:\Users\gabi\Desktop\Babske rady
2016-05-21 21:33 - 2016-04-13 15:50 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-21 19:45 - 2015-05-16 14:00 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2
2016-05-21 19:45 - 2015-02-04 09:25 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26
2016-05-21 19:45 - 2015-02-03 17:53 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca
2016-05-21 19:45 - 2014-06-17 14:34 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e
2016-05-21 19:45 - 2014-06-17 09:49 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d
2016-05-21 19:45 - 2014-06-17 09:49 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9
2016-05-21 19:44 - 2016-04-13 15:50 - 00003330 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-05-21 19:34 - 2014-09-02 18:00 - 00000000 ____D C:\Users\gabi\AppData\Local\Adobe
2016-05-21 14:39 - 2015-09-06 21:09 - 00000000 ____D C:\Users\gabi\Desktop\Vareni
2016-05-20 23:54 - 2015-08-22 14:15 - 00000000 ____D C:\Users\gabi\Desktop\Ruzne
2016-05-20 03:01 - 2016-03-01 14:12 - 16693208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-20 03:01 - 2015-12-01 12:21 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-20 03:01 - 2013-02-26 00:32 - 14293592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-20 03:01 - 2013-02-26 00:32 - 03383448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-20 03:01 - 2012-03-11 22:46 - 03825384 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-19 22:11 - 2015-12-21 12:51 - 00531904 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-19 22:11 - 2015-12-21 12:51 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-19 22:11 - 2013-01-06 13:08 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-19 22:11 - 2012-03-11 22:47 - 06346688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-19 22:11 - 2012-03-11 22:47 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-19 22:11 - 2012-03-11 22:47 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-19 22:11 - 2012-03-11 22:47 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-19 22:11 - 2012-03-11 22:47 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-19 21:33 - 2016-04-13 15:41 - 00000000 ____D C:\ProgramData\McAfee
2016-05-18 21:25 - 2014-03-22 10:17 - 00000000 ___RD C:\Users\gabi\Desktop\FOTKY
2016-05-18 19:25 - 2012-03-11 22:47 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
2016-05-17 23:25 - 2016-03-03 12:56 - 00000000 ____D C:\Users\gabi\Downloads\Aplikace a programy
2016-05-16 22:59 - 2013-11-09 00:32 - 00000000 ____D C:\Users\gabi\Desktop\Stranky
2016-05-13 12:22 - 2012-03-11 22:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-13 12:18 - 2013-12-06 08:04 - 00000000 ____D C:\Users\gabi\AppData\Local\NVIDIA
2016-05-12 18:46 - 2012-03-14 14:16 - 00002370 _____ C:\Users\gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-10 18:05 - 2014-06-17 14:34 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a
2016-05-09 20:50 - 2015-10-11 22:43 - 00000000 ____D C:\Users\gabi\Desktop\Nove do simsu
2016-05-08 14:17 - 2013-02-22 11:01 - 00000000 ____D C:\Program Files (x86)\Recepty doma
2016-05-08 00:57 - 2016-02-12 18:52 - 00000659 _____ C:\Users\gabi\Documents\Kody na kafe.txt
2016-05-07 12:34 - 2016-03-03 12:55 - 00000000 ____D C:\Users\gabi\Downloads\Filmy
2016-05-06 23:58 - 2015-07-27 01:51 - 00000000 ____D C:\Users\gabi\Desktop\Rucni prace a navody
2016-05-06 00:59 - 2014-11-22 19:06 - 00000000 ____D C:\Users\gabi\Desktop\Ryby
2016-05-05 16:24 - 2012-04-03 15:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-04 15:02 - 2015-04-25 06:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-04 15:02 - 2015-04-25 06:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-04 00:45 - 2015-06-20 12:32 - 00000000 ____D C:\Users\gabi\Desktop\Obchody
2016-05-03 22:23 - 2016-03-10 14:31 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-03 22:22 - 2016-03-10 14:31 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-03 22:22 - 2016-03-10 14:31 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-03 22:22 - 2016-03-10 14:31 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-02 12:14 - 2014-11-08 16:52 - 00000000 ____D C:\Users\gabi\Desktop\Moje vánoční kuchařka
2016-05-02 01:39 - 2015-09-23 09:09 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-02 01:39 - 2013-12-06 08:04 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-02 01:38 - 2015-11-27 11:53 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-02 01:38 - 2015-09-23 09:09 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-02 01:38 - 2013-12-06 08:04 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2013-08-26 12:19 - 2013-09-17 01:19 - 0000114 _____ () C:\Users\gabi\AppData\Roaming\WB.CFG
2013-08-26 12:19 - 2013-09-17 01:19 - 0000005 _____ () C:\Users\gabi\AppData\Roaming\WBPU-TTL.DAT
2015-04-07 05:49 - 2015-04-07 05:49 - 0000064 _____ () C:\Users\gabi\AppData\Local\29ac5b7c7af3f31b11ecb2fdbcc37a98
2013-10-12 12:48 - 2013-11-23 15:46 - 0003584 _____ () C:\Users\gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-09 12:29 - 2013-03-09 12:29 - 0002661 _____ () C:\Users\gabi\AppData\Local\recently-used.xbel
2013-05-10 18:04 - 2013-05-16 01:35 - 0007611 _____ () C:\Users\gabi\AppData\Local\Resmon.ResmonCfg
2013-04-07 18:17 - 2013-04-07 18:17 - 0000003 _____ () C:\Users\gabi\AppData\Local\updater.log
2013-04-07 18:17 - 2015-10-02 02:47 - 0000424 _____ () C:\Users\gabi\AppData\Local\UserProducts.xml
2014-12-24 19:54 - 2014-12-24 19:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-16 15:50 - 2015-05-16 15:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2013-07-02 18:57] - [2015-06-02 19:08] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2013-07-02 18:57] - [2015-06-02 19:08] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-18 03:58

==================== End of FRST.txt ============================

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 17:35
od Rudy
Zdravím!
Jak je na tom váš oper. systém s legalitou?

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 19:06
od Chmalka
Nemam tuseni, instaloval to kamarad uz je to par let. Predpokladam ale ze je to v poradku.

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 19:42
od Rudy
OK. Udělejte náskedující sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 23:00
od Chmalka
Udelalo mi to jeden log. Davam ho sem, ale nezobrazuje se. Co delam spatne?

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 23:02
od Chmalka
Aha uz to vidim, hlasi mi to, ze ten log je prilis dlouhy :(

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 23:17
od Chmalka
OTL logfile created on: 5/24/2016 6:10:46 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gabi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 12.96 Gb Available Physical Memory | 81.06% Memory free
31.96 Gb Paging File | 28.66 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.03 Gb Total Space | 220.67 Gb Free Space | 49.36% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 261.78 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 188.67 Gb Free Space | 63.29% Space Free | Partition Type: NTFS

Computer Name: GABI-PC | User Name: gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
PRC - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016/05/10 18:05:43 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/02 23:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/05/02 02:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/04/29 14:24:30 | 005,224,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/03/15 17:46:46 | 001,529,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/03/02 13:43:20 | 000,573,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/01/11 13:30:00 | 002,019,616 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2015/10/01 16:10:14 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
PRC - [2015/07/28 21:22:40 | 005,889,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2015/07/17 15:21:14 | 002,062,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2015/03/31 20:26:14 | 000,470,304 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
PRC - [2014/12/23 14:22:38 | 000,833,240 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
PRC - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe


========== Modules (No Company Name) ==========

MOD - [2016/05/02 02:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
MOD - [2015/12/28 13:49:58 | 000,629,536 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2015/12/23 18:32:40 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madbasic_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2016/05/16 15:36:52 | 000,086,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV:64bit: - [2016/05/16 15:30:30 | 000,015,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV:64bit: - [2016/05/16 15:30:04 | 000,878,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV:64bit: - [2016/05/02 01:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/05/02 01:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/05/02 01:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2016/03/08 02:13:04 | 002,829,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2015/11/25 16:00:00 | 003,020,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc)
SRV:64bit: - [2015/09/16 00:08:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2015/05/25 19:37:49 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 23:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/01/31 05:37:56 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/01/30 13:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2011/12/01 11:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/23 09:18:06 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016/05/02 23:31:11 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService9)
SRV - [2015/09/19 03:55:16 | 002,057,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/06/18 08:57:18 | 001,268,568 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/03/28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/01/02 19:45:12 | 000,315,488 | ---- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/16 00:23:26 | 000,487,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013/12/03 11:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013/01/31 05:37:56 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/13 04:36:54 | 000,922,240 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/19 18:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/02 14:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/05/24 16:09:39 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/05/02 01:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016/04/14 01:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016/04/09 10:52:50 | 001,027,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/08/18 21:50:46 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/08/05 13:47:15 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015/07/14 15:29:08 | 000,255,240 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2015/07/14 15:29:08 | 000,231,520 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2015/07/14 15:29:08 | 000,178,520 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2015/07/14 15:29:08 | 000,072,400 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2015/07/14 15:29:08 | 000,053,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2015/07/05 17:06:43 | 000,242,688 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2015/05/25 19:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/05/25 18:59:59 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/05/16 15:54:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2015/01/27 01:23:46 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/23 01:31:11 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 22:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/08/29 02:24:50 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/08/29 02:24:50 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012/06/27 04:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/06/29 03:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/10 20:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/09 09:33:20 | 000,235,008 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/08 17:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/21 14:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/15 12:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2015/05/16 15:46:08 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2015/03/25 20:07:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2015/03/25 20:07:34 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2015/03/25 20:07:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/09/16 23:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {62E1E48F-ED7E-4ECE-9E44-7D6F4223C188}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 47 5C 2C 9B 01 CD 01 [binary data]
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=W ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{A486E4F4-30E2-454A-A4B4-9C78441179EA}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\firmy.cz-020302: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\mapy.cz-020302: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-020302: "URL" = http://searchou.com/?q={searchTerms}&id ... 1d3c&r=664
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-091952: "URL" = http://search.seznam.cz/?sourceid=quick ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\videa.seznam.cz-181817: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\zbozi.cz-020302: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google Default"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - prefs.js..extensions.enabledItems: {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}:1.0
FF - prefs.js..extensions.enabledItems: iau6mcws@xzhzysklu.co.uk:1.5
FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.436
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.12.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/02/16 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}: C:\Program Files (x86)\LyriXeeker\130.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: disable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2013/04/14 07:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Extensions
[2016/05/03 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions
[2016/04/28 02:24:54 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/09/13 12:50:12 | 000,000,000 | ---D | M] (saveensharie) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\8fa6m-h@iiyiyeeiyi.com
[2015/04/02 14:18:08 | 000,000,000 | ---D | M] ("Bing Search Engine") -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\bingsearch.full@microsoft.com
[2013/11/24 11:56:13 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\emily@wilford.biz
[2016/01/06 18:04:51 | 000,102,947 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\html5-video-everywhere@lejenome.me.xpi
[2016/04/27 09:11:22 | 000,007,255 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\useragentrg-upd@mozilla.org.xpi
[2015/03/22 12:21:05 | 000,009,855 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi
[2016/04/28 02:24:54 | 000,073,436 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2016/04/30 09:27:25 | 000,319,627 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016/05/03 09:13:32 | 000,097,981 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2015/05/09 19:42:25 | 000,001,763 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\amazoncom-pro.xml
[2015/05/09 11:22:49 | 000,002,938 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\bing.xml
[2015/12/10 04:37:43 | 000,002,290 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\facebook.xml
[2015/05/09 19:41:51 | 000,002,382 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\google-default.xml
[2015/05/09 19:41:45 | 000,004,208 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\youtube.xml
[2016/05/23 02:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/10/01 21:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2016/04/13 17:44:24 | 000,000,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8:64bit: - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95C1F79-C963-44D3-88A2-B0540AD12411}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC0D0F0F-DAEC-4297-9451-C8B98AD770E1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skypec2c - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/18 03:50:17 | 000,465,216 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/09/10 18:36:44 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/05/24 16:43:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:01 | 000,000,000 | ---D | C] -- C:\FRST
[2016/05/23 20:29:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/05/23 12:34:19 | 000,113,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/23 12:32:34 | 031,600,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/23 12:32:34 | 025,372,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/23 12:32:34 | 021,794,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/23 12:32:34 | 019,110,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/23 12:32:34 | 018,138,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/23 12:32:34 | 001,581,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/23 12:32:34 | 000,911,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/23 12:32:34 | 000,476,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/23 12:32:34 | 000,394,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/23 12:32:34 | 000,177,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/23 12:32:34 | 000,155,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/23 12:32:34 | 000,153,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/23 12:32:34 | 000,141,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/23 12:32:34 | 000,131,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/23 12:32:34 | 000,046,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/23 12:32:33 | 021,336,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/23 12:32:33 | 017,732,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/23 12:32:33 | 017,236,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/23 12:32:33 | 003,447,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/23 12:32:33 | 003,001,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/23 12:32:33 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/23 12:32:33 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/23 12:32:33 | 000,984,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/23 12:32:33 | 000,770,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/23 12:32:33 | 000,708,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/23 08:46:20 | 000,444,656 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 08:44:44 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2016/05/23 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/05/21 19:34:30 | 000,797,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/21 19:34:30 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/13 12:21:06 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/13 12:21:06 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/13 12:18:23 | 000,113,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016/05/13 12:18:23 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/13 12:18:23 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/05/24 18:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a.job
[2016/05/24 17:36:15 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/24 17:36:15 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/24 17:18:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/24 16:47:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 16:09:39 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/24 15:20:22 | 000,000,326 | ---- | M] () -- C:\Users\gabi\Desktop\Svědectví o vraždění dětí při loveckých honech – CIA, elita, satanský kult, Austrálie, USA, Kanada, VB, Francie i Holandsko .URL
[2016/05/24 14:33:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-4097007782-1966444928-4019047729-1000.job
[2016/05/24 13:51:50 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\FLOUR TORTILLAS (Step-by-step recipe) - YouTube.URL
[2016/05/24 11:39:27 | 013,017,592 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/05/24 11:39:27 | 013,011,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/24 11:39:27 | 009,057,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/24 11:39:27 | 004,369,038 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/05/24 11:39:27 | 004,350,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/24 11:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/24 11:33:18 | 4281,032,702 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/24 10:43:20 | 000,000,263 | ---- | M] () -- C:\Users\gabi\Desktop\ORGONIT, chemtrails a obrana před ovlivňováním lidí EZOpress.URL
[2016/05/23 14:17:14 | 000,001,188 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26.job
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e.job
[2016/05/23 11:12:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9.job
[2016/05/23 11:07:34 | 000,000,209 | ---- | M] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 09:18:06 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/23 09:18:06 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 02:24:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:43 | 000,001,654 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 17:10:34 | 001,581,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/21 17:10:34 | 000,046,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/20 09:35:04 | 000,000,251 | ---- | M] () -- C:\Users\gabi\Desktop\(103) II.Kat Rum Meyhanesi.URL
[2016/05/20 03:01:55 | 039,979,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/20 03:01:55 | 035,117,112 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/20 03:01:55 | 031,600,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/20 03:01:55 | 025,372,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/20 03:01:55 | 021,794,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/20 03:01:55 | 021,336,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/20 03:01:55 | 019,110,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/20 03:01:55 | 018,138,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/20 03:01:55 | 017,732,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/20 03:01:55 | 017,236,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/20 03:01:55 | 016,693,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2016/05/20 03:01:55 | 014,293,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016/05/20 03:01:55 | 010,642,728 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 008,733,096 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 003,825,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016/05/20 03:01:55 | 003,447,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/20 03:01:55 | 003,383,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016/05/20 03:01:55 | 003,001,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/20 03:01:55 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/20 03:01:55 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/20 03:01:55 | 000,984,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/20 03:01:55 | 000,911,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/20 03:01:55 | 000,770,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/20 03:01:55 | 000,708,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/20 03:01:55 | 000,669,952 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,565,392 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,476,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/20 03:01:55 | 000,394,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/20 03:01:55 | 000,177,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/20 03:01:55 | 000,155,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/20 03:01:55 | 000,153,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/20 03:01:55 | 000,131,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/20 03:01:55 | 000,039,124 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/19 22:11:23 | 006,346,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016/05/19 22:11:23 | 002,454,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016/05/19 22:11:21 | 001,762,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016/05/19 22:11:21 | 000,531,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2016/05/19 22:11:21 | 000,393,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016/05/19 22:11:21 | 000,083,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2016/05/19 22:11:21 | 000,069,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016/05/19 21:45:30 | 000,113,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/18 19:25:24 | 006,448,223 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016/05/17 09:40:36 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | M] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | M] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/10 00:07:01 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/10 00:07:01 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016/05/02 02:34:54 | 000,000,308 | ---- | M] () -- C:\Users\gabi\Desktop\Pokud někde uvidíte tohoto brouka, okamžitě běžte pryč. To, co s vámi totiž udělá, je děsivé!.URL
[2016/05/02 01:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 01:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 01:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 01:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 01:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/05/24 16:47:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016/05/24 15:20:22 | 000,000,326 | ---- | C] () -- C:\Users\gabi\Desktop\Svědectví o vraždění dětí při loveckých honech – CIA, elita, satanský kult, Austrálie, USA, Kanada, VB, Francie i Holandsko .URL
[2016/05/24 13:51:50 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\FLOUR TORTILLAS (Step-by-step recipe) - YouTube.URL
[2016/05/24 10:43:20 | 000,000,263 | ---- | C] () -- C:\Users\gabi\Desktop\ORGONIT, chemtrails a obrana před ovlivňováním lidí EZOpress.URL
[2016/05/23 14:17:12 | 000,001,188 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 12:32:34 | 010,642,728 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/23 12:32:34 | 008,733,096 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/23 12:32:33 | 039,979,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/23 12:32:33 | 035,117,112 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/23 12:32:33 | 000,669,952 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,565,392 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/23 11:07:34 | 000,000,209 | ---- | C] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 02:24:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:41 | 000,001,654 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 19:34:31 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/20 09:35:04 | 000,000,251 | ---- | C] () -- C:\Users\gabi\Desktop\(103) II.Kat Rum Meyhanesi.URL
[2016/05/17 09:40:36 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | C] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | C] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/03 22:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/02 02:34:54 | 000,000,308 | ---- | C] () -- C:\Users\gabi\Desktop\Pokud někde uvidíte tohoto brouka, okamžitě běžte pryč. To, co s vámi totiž udělá, je děsivé!.URL
[2016/03/10 14:31:09 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/03/10 14:31:09 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/02/13 21:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016/02/13 21:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015/09/06 15:43:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2015/05/16 15:50:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/05/09 10:42:58 | 000,002,848 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2015/04/07 05:49:19 | 000,000,064 | ---- | C] () -- C:\Users\gabi\AppData\Local\29ac5b7c7af3f31b11ecb2fdbcc37a98
[2015/02/27 15:07:32 | 000,082,064 | ---- | C] () -- C:\Windows\cadkasdeinst01cz.exe
[2015/02/27 14:21:20 | 000,001,290 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2015/02/27 14:09:40 | 000,404,624 | ---- | C] () -- C:\Windows\cadkasdeinst01e_64.exe
[2015/01/05 12:46:17 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/24 19:54:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/12 12:48:52 | 000,003,584 | ---- | C] () -- C:\Users\gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/26 12:19:02 | 000,000,005 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WBPU-TTL.DAT
[2013/08/26 12:19:01 | 000,000,114 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WB.CFG
[2013/08/26 11:19:52 | 000,000,896 | RHS- | C] () -- C:\Users\gabi\ntuser.pol
[2013/05/10 18:04:49 | 000,007,611 | ---- | C] () -- C:\Users\gabi\AppData\Local\Resmon.ResmonCfg
[2013/04/07 18:17:42 | 000,000,424 | ---- | C] () -- C:\Users\gabi\AppData\Local\UserProducts.xml
[2013/03/09 12:29:41 | 000,002,661 | ---- | C] () -- C:\Users\gabi\AppData\Local\recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 14:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 13:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/22 10:41:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\.MyCookBook
[2013/06/23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Ad-Aware Antivirus
[2015/07/29 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Ashampoo
[2012/03/14 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ASUS WebStorage
[2015/02/27 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\CAD-KAS
[2013/04/13 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\calibre
[2012/03/15 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Charles
[2015/08/07 13:22:26 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\DAEMON Tools Lite
[2012/03/14 02:01:37 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\DAEMON Tools Pro
[2014/07/26 04:42:58 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\DSite
[2013/02/04 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Easy Macro Recorder
[2013/12/07 21:57:28 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ERGOM
[2013/10/02 17:31:12 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ESET
[2014/11/22 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Free Picture Solutions
[2012/03/15 17:44:23 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\GA-Data
[2014/08/06 00:16:46 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\IcoFX
[2016/05/23 08:44:35 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\IObit
[2013/08/22 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\IrfanView
[2013/12/08 18:34:04 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Kalendra
[2012/07/04 06:38:13 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Leadertech
[2013/08/26 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Mipony
[2012/03/14 15:17:03 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Opera
[2015/07/29 00:09:54 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Origin
[2014/10/24 03:41:51 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\PearlMountain
[2013/03/09 13:57:33 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\PhotoFiltre 7
[2015/05/23 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ProductData
[2015/02/03 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\SanDisk SecureAccess
[2013/02/22 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Scribus
[2013/05/07 21:21:23 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\SecureSearch
[2013/04/10 08:56:22 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Seznam.cz
[2012/12/19 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\systweak
[2015/03/16 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\TeamViewer
[2013/05/09 11:53:29 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\TuneUp Software
[2013/11/24 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\TV Online
[2014/02/11 07:16:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Unity
[2015/08/23 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Uschovna
[2015/06/18 16:55:06 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Visan
[2013/07/14 05:20:33 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\VitySoft
[2015/06/19 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Win7codecs
[2014/10/01 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Yandex
[2016/04/02 23:20:36 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Zoner

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:16E15B52

< End of report >

Re: Prosim o kontrolu logu

Napsal: 24 kvě 2016 23:26
od Chmalka
OTL logfile created on: 5/24/2016 6:17:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gabi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 12.85 Gb Available Physical Memory | 80.41% Memory free
31.96 Gb Paging File | 28.47 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.03 Gb Total Space | 220.52 Gb Free Space | 49.33% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 261.78 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 188.67 Gb Free Space | 63.29% Space Free | Partition Type: NTFS

Computer Name: GABI-PC | User Name: gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
PRC - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016/05/10 18:05:43 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/02 23:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/05/02 02:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/04/29 14:24:30 | 005,224,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/03/15 17:46:46 | 001,529,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/03/02 13:43:20 | 000,573,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/01/11 13:30:00 | 002,019,616 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2015/10/01 16:10:14 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
PRC - [2015/07/28 21:22:40 | 005,889,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2015/07/17 15:21:14 | 002,062,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2015/03/31 20:26:14 | 000,470,304 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
PRC - [2014/12/23 14:22:38 | 000,833,240 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
PRC - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe


========== Modules (No Company Name) ==========

MOD - [2016/05/02 02:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
MOD - [2015/12/28 13:49:58 | 000,629,536 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2015/12/23 18:32:40 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madbasic_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2016/05/16 15:36:52 | 000,086,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV:64bit: - [2016/05/16 15:30:30 | 000,015,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV:64bit: - [2016/05/16 15:30:04 | 000,878,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV:64bit: - [2016/05/02 01:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/05/02 01:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/05/02 01:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2016/03/08 02:13:04 | 002,829,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2015/11/25 16:00:00 | 003,020,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc)
SRV:64bit: - [2015/09/16 00:08:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2015/05/25 19:37:49 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 23:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/01/31 05:37:56 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/01/30 13:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2011/12/01 11:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/23 09:18:06 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016/05/02 23:31:11 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService9)
SRV - [2015/09/19 03:55:16 | 002,057,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/06/18 08:57:18 | 001,268,568 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/03/28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/01/02 19:45:12 | 000,315,488 | ---- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/16 00:23:26 | 000,487,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013/12/03 11:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013/01/31 05:37:56 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/13 04:36:54 | 000,922,240 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/19 18:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/02 14:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/05/24 18:13:49 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/05/02 01:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016/04/14 01:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016/04/09 10:52:50 | 001,027,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/08/18 21:50:46 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/08/05 13:47:15 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015/07/14 15:29:08 | 000,255,240 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2015/07/14 15:29:08 | 000,231,520 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2015/07/14 15:29:08 | 000,178,520 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2015/07/14 15:29:08 | 000,072,400 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2015/07/14 15:29:08 | 000,053,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2015/07/05 17:06:43 | 000,242,688 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2015/05/25 19:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/05/25 18:59:59 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/05/16 15:54:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2015/01/27 01:23:46 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/23 01:31:11 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 22:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/08/29 02:24:50 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/08/29 02:24:50 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012/06/27 04:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/06/29 03:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/10 20:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/09 09:33:20 | 000,235,008 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/08 17:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/21 14:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/15 12:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2015/05/16 15:46:08 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2015/03/25 20:07:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2015/03/25 20:07:34 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2015/03/25 20:07:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/09/16 23:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {62E1E48F-ED7E-4ECE-9E44-7D6F4223C188}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 47 5C 2C 9B 01 CD 01 [binary data]
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=W ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{A486E4F4-30E2-454A-A4B4-9C78441179EA}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\firmy.cz-020302: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\mapy.cz-020302: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-020302: "URL" = http://searchou.com/?q={searchTerms}&id ... 1d3c&r=664
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-091952: "URL" = http://search.seznam.cz/?sourceid=quick ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\videa.seznam.cz-181817: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\zbozi.cz-020302: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google Default"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - prefs.js..extensions.enabledItems: {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}:1.0
FF - prefs.js..extensions.enabledItems: iau6mcws@xzhzysklu.co.uk:1.5
FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.436
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.12.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/02/16 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}: C:\Program Files (x86)\LyriXeeker\130.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: disable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2013/04/14 07:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Extensions
[2013/04/14 07:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2016/05/03 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions
[2016/04/28 02:24:54 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/09/13 12:50:12 | 000,000,000 | ---D | M] (saveensharie) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\8fa6m-h@iiyiyeeiyi.com
[2015/04/02 14:18:08 | 000,000,000 | ---D | M] ("Bing Search Engine") -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\bingsearch.full@microsoft.com
[2013/11/24 11:56:13 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\emily@wilford.biz
[2016/01/06 18:04:51 | 000,102,947 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\html5-video-everywhere@lejenome.me.xpi
[2016/04/27 09:11:22 | 000,007,255 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\useragentrg-upd@mozilla.org.xpi
[2015/03/22 12:21:05 | 000,009,855 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi
[2016/04/28 02:24:54 | 000,073,436 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2016/04/30 09:27:25 | 000,319,627 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016/05/03 09:13:32 | 000,097,981 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2015/05/09 19:42:25 | 000,001,763 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\amazoncom-pro.xml
[2015/05/09 11:22:49 | 000,002,938 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\bing.xml
[2015/12/10 04:37:43 | 000,002,290 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\facebook.xml
[2015/05/09 19:41:51 | 000,002,382 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\google-default.xml
[2015/05/09 19:41:45 | 000,004,208 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\youtube.xml
[2016/05/23 02:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/10/01 21:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2016/04/13 17:44:24 | 000,000,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Google Update] C:\Users\gabi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xportovat do Microsoft Excelu - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8:64bit: - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95C1F79-C963-44D3-88A2-B0540AD12411}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC0D0F0F-DAEC-4297-9451-C8B98AD770E1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skypec2c - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/18 03:50:17 | 000,465,216 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/09/10 18:36:44 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/05/24 16:43:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:01 | 000,000,000 | ---D | C] -- C:\FRST
[2016/05/23 20:29:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/05/23 12:34:19 | 000,113,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/23 12:32:34 | 031,600,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/23 12:32:34 | 025,372,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/23 12:32:34 | 021,794,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/23 12:32:34 | 019,110,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/23 12:32:34 | 018,138,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/23 12:32:34 | 001,581,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/23 12:32:34 | 000,911,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/23 12:32:34 | 000,476,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/23 12:32:34 | 000,394,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/23 12:32:34 | 000,177,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/23 12:32:34 | 000,155,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/23 12:32:34 | 000,153,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/23 12:32:34 | 000,141,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/23 12:32:34 | 000,131,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/23 12:32:34 | 000,046,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/23 12:32:33 | 021,336,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/23 12:32:33 | 017,732,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/23 12:32:33 | 017,236,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/23 12:32:33 | 003,447,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/23 12:32:33 | 003,001,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/23 12:32:33 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/23 12:32:33 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/23 12:32:33 | 000,984,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/23 12:32:33 | 000,770,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/23 12:32:33 | 000,708,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/23 08:46:20 | 000,444,656 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 08:44:44 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2016/05/23 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/05/21 19:34:30 | 000,797,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/21 19:34:30 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/13 12:21:06 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/13 12:21:06 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/13 12:18:23 | 000,113,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016/05/13 12:18:23 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/13 12:18:23 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/05/24 18:18:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/24 18:13:49 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/24 18:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a.job
[2016/05/24 17:36:15 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/24 17:36:15 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/24 16:47:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 15:20:22 | 000,000,326 | ---- | M] () -- C:\Users\gabi\Desktop\Svědectví o vraždění dětí při loveckých honech – CIA, elita, satanský kult, Austrálie, USA, Kanada, VB, Francie i Holandsko .URL
[2016/05/24 14:33:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-4097007782-1966444928-4019047729-1000.job
[2016/05/24 13:51:50 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\FLOUR TORTILLAS (Step-by-step recipe) - YouTube.URL
[2016/05/24 11:39:27 | 013,017,592 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/05/24 11:39:27 | 013,011,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/24 11:39:27 | 009,057,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/24 11:39:27 | 004,369,038 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/05/24 11:39:27 | 004,350,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/24 11:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/24 11:33:18 | 4281,032,702 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/24 10:43:20 | 000,000,263 | ---- | M] () -- C:\Users\gabi\Desktop\ORGONIT, chemtrails a obrana před ovlivňováním lidí EZOpress.URL
[2016/05/23 14:17:14 | 000,001,188 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26.job
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e.job
[2016/05/23 11:12:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9.job
[2016/05/23 11:07:34 | 000,000,209 | ---- | M] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 09:18:06 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/23 09:18:06 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 02:24:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:43 | 000,001,654 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 17:10:34 | 001,581,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/21 17:10:34 | 000,046,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/20 09:35:04 | 000,000,251 | ---- | M] () -- C:\Users\gabi\Desktop\(103) II.Kat Rum Meyhanesi.URL
[2016/05/20 03:01:55 | 039,979,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/20 03:01:55 | 035,117,112 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/20 03:01:55 | 031,600,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/20 03:01:55 | 025,372,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/20 03:01:55 | 021,794,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/20 03:01:55 | 021,336,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/20 03:01:55 | 019,110,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/20 03:01:55 | 018,138,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/20 03:01:55 | 017,732,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/20 03:01:55 | 017,236,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/20 03:01:55 | 016,693,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2016/05/20 03:01:55 | 014,293,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016/05/20 03:01:55 | 010,642,728 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 008,733,096 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 003,825,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016/05/20 03:01:55 | 003,447,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/20 03:01:55 | 003,383,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016/05/20 03:01:55 | 003,001,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/20 03:01:55 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/20 03:01:55 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/20 03:01:55 | 000,984,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/20 03:01:55 | 000,911,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/20 03:01:55 | 000,770,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/20 03:01:55 | 000,708,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/20 03:01:55 | 000,669,952 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,565,392 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,476,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/20 03:01:55 | 000,394,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/20 03:01:55 | 000,177,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/20 03:01:55 | 000,155,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/20 03:01:55 | 000,153,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/20 03:01:55 | 000,131,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/20 03:01:55 | 000,039,124 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/19 22:11:23 | 006,346,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016/05/19 22:11:23 | 002,454,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016/05/19 22:11:21 | 001,762,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016/05/19 22:11:21 | 000,531,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2016/05/19 22:11:21 | 000,393,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016/05/19 22:11:21 | 000,083,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2016/05/19 22:11:21 | 000,069,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016/05/19 21:45:30 | 000,113,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/18 19:25:24 | 006,448,223 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016/05/17 09:40:36 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | M] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | M] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/10 00:07:01 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/10 00:07:01 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016/05/02 02:34:54 | 000,000,308 | ---- | M] () -- C:\Users\gabi\Desktop\Pokud někde uvidíte tohoto brouka, okamžitě běžte pryč. To, co s vámi totiž udělá, je děsivé!.URL
[2016/05/02 01:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 01:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 01:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 01:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 01:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/05/24 16:47:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016/05/24 15:20:22 | 000,000,326 | ---- | C] () -- C:\Users\gabi\Desktop\Svědectví o vraždění dětí při loveckých honech – CIA, elita, satanský kult, Austrálie, USA, Kanada, VB, Francie i Holandsko .URL
[2016/05/24 13:51:50 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\FLOUR TORTILLAS (Step-by-step recipe) - YouTube.URL
[2016/05/24 10:43:20 | 000,000,263 | ---- | C] () -- C:\Users\gabi\Desktop\ORGONIT, chemtrails a obrana před ovlivňováním lidí EZOpress.URL
[2016/05/23 14:17:12 | 000,001,188 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 12:32:34 | 010,642,728 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/23 12:32:34 | 008,733,096 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/23 12:32:33 | 039,979,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/23 12:32:33 | 035,117,112 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/23 12:32:33 | 000,669,952 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,565,392 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/23 11:07:34 | 000,000,209 | ---- | C] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 02:24:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:41 | 000,001,654 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 19:34:31 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/20 09:35:04 | 000,000,251 | ---- | C] () -- C:\Users\gabi\Desktop\(103) II.Kat Rum Meyhanesi.URL
[2016/05/17 09:40:36 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | C] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | C] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/03 22:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/02 02:34:54 | 000,000,308 | ---- | C] () -- C:\Users\gabi\Desktop\Pokud někde uvidíte tohoto brouka, okamžitě běžte pryč. To, co s vámi totiž udělá, je děsivé!.URL
[2016/03/10 14:31:09 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/03/10 14:31:09 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/02/13 21:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016/02/13 21:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015/09/06 15:43:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2015/05/16 15:50:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/05/09 10:42:58 | 000,002,848 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2015/04/07 05:49:19 | 000,000,064 | ---- | C] () -- C:\Users\gabi\AppData\Local\29ac5b7c7af3f31b11ecb2fdbcc37a98
[2015/02/27 15:07:32 | 000,082,064 | ---- | C] () -- C:\Windows\cadkasdeinst01cz.exe
[2015/02/27 14:21:20 | 000,001,290 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2015/02/27 14:09:40 | 000,404,624 | ---- | C] () -- C:\Windows\cadkasdeinst01e_64.exe
[2015/01/05 12:46:17 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/24 19:54:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/12 12:48:52 | 000,003,584 | ---- | C] () -- C:\Users\gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/26 12:19:02 | 000,000,005 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WBPU-TTL.DAT
[2013/08/26 12:19:01 | 000,000,114 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WB.CFG
[2013/08/26 11:19:52 | 000,000,896 | RHS- | C] () -- C:\Users\gabi\ntuser.pol
[2013/05/10 18:04:49 | 000,007,611 | ---- | C] () -- C:\Users\gabi\AppData\Local\Resmon.ResmonCfg
[2013/04/07 18:17:42 | 000,000,424 | ---- | C] () -- C:\Users\gabi\AppData\Local\UserProducts.xml
[2013/03/09 12:29:41 | 000,002,661 | ---- | C] () -- C:\Users\gabi\AppData\Local\recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 14:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 13:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:16E15B52

< End of report >

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 17:26
od Rudy
Kde je druhý log?

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 18:22
od Chmalka
Tak snad to ted bude dobre.

OTL logfile created on: 5/25/2016 1:15:59 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gabi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 11.37 Gb Available Physical Memory | 71.15% Memory free
31.96 Gb Paging File | 27.34 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.03 Gb Total Space | 219.22 Gb Free Space | 49.04% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 261.78 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 187.07 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: GABI-PC | User Name: gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
PRC - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016/05/10 18:05:43 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/02 23:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/05/02 02:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/04/29 14:24:30 | 005,224,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/03/15 17:46:46 | 001,529,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/03/02 13:43:20 | 000,573,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/01/11 13:30:00 | 002,019,616 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2015/10/01 16:10:14 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
PRC - [2015/07/28 21:22:40 | 005,889,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2015/07/17 15:21:14 | 002,062,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2015/03/31 20:26:14 | 000,470,304 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
PRC - [2014/12/23 14:22:38 | 000,833,240 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
PRC - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe


========== Modules (No Company Name) ==========

MOD - [2016/05/02 02:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
MOD - [2015/12/28 13:49:58 | 000,629,536 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2015/12/23 18:32:40 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madbasic_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2016/05/16 15:36:52 | 000,086,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV:64bit: - [2016/05/16 15:30:30 | 000,015,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV:64bit: - [2016/05/16 15:30:04 | 000,878,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV:64bit: - [2016/05/02 01:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/05/02 01:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/05/02 01:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2016/03/08 02:13:04 | 002,829,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2015/11/25 16:00:00 | 003,020,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc)
SRV:64bit: - [2015/09/16 00:08:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2015/05/25 19:37:49 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 23:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/01/31 05:37:56 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/01/30 13:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2011/12/01 11:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/23 09:18:06 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016/05/02 23:31:11 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService9)
SRV - [2015/09/19 03:55:16 | 002,057,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/06/18 08:57:18 | 001,268,568 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/03/28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/01/02 19:45:12 | 000,315,488 | ---- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/16 00:23:26 | 000,487,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013/12/03 11:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013/01/31 05:37:56 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/13 04:36:54 | 000,922,240 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/19 18:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/02 14:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/05/25 13:13:02 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/05/02 01:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016/04/14 01:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016/04/09 10:52:50 | 001,027,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/08/18 21:50:46 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/08/05 13:47:15 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015/07/14 15:29:08 | 000,255,240 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2015/07/14 15:29:08 | 000,231,520 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2015/07/14 15:29:08 | 000,178,520 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2015/07/14 15:29:08 | 000,072,400 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2015/07/14 15:29:08 | 000,053,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2015/07/05 17:06:43 | 000,242,688 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2015/05/25 19:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/05/25 18:59:59 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/05/16 15:54:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2015/01/27 01:23:46 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/23 01:31:11 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 22:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/08/29 02:24:50 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/08/29 02:24:50 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012/06/27 04:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/06/29 03:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/10 20:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/09 09:33:20 | 000,235,008 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/08 17:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/21 14:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/15 12:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2015/05/16 15:46:08 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2015/03/25 20:07:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2015/03/25 20:07:34 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2015/03/25 20:07:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/09/16 23:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {62E1E48F-ED7E-4ECE-9E44-7D6F4223C188}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 47 5C 2C 9B 01 CD 01 [binary data]
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=W ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{A486E4F4-30E2-454A-A4B4-9C78441179EA}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\firmy.cz-020302: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\mapy.cz-020302: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-020302: "URL" = http://searchou.com/?q={searchTerms}&id ... 1d3c&r=664
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-091952: "URL" = http://search.seznam.cz/?sourceid=quick ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\videa.seznam.cz-181817: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\zbozi.cz-020302: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google Default"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - prefs.js..extensions.enabledItems: {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}:1.0
FF - prefs.js..extensions.enabledItems: iau6mcws@xzhzysklu.co.uk:1.5
FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.436
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.12.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/02/16 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}: C:\Program Files (x86)\LyriXeeker\130.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: disable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2013/04/14 07:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Extensions
[2016/05/03 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions
[2016/04/28 02:24:54 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/09/13 12:50:12 | 000,000,000 | ---D | M] (saveensharie) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\8fa6m-h@iiyiyeeiyi.com
[2015/04/02 14:18:08 | 000,000,000 | ---D | M] ("Bing Search Engine") -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\bingsearch.full@microsoft.com
[2013/11/24 11:56:13 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\emily@wilford.biz
[2016/01/06 18:04:51 | 000,102,947 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\html5-video-everywhere@lejenome.me.xpi
[2016/04/27 09:11:22 | 000,007,255 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\useragentrg-upd@mozilla.org.xpi
[2015/03/22 12:21:05 | 000,009,855 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi
[2016/04/28 02:24:54 | 000,073,436 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2016/04/30 09:27:25 | 000,319,627 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016/05/03 09:13:32 | 000,097,981 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2015/05/09 19:42:25 | 000,001,763 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\amazoncom-pro.xml
[2015/05/09 11:22:49 | 000,002,938 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\bing.xml
[2015/12/10 04:37:43 | 000,002,290 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\facebook.xml
[2015/05/09 19:41:51 | 000,002,382 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\google-default.xml
[2015/05/09 19:41:45 | 000,004,208 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\youtube.xml
[2016/05/23 02:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/10/01 21:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2016/04/13 17:44:24 | 000,000,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8:64bit: - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95C1F79-C963-44D3-88A2-B0540AD12411}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC0D0F0F-DAEC-4297-9451-C8B98AD770E1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skypec2c - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/18 03:50:17 | 000,465,216 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/09/10 18:36:44 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/05/24 16:43:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:01 | 000,000,000 | ---D | C] -- C:\FRST
[2016/05/23 20:29:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/05/23 12:34:19 | 000,113,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/23 12:32:34 | 031,600,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/23 12:32:34 | 025,372,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/23 12:32:34 | 021,794,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/23 12:32:34 | 019,110,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/23 12:32:34 | 018,138,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/23 12:32:34 | 001,581,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/23 12:32:34 | 000,911,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/23 12:32:34 | 000,476,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/23 12:32:34 | 000,394,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/23 12:32:34 | 000,177,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/23 12:32:34 | 000,155,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/23 12:32:34 | 000,153,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/23 12:32:34 | 000,141,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/23 12:32:34 | 000,131,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/23 12:32:34 | 000,046,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/23 12:32:33 | 021,336,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/23 12:32:33 | 017,732,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/23 12:32:33 | 017,236,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/23 12:32:33 | 003,447,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/23 12:32:33 | 003,001,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/23 12:32:33 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/23 12:32:33 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/23 12:32:33 | 000,984,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/23 12:32:33 | 000,770,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/23 12:32:33 | 000,708,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/23 08:46:20 | 000,444,656 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 08:44:44 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2016/05/23 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/05/21 19:34:30 | 000,797,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/21 19:34:30 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/13 12:21:06 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/13 12:21:06 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/13 12:18:23 | 000,113,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016/05/13 12:18:23 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/13 12:18:23 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/05/25 13:18:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/25 13:13:02 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/25 13:06:18 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 13:06:18 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 10:33:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-4097007782-1966444928-4019047729-1000.job
[2016/05/25 02:40:37 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\150 Anglické Věty Pro Začátečníky - YouTube.URL
[2016/05/24 18:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a.job
[2016/05/24 16:47:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:27 | 013,017,592 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/05/24 11:39:27 | 013,011,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/24 11:39:27 | 009,057,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/24 11:39:27 | 004,369,038 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/05/24 11:39:27 | 004,350,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/24 11:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/24 11:33:18 | 4281,032,702 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/23 14:17:14 | 000,001,188 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26.job
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e.job
[2016/05/23 11:12:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9.job
[2016/05/23 11:07:34 | 000,000,209 | ---- | M] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 09:18:06 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/23 09:18:06 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 02:24:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:43 | 000,001,654 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 17:10:34 | 001,581,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/21 17:10:34 | 000,046,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/20 03:01:55 | 039,979,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/20 03:01:55 | 035,117,112 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/20 03:01:55 | 031,600,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/20 03:01:55 | 025,372,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/20 03:01:55 | 021,794,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/20 03:01:55 | 021,336,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/20 03:01:55 | 019,110,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/20 03:01:55 | 018,138,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/20 03:01:55 | 017,732,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/20 03:01:55 | 017,236,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/20 03:01:55 | 016,693,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2016/05/20 03:01:55 | 014,293,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016/05/20 03:01:55 | 010,642,728 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 008,733,096 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 003,825,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016/05/20 03:01:55 | 003,447,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/20 03:01:55 | 003,383,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016/05/20 03:01:55 | 003,001,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/20 03:01:55 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/20 03:01:55 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/20 03:01:55 | 000,984,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/20 03:01:55 | 000,911,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/20 03:01:55 | 000,770,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/20 03:01:55 | 000,708,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/20 03:01:55 | 000,669,952 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,565,392 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,476,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/20 03:01:55 | 000,394,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/20 03:01:55 | 000,177,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/20 03:01:55 | 000,155,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/20 03:01:55 | 000,153,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/20 03:01:55 | 000,131,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/20 03:01:55 | 000,039,124 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/19 22:11:23 | 006,346,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016/05/19 22:11:23 | 002,454,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016/05/19 22:11:21 | 001,762,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016/05/19 22:11:21 | 000,531,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2016/05/19 22:11:21 | 000,393,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016/05/19 22:11:21 | 000,083,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2016/05/19 22:11:21 | 000,069,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016/05/19 21:45:30 | 000,113,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/18 19:25:24 | 006,448,223 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016/05/17 09:40:36 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | M] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | M] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/10 00:07:01 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/10 00:07:01 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016/05/02 01:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 01:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 01:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 01:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 01:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/05/25 02:40:37 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\150 Anglické Věty Pro Začátečníky - YouTube.URL
[2016/05/24 16:47:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016/05/23 14:17:12 | 000,001,188 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 12:32:34 | 010,642,728 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/23 12:32:34 | 008,733,096 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/23 12:32:33 | 039,979,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/23 12:32:33 | 035,117,112 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/23 12:32:33 | 000,669,952 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,565,392 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/23 11:07:34 | 000,000,209 | ---- | C] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 02:24:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:41 | 000,001,654 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 19:34:31 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/17 09:40:36 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | C] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | C] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/03 22:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/03/10 14:31:09 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/03/10 14:31:09 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/02/13 21:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016/02/13 21:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015/09/06 15:43:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2015/05/16 15:50:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/05/09 10:42:58 | 000,002,848 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2015/04/07 05:49:19 | 000,000,064 | ---- | C] () -- C:\Users\gabi\AppData\Local\29ac5b7c7af3f31b11ecb2fdbcc37a98
[2015/02/27 15:07:32 | 000,082,064 | ---- | C] () -- C:\Windows\cadkasdeinst01cz.exe
[2015/02/27 14:21:20 | 000,001,290 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2015/02/27 14:09:40 | 000,404,624 | ---- | C] () -- C:\Windows\cadkasdeinst01e_64.exe
[2015/01/05 12:46:17 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/24 19:54:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/12 12:48:52 | 000,003,584 | ---- | C] () -- C:\Users\gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/26 12:19:02 | 000,000,005 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WBPU-TTL.DAT
[2013/08/26 12:19:01 | 000,000,114 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WB.CFG
[2013/08/26 11:19:52 | 000,000,896 | RHS- | C] () -- C:\Users\gabi\ntuser.pol
[2013/05/10 18:04:49 | 000,007,611 | ---- | C] () -- C:\Users\gabi\AppData\Local\Resmon.ResmonCfg
[2013/04/07 18:17:42 | 000,000,424 | ---- | C] () -- C:\Users\gabi\AppData\Local\UserProducts.xml
[2013/03/09 12:29:41 | 000,002,661 | ---- | C] () -- C:\Users\gabi\AppData\Local\recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 14:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 13:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:16E15B52

< End of report >

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 18:30
od Chmalka
Je mi lito, ale me to dela dva naprosto stejne logy :(

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 18:42
od Chmalka
Tak jsme to projela jeste jednou. Zkusila jsem po prvnim scanu to zavrit a na druhe otevreni zadat druhy. Tohle mi vybehlo. Snad to bude stacit.

OTL logfile created on: 5/25/2016 1:30:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gabi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 11.21 Gb Available Physical Memory | 70.13% Memory free
31.96 Gb Paging File | 27.13 Gb Available in Paging File | 84.87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.03 Gb Total Space | 219.02 Gb Free Space | 48.99% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 261.78 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 187.07 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: GABI-PC | User Name: gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
PRC - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016/05/10 18:05:43 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/02 23:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/05/02 02:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/04/29 14:24:30 | 005,224,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/03/15 17:46:46 | 001,529,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/03/02 13:43:20 | 000,573,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/01/11 13:30:00 | 002,019,616 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2015/10/01 16:10:14 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
PRC - [2015/07/28 21:22:40 | 005,889,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2015/07/17 15:21:14 | 002,062,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2015/03/31 20:26:14 | 000,470,304 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
PRC - [2014/12/23 14:22:38 | 000,833,240 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
PRC - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe


========== Modules (No Company Name) ==========

MOD - [2016/05/02 02:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
MOD - [2015/12/28 13:49:58 | 000,629,536 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2015/12/23 18:32:40 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madbasic_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2016/05/16 15:36:52 | 000,086,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV:64bit: - [2016/05/16 15:30:30 | 000,015,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV:64bit: - [2016/05/16 15:30:04 | 000,878,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV:64bit: - [2016/05/02 01:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/05/02 01:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/05/02 01:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2016/03/08 02:13:04 | 002,829,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2015/11/25 16:00:00 | 003,020,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc)
SRV:64bit: - [2015/09/16 00:08:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2015/05/25 19:37:49 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 23:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/01/31 05:37:56 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/01/30 13:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2011/12/01 11:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/23 09:18:06 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016/05/02 23:31:11 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService9)
SRV - [2015/09/19 03:55:16 | 002,057,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/06/18 08:57:18 | 001,268,568 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/03/28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/01/02 19:45:12 | 000,315,488 | ---- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/16 00:23:26 | 000,487,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013/12/03 11:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013/01/31 05:37:56 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/13 04:36:54 | 000,922,240 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/19 18:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/02 14:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/05/25 13:13:02 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/05/02 01:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016/04/14 01:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016/04/09 10:52:50 | 001,027,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/08/18 21:50:46 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/08/05 13:47:15 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015/07/14 15:29:08 | 000,255,240 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2015/07/14 15:29:08 | 000,231,520 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2015/07/14 15:29:08 | 000,178,520 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2015/07/14 15:29:08 | 000,072,400 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2015/07/14 15:29:08 | 000,053,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2015/07/05 17:06:43 | 000,242,688 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2015/05/25 19:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/05/25 18:59:59 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/05/16 15:54:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2015/01/27 01:23:46 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/23 01:31:11 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 22:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/08/29 02:24:50 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/08/29 02:24:50 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012/06/27 04:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/06/29 03:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/10 20:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/09 09:33:20 | 000,235,008 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/08 17:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/21 14:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/15 12:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2015/05/16 15:46:08 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2015/03/25 20:07:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2015/03/25 20:07:34 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2015/03/25 20:07:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/09/16 23:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {62E1E48F-ED7E-4ECE-9E44-7D6F4223C188}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 47 5C 2C 9B 01 CD 01 [binary data]
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=W ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{A486E4F4-30E2-454A-A4B4-9C78441179EA}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\firmy.cz-020302: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\mapy.cz-020302: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-020302: "URL" = http://searchou.com/?q={searchTerms}&id ... 1d3c&r=664
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-091952: "URL" = http://search.seznam.cz/?sourceid=quick ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\videa.seznam.cz-181817: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\zbozi.cz-020302: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google Default"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - prefs.js..extensions.enabledItems: {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}:1.0
FF - prefs.js..extensions.enabledItems: iau6mcws@xzhzysklu.co.uk:1.5
FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.436
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.12.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/02/16 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}: C:\Program Files (x86)\LyriXeeker\130.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: disable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2013/04/14 07:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Extensions
[2016/05/03 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions
[2016/04/28 02:24:54 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/09/13 12:50:12 | 000,000,000 | ---D | M] (saveensharie) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\8fa6m-h@iiyiyeeiyi.com
[2015/04/02 14:18:08 | 000,000,000 | ---D | M] ("Bing Search Engine") -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\bingsearch.full@microsoft.com
[2013/11/24 11:56:13 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\emily@wilford.biz
[2016/01/06 18:04:51 | 000,102,947 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\html5-video-everywhere@lejenome.me.xpi
[2016/04/27 09:11:22 | 000,007,255 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\useragentrg-upd@mozilla.org.xpi
[2015/03/22 12:21:05 | 000,009,855 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi
[2016/04/28 02:24:54 | 000,073,436 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2016/04/30 09:27:25 | 000,319,627 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016/05/03 09:13:32 | 000,097,981 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2015/05/09 19:42:25 | 000,001,763 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\amazoncom-pro.xml
[2015/05/09 11:22:49 | 000,002,938 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\bing.xml
[2015/12/10 04:37:43 | 000,002,290 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\facebook.xml
[2015/05/09 19:41:51 | 000,002,382 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\google-default.xml
[2015/05/09 19:41:45 | 000,004,208 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\youtube.xml
[2016/05/23 02:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/10/01 21:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2016/04/13 17:44:24 | 000,000,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8:64bit: - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95C1F79-C963-44D3-88A2-B0540AD12411}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC0D0F0F-DAEC-4297-9451-C8B98AD770E1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skypec2c - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/18 03:50:17 | 000,465,216 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/09/10 18:36:44 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/05/24 16:43:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:01 | 000,000,000 | ---D | C] -- C:\FRST
[2016/05/23 20:29:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/05/23 12:34:19 | 000,113,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/23 12:32:34 | 031,600,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/23 12:32:34 | 025,372,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/23 12:32:34 | 021,794,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/23 12:32:34 | 019,110,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/23 12:32:34 | 018,138,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/23 12:32:34 | 001,581,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/23 12:32:34 | 000,911,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/23 12:32:34 | 000,476,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/23 12:32:34 | 000,394,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/23 12:32:34 | 000,177,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/23 12:32:34 | 000,155,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/23 12:32:34 | 000,153,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/23 12:32:34 | 000,141,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/23 12:32:34 | 000,131,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/23 12:32:34 | 000,046,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/23 12:32:33 | 021,336,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/23 12:32:33 | 017,732,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/23 12:32:33 | 017,236,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/23 12:32:33 | 003,447,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/23 12:32:33 | 003,001,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/23 12:32:33 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/23 12:32:33 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/23 12:32:33 | 000,984,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/23 12:32:33 | 000,770,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/23 12:32:33 | 000,708,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/23 08:46:20 | 000,444,656 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 08:44:44 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2016/05/23 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/05/21 19:34:30 | 000,797,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/21 19:34:30 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/13 12:21:06 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/13 12:21:06 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/13 12:18:23 | 000,113,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016/05/13 12:18:23 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/13 12:18:23 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/05/25 13:20:44 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Grilled Pocket Burgers by the BBQ Pit Boys - YouTube.URL
[2016/05/25 13:18:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/25 13:13:02 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/25 13:06:18 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 13:06:18 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 10:33:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-4097007782-1966444928-4019047729-1000.job
[2016/05/25 02:40:37 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\150 Anglické Věty Pro Začátečníky - YouTube.URL
[2016/05/24 18:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a.job
[2016/05/24 16:47:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:27 | 013,017,592 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/05/24 11:39:27 | 013,011,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/24 11:39:27 | 009,057,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/24 11:39:27 | 004,369,038 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/05/24 11:39:27 | 004,350,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/24 11:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/24 11:33:18 | 4281,032,702 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/23 14:17:14 | 000,001,188 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26.job
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e.job
[2016/05/23 11:12:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9.job
[2016/05/23 11:07:34 | 000,000,209 | ---- | M] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 09:18:06 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/23 09:18:06 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 02:24:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:43 | 000,001,654 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 17:10:34 | 001,581,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/21 17:10:34 | 000,046,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/20 03:01:55 | 039,979,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/20 03:01:55 | 035,117,112 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/20 03:01:55 | 031,600,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/20 03:01:55 | 025,372,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/20 03:01:55 | 021,794,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/20 03:01:55 | 021,336,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/20 03:01:55 | 019,110,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/20 03:01:55 | 018,138,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/20 03:01:55 | 017,732,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/20 03:01:55 | 017,236,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/20 03:01:55 | 016,693,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2016/05/20 03:01:55 | 014,293,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016/05/20 03:01:55 | 010,642,728 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 008,733,096 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 003,825,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016/05/20 03:01:55 | 003,447,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/20 03:01:55 | 003,383,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016/05/20 03:01:55 | 003,001,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/20 03:01:55 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/20 03:01:55 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/20 03:01:55 | 000,984,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/20 03:01:55 | 000,911,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/20 03:01:55 | 000,770,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/20 03:01:55 | 000,708,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/20 03:01:55 | 000,669,952 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,565,392 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,476,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/20 03:01:55 | 000,394,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/20 03:01:55 | 000,177,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/20 03:01:55 | 000,155,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/20 03:01:55 | 000,153,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/20 03:01:55 | 000,131,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/20 03:01:55 | 000,039,124 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/19 22:11:23 | 006,346,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016/05/19 22:11:23 | 002,454,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016/05/19 22:11:21 | 001,762,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016/05/19 22:11:21 | 000,531,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2016/05/19 22:11:21 | 000,393,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016/05/19 22:11:21 | 000,083,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2016/05/19 22:11:21 | 000,069,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016/05/19 21:45:30 | 000,113,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/18 19:25:24 | 006,448,223 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016/05/17 09:40:36 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | M] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | M] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/10 00:07:01 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/10 00:07:01 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016/05/02 01:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 01:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 01:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 01:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 01:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/05/25 13:20:44 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Grilled Pocket Burgers by the BBQ Pit Boys - YouTube.URL
[2016/05/25 02:40:37 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\150 Anglické Věty Pro Začátečníky - YouTube.URL
[2016/05/24 16:47:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016/05/23 14:17:12 | 000,001,188 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 12:32:34 | 010,642,728 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/23 12:32:34 | 008,733,096 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/23 12:32:33 | 039,979,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/23 12:32:33 | 035,117,112 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/23 12:32:33 | 000,669,952 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,565,392 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/23 11:07:34 | 000,000,209 | ---- | C] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 02:24:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:41 | 000,001,654 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 19:34:31 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/17 09:40:36 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | C] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | C] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/03 22:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/03/10 14:31:09 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/03/10 14:31:09 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/02/13 21:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016/02/13 21:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015/09/06 15:43:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2015/05/16 15:50:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/05/09 10:42:58 | 000,002,848 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2015/04/07 05:49:19 | 000,000,064 | ---- | C] () -- C:\Users\gabi\AppData\Local\29ac5b7c7af3f31b11ecb2fdbcc37a98
[2015/02/27 15:07:32 | 000,082,064 | ---- | C] () -- C:\Windows\cadkasdeinst01cz.exe
[2015/02/27 14:21:20 | 000,001,290 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2015/02/27 14:09:40 | 000,404,624 | ---- | C] () -- C:\Windows\cadkasdeinst01e_64.exe
[2015/01/05 12:46:17 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/24 19:54:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/12 12:48:52 | 000,003,584 | ---- | C] () -- C:\Users\gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/26 12:19:02 | 000,000,005 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WBPU-TTL.DAT
[2013/08/26 12:19:01 | 000,000,114 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WB.CFG
[2013/08/26 11:19:52 | 000,000,896 | RHS- | C] () -- C:\Users\gabi\ntuser.pol
[2013/05/10 18:04:49 | 000,007,611 | ---- | C] () -- C:\Users\gabi\AppData\Local\Resmon.ResmonCfg
[2013/04/07 18:17:42 | 000,000,424 | ---- | C] () -- C:\Users\gabi\AppData\Local\UserProducts.xml
[2013/03/09 12:29:41 | 000,002,661 | ---- | C] () -- C:\Users\gabi\AppData\Local\recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 14:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 13:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/22 10:41:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\.MyCookBook
[2013/06/23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Ad-Aware Antivirus
[2015/07/29 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Ashampoo
[2012/03/14 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ASUS WebStorage
[2015/02/27 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\CAD-KAS
[2013/04/13 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\calibre
[2012/03/15 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Charles
[2015/08/07 13:22:26 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\DAEMON Tools Lite
[2012/03/14 02:01:37 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\DAEMON Tools Pro
[2014/07/26 04:42:58 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\DSite
[2013/02/04 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Easy Macro Recorder
[2013/12/07 21:57:28 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ERGOM
[2013/10/02 17:31:12 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ESET
[2014/11/22 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Free Picture Solutions
[2012/03/15 17:44:23 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\GA-Data
[2014/08/06 00:16:46 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\IcoFX
[2016/05/23 08:44:35 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\IObit
[2013/08/22 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\IrfanView
[2013/12/08 18:34:04 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Kalendra
[2012/07/04 06:38:13 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Leadertech
[2013/08/26 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Mipony
[2012/03/14 15:17:03 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Opera
[2015/07/29 00:09:54 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Origin
[2014/10/24 03:41:51 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\PearlMountain
[2013/03/09 13:57:33 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\PhotoFiltre 7
[2015/05/23 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\ProductData
[2015/02/03 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\SanDisk SecureAccess
[2013/02/22 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Scribus
[2013/05/07 21:21:23 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\SecureSearch
[2013/04/10 08:56:22 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Seznam.cz
[2012/12/19 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\systweak
[2015/03/16 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\TeamViewer
[2013/05/09 11:53:29 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\TuneUp Software
[2013/11/24 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\TV Online
[2014/02/11 07:16:16 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Unity
[2015/08/23 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Uschovna
[2015/06/18 16:55:06 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Visan
[2013/07/14 05:20:33 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\VitySoft
[2015/06/19 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Win7codecs
[2014/10/01 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Yandex
[2016/04/02 23:20:36 | 000,000,000 | ---D | M] -- C:\Users\gabi\AppData\Roaming\Zoner

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:16E15B52

< End of report >

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 18:43
od Chmalka
A tohle je druhy

OTL logfile created on: 5/25/2016 1:34:41 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gabi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 11.12 Gb Available Physical Memory | 69.58% Memory free
31.96 Gb Paging File | 26.88 Gb Available in Paging File | 84.09% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.03 Gb Total Space | 219.02 Gb Free Space | 48.99% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 261.78 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 187.07 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: GABI-PC | User Name: gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
PRC - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016/05/10 18:05:43 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/02 23:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/05/02 02:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/04/29 14:24:30 | 005,224,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/03/15 17:46:46 | 001,529,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/03/02 13:43:20 | 000,573,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/01/11 13:30:00 | 002,019,616 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2015/10/01 16:10:14 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
PRC - [2015/07/28 21:22:40 | 005,889,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2015/07/17 15:21:14 | 002,062,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2015/03/31 20:26:14 | 000,470,304 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
PRC - [2014/12/23 14:22:38 | 000,833,240 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
PRC - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe


========== Modules (No Company Name) ==========

MOD - [2016/05/02 02:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
MOD - [2015/12/28 13:49:58 | 000,629,536 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2015/12/23 18:32:40 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\iFreeUp\madbasic_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2016/05/16 15:36:52 | 000,086,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV:64bit: - [2016/05/16 15:30:30 | 000,015,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV:64bit: - [2016/05/16 15:30:04 | 000,878,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV:64bit: - [2016/05/02 01:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/05/02 01:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/05/02 01:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2016/03/08 02:13:04 | 002,829,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2015/11/25 16:00:00 | 003,020,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc)
SRV:64bit: - [2015/09/16 00:08:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/08 15:22:32 | 001,353,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2015/05/25 19:37:49 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 23:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/01/31 05:37:56 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/01/30 13:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2011/12/01 11:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/23 09:18:06 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/19 21:45:30 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016/05/02 23:31:11 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/02 01:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2016/01/05 11:14:12 | 000,446,240 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService9)
SRV - [2015/09/19 03:55:16 | 002,057,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/07/17 15:21:14 | 000,882,464 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/06/18 08:57:18 | 001,268,568 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/03/28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/01/02 19:45:12 | 000,315,488 | ---- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/16 00:23:26 | 000,487,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/16 11:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013/12/03 11:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013/01/31 05:37:56 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/13 04:36:54 | 000,922,240 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/19 18:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/02 14:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker)
SRV - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/05/25 13:13:02 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/05/02 01:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016/04/14 01:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016/04/09 10:52:50 | 001,027,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/08/18 21:50:46 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015/08/05 13:47:15 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015/07/14 15:29:08 | 000,255,240 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2015/07/14 15:29:08 | 000,231,520 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2015/07/14 15:29:08 | 000,178,520 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2015/07/14 15:29:08 | 000,072,400 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2015/07/14 15:29:08 | 000,053,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2015/07/05 17:06:43 | 000,242,688 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2015/05/25 19:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/05/25 18:59:59 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/05/16 15:54:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2015/01/27 01:23:46 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/23 01:31:11 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/30 00:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 22:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/08/29 02:24:50 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/08/29 02:24:50 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012/06/27 04:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/06/29 03:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/10 20:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/09 09:33:20 | 000,235,008 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/12/29 15:16:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/08 17:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/21 14:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/15 12:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2015/05/16 15:46:08 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2015/03/25 20:07:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2015/03/25 20:07:34 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2015/03/25 20:07:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/09/16 23:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {62E1E48F-ED7E-4ECE-9E44-7D6F4223C188}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 47 5C 2C 9B 01 CD 01 [binary data]
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=W ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{A486E4F4-30E2-454A-A4B4-9C78441179EA}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\firmy.cz-020302: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\mapy.cz-020302: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-020302: "URL" = http://searchou.com/?q={searchTerms}&id ... 1d3c&r=664
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\seznam.cz-091952: "URL" = http://search.seznam.cz/?sourceid=quick ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\videa.seznam.cz-181817: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\SearchScopes\zbozi.cz-020302: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google Default"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - prefs.js..extensions.enabledItems: {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}:1.0
FF - prefs.js..extensions.enabledItems: iau6mcws@xzhzysklu.co.uk:1.5
FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.436
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.12.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabi\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/02/16 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}: C:\Program Files (x86)\LyriXeeker\130.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: disable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2013/04/14 07:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Extensions
[2016/05/03 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions
[2016/04/28 02:24:54 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/09/13 12:50:12 | 000,000,000 | ---D | M] (saveensharie) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\8fa6m-h@iiyiyeeiyi.com
[2015/04/02 14:18:08 | 000,000,000 | ---D | M] ("Bing Search Engine") -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\bingsearch.full@microsoft.com
[2013/11/24 11:56:13 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\emily@wilford.biz
[2016/01/06 18:04:51 | 000,102,947 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\html5-video-everywhere@lejenome.me.xpi
[2016/04/27 09:11:22 | 000,007,255 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\useragentrg-upd@mozilla.org.xpi
[2015/03/22 12:21:05 | 000,009,855 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}.xpi
[2016/04/28 02:24:54 | 000,073,436 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2016/04/30 09:27:25 | 000,319,627 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016/05/03 09:13:32 | 000,097,981 | ---- | M] () (No name found) -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2015/05/09 19:42:25 | 000,001,763 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\amazoncom-pro.xml
[2015/05/09 11:22:49 | 000,002,938 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\bing.xml
[2015/12/10 04:37:43 | 000,002,290 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\facebook.xml
[2015/05/09 19:41:51 | 000,002,382 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\google-default.xml
[2015/05/09 19:41:45 | 000,004,208 | ---- | M] () -- C:\Users\gabi\AppData\Roaming\Mozilla\Firefox\Profiles\cznanbow.default\searchplugins\youtube.xml
[2016/05/23 02:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/10/01 21:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2016/04/13 17:44:24 | 000,000,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8:64bit: - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Oříznutý obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4097007782-1966444928-4019047729-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95C1F79-C963-44D3-88A2-B0540AD12411}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC0D0F0F-DAEC-4297-9451-C8B98AD770E1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skypec2c - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/18 03:50:17 | 000,465,216 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/09/10 18:36:44 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/05/24 16:43:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:01 | 000,000,000 | ---D | C] -- C:\FRST
[2016/05/23 20:29:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/05/23 12:34:19 | 000,113,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/23 12:32:34 | 031,600,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/23 12:32:34 | 025,372,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/23 12:32:34 | 021,794,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/23 12:32:34 | 019,110,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/23 12:32:34 | 018,138,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/23 12:32:34 | 001,581,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/23 12:32:34 | 000,911,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/23 12:32:34 | 000,476,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/23 12:32:34 | 000,394,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/23 12:32:34 | 000,177,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/23 12:32:34 | 000,155,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/23 12:32:34 | 000,153,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/23 12:32:34 | 000,141,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/23 12:32:34 | 000,131,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/23 12:32:34 | 000,046,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/23 12:32:33 | 021,336,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/23 12:32:33 | 017,732,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/23 12:32:33 | 017,236,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/23 12:32:33 | 003,447,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/23 12:32:33 | 003,001,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/23 12:32:33 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/23 12:32:33 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/23 12:32:33 | 000,984,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/23 12:32:33 | 000,770,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/23 12:32:33 | 000,708,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/23 08:46:20 | 000,444,656 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 08:44:44 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2016/05/23 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/05/21 19:34:30 | 000,797,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/21 19:34:30 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/13 12:21:06 | 001,922,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/13 12:21:06 | 001,573,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/13 12:18:23 | 000,113,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016/05/13 12:18:23 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/13 12:18:23 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/05/25 13:36:17 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 13:36:17 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 13:20:44 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Grilled Pocket Burgers by the BBQ Pit Boys - YouTube.URL
[2016/05/25 13:18:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/25 13:13:02 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/25 10:33:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-4097007782-1966444928-4019047729-1000.job
[2016/05/25 02:40:37 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\150 Anglické Věty Pro Začátečníky - YouTube.URL
[2016/05/24 18:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8a5ab905131a.job
[2016/05/24 16:47:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/05/24 16:43:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gabi\Desktop\OTL.exe
[2016/05/24 11:39:27 | 013,017,592 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/05/24 11:39:27 | 013,011,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/24 11:39:27 | 009,057,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/24 11:39:27 | 004,369,038 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/05/24 11:39:27 | 004,350,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/24 11:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/24 11:33:18 | 4281,032,702 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/23 14:17:14 | 000,001,188 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1d0407e5afc26.job
[2016/05/23 11:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000UA1cf8a33639a01d.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d09002253e2ab2.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d03ffbcb6285ca.job
[2016/05/23 11:12:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8a5ab91b5a8e.job
[2016/05/23 11:12:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097007782-1966444928-4019047729-1000Core1cf8a3361aa5f9.job
[2016/05/23 11:07:34 | 000,000,209 | ---- | M] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 09:18:06 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/23 09:18:06 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/23 08:46:20 | 000,444,656 | ---- | M] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2016/05/23 02:24:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:43 | 000,001,654 | ---- | M] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 17:10:34 | 001,581,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2016/05/21 17:10:34 | 000,141,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016/05/21 17:10:34 | 000,046,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016/05/20 03:01:55 | 039,979,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/20 03:01:55 | 035,117,112 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/20 03:01:55 | 031,600,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016/05/20 03:01:55 | 025,372,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016/05/20 03:01:55 | 021,794,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016/05/20 03:01:55 | 021,336,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016/05/20 03:01:55 | 019,110,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016/05/20 03:01:55 | 018,138,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016/05/20 03:01:55 | 017,732,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016/05/20 03:01:55 | 017,236,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016/05/20 03:01:55 | 016,693,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2016/05/20 03:01:55 | 014,293,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016/05/20 03:01:55 | 010,642,728 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 008,733,096 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/20 03:01:55 | 003,825,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016/05/20 03:01:55 | 003,447,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016/05/20 03:01:55 | 003,383,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016/05/20 03:01:55 | 003,001,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016/05/20 03:01:55 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436822.dll
[2016/05/20 03:01:55 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436822.dll
[2016/05/20 03:01:55 | 000,984,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016/05/20 03:01:55 | 000,911,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016/05/20 03:01:55 | 000,770,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016/05/20 03:01:55 | 000,708,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016/05/20 03:01:55 | 000,669,952 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,565,392 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/20 03:01:55 | 000,476,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016/05/20 03:01:55 | 000,394,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016/05/20 03:01:55 | 000,177,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016/05/20 03:01:55 | 000,155,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016/05/20 03:01:55 | 000,153,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016/05/20 03:01:55 | 000,131,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016/05/20 03:01:55 | 000,039,124 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/20 03:01:55 | 000,000,594 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/19 22:11:23 | 006,346,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016/05/19 22:11:23 | 002,454,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016/05/19 22:11:21 | 001,762,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016/05/19 22:11:21 | 000,531,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2016/05/19 22:11:21 | 000,393,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016/05/19 22:11:21 | 000,083,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2016/05/19 22:11:21 | 000,069,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016/05/19 21:45:30 | 000,113,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016/05/18 19:25:24 | 006,448,223 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016/05/17 09:40:36 | 000,000,224 | ---- | M] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | M] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | M] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/10 00:07:01 | 001,922,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6436519.dll
[2016/05/10 00:07:01 | 001,573,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6436519.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016/05/02 01:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 01:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 01:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 01:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 01:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/05/25 13:20:44 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Grilled Pocket Burgers by the BBQ Pit Boys - YouTube.URL
[2016/05/25 02:40:37 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\150 Anglické Věty Pro Začátečníky - YouTube.URL
[2016/05/24 16:47:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016/05/23 14:17:12 | 000,001,188 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160523_141706.reg
[2016/05/23 12:32:34 | 010,642,728 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016/05/23 12:32:34 | 008,733,096 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/05/23 12:32:33 | 039,979,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016/05/23 12:32:33 | 035,117,112 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/05/23 12:32:33 | 000,669,952 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,565,392 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016/05/23 12:32:33 | 000,000,594 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016/05/23 11:07:34 | 000,000,209 | ---- | C] () -- C:\Users\gabi\Desktop\WeTransfer.URL
[2016/05/23 02:24:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/05/22 23:43:41 | 000,001,654 | ---- | C] () -- C:\Users\gabi\Documents\cc_20160522_234339.reg
[2016/05/21 19:34:31 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/17 09:40:36 | 000,000,224 | ---- | C] () -- C:\Users\gabi\Desktop\Beer Can Bacon Burger recipes by the BBQ Pit Boys - YouTube.URL
[2016/05/15 16:45:35 | 000,000,228 | ---- | C] () -- C:\Users\gabi\Desktop\MicroTouch Switchblade™ - 2 in 1 Trimmer Lets You Groom Everywhere, Head to Toe!.URL
[2016/05/15 12:28:56 | 000,000,292 | ---- | C] () -- C:\Users\gabi\Desktop\Dutch Glow® Cleaning Tonic Powerful, nontoxic, all natural kitchen cleaner!.URL
[2016/05/03 22:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/05/03 22:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016/05/03 22:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016/03/10 14:31:09 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/03/10 14:31:09 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/02/13 21:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016/02/13 21:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015/09/06 15:43:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2015/05/16 15:50:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/05/09 10:42:58 | 000,002,848 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2015/04/07 05:49:19 | 000,000,064 | ---- | C] () -- C:\Users\gabi\AppData\Local\29ac5b7c7af3f31b11ecb2fdbcc37a98
[2015/02/27 15:07:32 | 000,082,064 | ---- | C] () -- C:\Windows\cadkasdeinst01cz.exe
[2015/02/27 14:21:20 | 000,001,290 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2015/02/27 14:09:40 | 000,404,624 | ---- | C] () -- C:\Windows\cadkasdeinst01e_64.exe
[2015/01/05 12:46:17 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/12/24 19:54:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/12 12:48:52 | 000,003,584 | ---- | C] () -- C:\Users\gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/26 12:19:02 | 000,000,005 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WBPU-TTL.DAT
[2013/08/26 12:19:01 | 000,000,114 | ---- | C] () -- C:\Users\gabi\AppData\Roaming\WB.CFG
[2013/08/26 11:19:52 | 000,000,896 | RHS- | C] () -- C:\Users\gabi\ntuser.pol
[2013/05/10 18:04:49 | 000,007,611 | ---- | C] () -- C:\Users\gabi\AppData\Local\Resmon.ResmonCfg
[2013/04/07 18:17:42 | 000,000,424 | ---- | C] () -- C:\Users\gabi\AppData\Local\UserProducts.xml
[2013/03/09 12:29:41 | 000,002,661 | ---- | C] () -- C:\Users\gabi\AppData\Local\recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 14:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 13:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:16E15B52

< End of report >

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 19:21
od Rudy
Jeden z logů se jmenuje OTL a druhý Extras. Bez toho se nedá pokračovat.

Re: Prosim o kontrolu logu

Napsal: 25 kvě 2016 20:52
od Chmalka
Tak ted mi to konecne udelalo aj ten druhy log. Musela jsme to vyhodit a stahnout novy. Tak snad uz to bude v poradku.

OTL Extras logfile created on: 5/25/2016 3:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gabi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.07% Memory free
31.96 Gb Paging File | 29.27 Gb Available in Paging File | 91.56% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.03 Gb Total Space | 219.09 Gb Free Space | 49.01% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 261.78 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 187.07 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: GABI-PC | User Name: gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Uschovna.cz] -- C:\Program Files (x86)\Uschovna.cz\Uschovna_cz.exe /sendto: %1 (Capsa)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Uschovna.cz] -- C:\Program Files (x86)\Uschovna.cz\Uschovna_cz.exe /sendto: %1 (Capsa)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0325B0A8-6B4F-4325-B9FA-9E700DBE2A67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BDA1E53-6DE9-4E51-A15D-A98E541746C1}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1556E73E-D815-419A-A9FF-82026FC2FBA5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1B102F9C-5894-4208-A92E-E08B7B937730}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B4D55F3-BB4D-40C4-8E4E-B668A71060CC}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
"{1C92A824-2BE4-4E00-BC47-24962AE12269}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{23BE8D4D-5D4B-41A2-8007-D5D60E94B636}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28BDB985-2BF4-4897-BF26-3C1D8A6D4446}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E5FE74C-2D5D-4443-9FCD-ED5D332C3A1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FB3DCAB-E976-4B8E-A3ED-0ED4BB3A6B8B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{308CE68E-6ABE-4DDB-8B47-805CAB20225A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3246F0CC-647A-43AF-9E3E-501F1B852E5A}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{468B2199-2767-4BF7-A714-3F9DFB2B7990}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46969B1B-56FC-4A90-A800-7A1B02E5E1E9}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{520B88A9-FD4F-4148-AD5F-46491170F58A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{522C0207-2520-443C-A5C1-AC9549BA4ABF}" = lport=138 | protocol=17 | dir=in | app=system |
"{59281712-2541-4E6A-A149-48023513CC71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D4E3FFB-02D7-48AA-8C1E-545237CB3BC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66E59D05-FC28-4DF8-A830-B27E4A37C83C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B800E91-2EC4-48AD-AAAD-78DCE5B359F6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{718354B2-15A9-4998-AF9F-A66D40C09F88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7334A73A-FE31-4206-8141-A2D340F5713E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CA360DE-F201-4ACA-9F8B-829AF3526E58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9013B761-F0B6-40A0-BD53-1F7DE32A0374}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90700B21-8335-49F9-AF96-3F0D0D7DA6C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{92EBEB2F-7E6D-45D2-AD42-79EF7A879788}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9A5DE0D9-A7BE-464B-A6FC-1D2EAB8CA41D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A576EAA2-07FB-4369-86BB-FF9BCDC5129B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A6BC7612-843F-4229-A6C4-11B40D935670}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{A92620D2-0D04-4259-AB16-202A1AFDC3A6}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{ACA16760-C296-4902-9AB0-D75B4E1A9B09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AD430F13-D014-4808-A13C-F4211DFC107B}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{BF54C441-A1C4-4B2C-AFF7-3A528255D16A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D13BF2A0-F414-4A3C-9118-7AB0DC299C1E}" = lport=445 | protocol=6 | dir=in | app=system |
"{D36AE2B0-3F5C-440F-BC9D-897124AA9876}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3CF1041-D8BD-44ED-B73B-918F4AD8F36A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D86F33BD-DB31-43D1-B1DB-068485527B5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9B22BA7-6681-429A-92E4-B00D6B7C04F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E014DA9D-6CCE-4C59-B996-9833B2A01487}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\sony\playmemories home\pmbbrowser.exe |
"{E0637BFB-1003-48EC-897C-67C005680CCA}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E19C4CF0-E74C-4690-B58C-CCFA5E282323}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB9CB6BD-BE79-49D8-A2CC-591737C970E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED9EC7D0-8106-429F-9BBF-20C072B9E561}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F19FF12F-6E4F-44E9-9D0B-076D2D49CC19}" = rport=139 | protocol=6 | dir=out | app=system |
"{F95438DD-EC2F-4541-9A79-219B55DCCFDE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0065A694-EEAC-4BA5-815E-3556B4915392}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{130A1999-6273-45C0-94D2-B7695DE4A2BA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{143F2AC4-6234-433C-85A7-16A65FFB9A9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1880233B-18B0-4BC5-A8CB-72BBE251F9DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D2022AE-82E2-457D-ADC0-DFAAFB6642EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2055731D-5E24-4FC9-A44C-C3DD78A1F161}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25F74A5B-6091-4DBF-B08A-395C37E2080A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C25DC7E-73C6-4924-9341-DB64606ADA4A}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{2EEA238B-B756-4606-AEB8-023CB13E4E09}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe |
"{303F14B6-E8DF-4C63-804C-F3C1325CF6A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{314C9C7E-5A51-4170-8BBC-5325D400847B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{345263CA-9C2A-4992-821B-0B33112646B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{363D2EB3-014C-42F9-B64F-12E38C70F25A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F98E4CA-3667-4225-B303-09A29DED7229}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4419EBCE-2CA3-43DB-955B-828684956D41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{448D87B9-8FD3-4767-81B1-D069BFDBEF0F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4E17BA4D-CC06-4AA5-83DC-026961F02FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\playmemories home\pmbbrowser.exe |
"{52540C2A-E070-42DB-B21C-54DD2AB8B290}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5579C489-CDBB-4198-A0ED-3B049C8CD55F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E68D909-0C1E-454A-8EF1-92DFC425E712}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{63179D3D-111C-4044-B226-346CA4975F33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DC82B3C-4E70-4E5E-BECE-4B645ABF5A39}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{7F24F425-8FC5-477A-B8EC-7BAF4287B120}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88FAA6FB-40ED-4569-A569-A3E7C7DC5B06}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe |
"{909BC4C5-D9E7-44F0-932A-8663D1420BE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{931F7EE6-0636-4EEF-9069-9C43E3B2E9DD}" = dir=out | app=c:\program files (x86)\iobit\driver booster\autoupdate.exe |
"{952FE617-970D-4D54-B83A-E563DC3B6A55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9590597B-DDA7-42E7-816A-0E1674460575}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0244989-C03F-4221-808B-CEC289E2FD4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3ACAC87-011E-4FE0-BE83-9E9B2FC02358}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe |
"{A5DA47BE-D0A5-43CA-BA7B-7AB8AC953CDE}" = dir=in | app=c:\users\gabi\appdata\local\microsoft\onedrive\onedrive.exe |
"{A9ECE218-F14A-4D08-AC6E-EE5AD065385A}" = dir=in | app=c:\program files (x86)\iobit\driver booster\autoupdate.exe |
"{B5E69D31-CCB9-4B46-8BB6-B28AC3201190}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BCD731B6-91E8-45B3-A99A-F6318D10F631}" = dir=in | app=c:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe |
"{BEC6AEBF-8FE1-42AE-9E6E-C1C04BBBF8B7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C3659139-2CB7-4105-9D13-346F3AEFE95F}" = protocol=6 | dir=out | app=system |
"{C6341DB6-A747-4533-8D6F-E443E82B3E51}" = dir=in | app=c:\program files\hp\hp envy 5530 series\bin\devicesetup.exe |
"{CF02FDDE-98D9-416E-84EF-BA201A232AD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1E2B5AA-B460-4C0C-AD35-33D8C615D074}" = dir=out | app=c:\program files (x86)\iobit\driver booster\driverbooster.exe |
"{D56C4C9D-5E1C-432C-B0E9-2FE5F039A58C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD6728BA-0293-4824-BDCF-E64E8554FB13}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe |
"{E334B504-CBC1-4B54-9994-24D810A7385A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe |
"{E8E7E320-789C-4721-A2C9-10CBCBB5DE24}" = dir=in | app=c:\program files (x86)\iobit\driver booster\driverbooster.exe |
"{EA4B1F1D-693A-4CCF-B4A3-85CA70314E75}" = dir=in | app=c:\program files (x86)\iobit\driver booster\dbdownloader.exe |
"{EC2004E0-4870-44DE-B884-E4C2C9308573}" = dir=out | app=c:\program files (x86)\iobit\driver booster\dbdownloader.exe |
"{F02F44C8-E2C8-46BB-8571-EF120B87FD61}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F0810CC6-7FC8-466C-9CD7-BF818652132F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7985A57-0114-4CD9-B012-E7543CC65FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe |
"TCP Query User{2B73D512-247F-4B61-9D20-02ECECC06594}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{68DB07B0-4B68-4A9F-A4F6-3F8BE0DECC75}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{31F4696A-E711-4CD2-B826-10515A6C4374}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{5395F69B-A577-4D81-864B-F9D39E79A04F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB}" = AMD Accelerated Video Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F06417080FF}" = Java 7 Update 80 (64-bit)
"{30921AC4-6875-F7DF-B48B-2BB68C000BB6}" = AMD Media Foundation Decoders
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{37D41A97-6B02-4C30-8753-85107BE1D674}" = Intel® RealSense™ SDK 2014 Runtime (x64): Core
"{37FCE154-7F59-74F0-3A35-BF503CEB230B}" = AMD Catalyst Install Manager
"{3A194988-24D4-4C26-B1B8-C0281CFC5290}" = Studie vylepšování produktu HP ENVY 5530 series
"{3D576235-F0CE-4B50-A9C6-0775B9E50B63}" = MergeModule_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D8E383E-0AB7-482D-9327-BB92D53312B4}" = ESET Smart Security
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{526002E5-7D5B-4703-A4E3-BA566AED5D8A}" = Intel(R) Biometric and Context Agent
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6C676266-91E4-DC71-E661-13494AC29A3E}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82CD33B2-1DE6-4663-B6F0-1592B2376F78}" = VS10Runtimex64
"{90150000-0015-0405-1000-0000000FF1CE}" = Microsoft Access MUI (Czech) 2013
"{90150000-0016-0405-1000-0000000FF1CE}" = Microsoft Excel MUI (Czech) 2013
"{90150000-0018-0405-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Czech) 2013
"{90150000-0019-0405-1000-0000000FF1CE}" = Microsoft Publisher MUI (Czech) 2013
"{90150000-001A-0405-1000-0000000FF1CE}" = Microsoft Outlook MUI (Czech) 2013
"{90150000-001B-0405-1000-0000000FF1CE}" = Microsoft Word MUI (Czech) 2013
"{90150000-001F-0405-1000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-041B-1000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2013
"{90150000-0044-0405-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Czech) 2013
"{90150000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2013
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-0090-0405-1000-0000000FF1CE}" = Microsoft DCF MUI (Czech) 2013
"{90150000-00A1-0405-1000-0000000FF1CE}" = Microsoft OneNote MUI (Czech) 2013
"{90150000-00BA-0405-1000-0000000FF1CE}" = Microsoft Groove MUI (Czech) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2013
"{90150000-00E1-0405-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Czech) 2013
"{90150000-00E2-0405-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Czech) 2013
"{90150000-012B-0405-1000-0000000FF1CE}" = Microsoft Lync MUI (Czech) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{999DB5B3-EE44-8837-2B51-4AF44CD1FD22}" = AMD Drag and Drop Transcoding
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 368.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 368.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 368.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 364.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.34.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DF005DA9-467C-497F-B0E4-D8AF6B956809}" = Základní software zařízení HP ENVY 5530 series
"{E6D505B9-1A18-4F67-9BE0-D37B5164D581}" = Intel(R) Biometric and Context Agent Redistributables
"{F07F9109-D141-4E88-BFF5-0206D61994F5}" = SOHLib for PlayMemories Home
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Logitech Gaming Software" = Logitech Gaming Software 8.53
"Logitech Unifying" = Logitech Unifying Software 2.50
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"OneNoteFreeRetail - cs-cz" = Microsoft OneNote 2013 - cs-cz
"PDF Editor 64bit 4" = PDF Editor 64bit 4
"SolarApp" = Logitech Solar App 1.10
"sp6" = Logitech SetPoint 6.32
"TrueKey" = Intel Security True Key
"VulkanRT1.0.11.1" = Vulkan Run Time Libraries 1.0.11.1
"VulkanRT1.0.3.0" = Vulkan Run Time Libraries 1.0.3.0
"WinRAR archiver" = WinRAR 5.21 (64-bit)
"ZonerPhotoStudio16_Christmas_Envelopes_CZ_is1" = Zoner Photo Studio - Vánoční obálky
"ZonerPhotoStudio16_CZ_is1" = Zoner Photo Studio 16
"ZonerPhotoStudio16_Templates_CZ_is1" = Zoner Photo Studio 16 - Obálky a šablony

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"%ProgramName%" = picture-shark 1.0
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{05E34A3D-3B28-4F90-89E3-D66ECE6822CC}" = HP ENVY 5530 series Nápověda
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19687AD5-7E54-4C5E-A796-125C95079C1D}" = Adobe AIR
"{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}" = PMB_ModeEditor
"{1D090074-8F48-4749-9650-DB716FDE57D9}" = Free Collage Maker
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.2
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F03217080FF}" = Java 7 Update 80
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{306CBA87-E890-4FBB-9AB8-E65C96D352B2}" = MergeModule_x86
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.3.0.0
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{48EBEBBF-B9F8-4520-A3CF-89A730721917}" = The Sims™ 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{5FA1D4AD-5929-4A14-B711-A5A9D8DC9F96}" = Translate Genius
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{709316AD-161C-4D5C-9AE7-0B3A822DA271}" = Google Drive
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80F3F10B-A177-4494-93CE-98090D819093}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{822C3333-F2C2-4776-9384-660A50FD6655}" = Day Organizer, ver. 2.2.1.4
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{8531A154-5045-4E32-885A-391F750C5DE2}_is1" = Uschovna.cz 1.1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0405-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.14.5
"{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}" = PlayMemories Home
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry's Sweet Treats
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}" = PVZ Garden Warfare
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Hotspot Admin
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.15) MUI
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{D0A231B2-5921-45B7-A2FC-4EC937D6E020}" = PMB_ServiceUploader
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{D5530732-F70E-47EC-8C29-1606B2EE262A}" = ENVY5530FWUpdateAlert
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E9275D69-7DEC-430B-BA1B-F74DFF9B0B43}" = Disk Unlocker
"{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}" = Bejeweled® 3
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = Catalyst Control Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F4163F-6A2D-48BA-BC36-23C33B0ECDB5}" = calibre
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16247B8-CD07-40C4-8C96-FC2568G29E8F}}_is1" = Plugin 7
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F3ED01FE-B62F-4CA4-BACA-822369BC0FB7}" = TuneUp Utilities Language Pack (en-GB)
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC3C2B77-6800-48C6-A15D-9D1031130C16}" = HP Support Solutions Framework
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Advanced SystemCare_is1" = Advanced SystemCare 9
"AirDroid" = AirDroid 3.1.3.0
"Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7.33
"ASUS WebStorage" = ASUS WebStorage
"Driver Booster_is1" = Driver Booster 3.3
"Easy Macro Recorder_is1" = Easy Macro Recorder 4.51
"Fotor" = Fotor 2.0.2
"Game Booster_is1" = Game Booster 3
"HandyUpdater" = Handy Updater
"IcoFX_is1" = IcoFX 1.6.4
"iFreeUp_is1" = iFreeUp 1.0
"IObit Malware Fighter_is1" = IObit Malware Fighter 3
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.5
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.1.1043
"Mozilla Firefox 46.0.1 (x86 cs)" = Mozilla Firefox 46.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MV2Player" = MV2Player (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.16.1860" = Opera 12.16
"Origin" = Origin
"Recepty doma_is1" = Recepty doma
"Smart Defrag_is1" = Smart Defrag 5
"StrongDC++" = StrongDC++ 2.41
"The Sims 4 Deluxe Edition 1.0.0" = The Sims 4 Deluxe Edition
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"VLC media player" = VLC media player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4097007782-1966444928-4019047729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"OneDriveSetup.exe" = Microsoft OneDrive
"PhotoFiltre 7" = PhotoFiltre 7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/25/2016 8:21:17 AM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 9:21:17 AM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 10:21:17 AM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 11:21:18 AM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 12:21:18 PM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 1:21:18 PM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 2:21:18 PM | Computer Name = gabi-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovac aktivace licence (sppuinotify.dll) byl ukoncen s následujícím
kódem chyby: 0x80070005

Error - 5/25/2016 3:14:56 PM | Computer Name = gabi-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdarila. Chyba 0x80070005.

Error - 5/25/2016 3:20:57 PM | Computer Name = gabi-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota retezce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostredkovatele cítace rozšírení. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové cásti. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje tretí hodnota DWORD datové cásti.

Error - 5/25/2016 3:20:57 PM | Computer Name = gabi-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota retezce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostredkovatele cítace rozšírení. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové cásti. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje tretí hodnota DWORD datové cásti.

Error - 5/25/2016 3:20:57 PM | Computer Name = gabi-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnení retezcu cítacu výkonu pro službu WmiApRpl (WmiApRpl) se nezdarilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.

[ Media Center Events ]
Error - 5/21/2016 3:38:51 AM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 3:38:51 AM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/21/2016 9:48:27 AM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:48:27 AM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/21/2016 9:32:18 PM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:32:18 PM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/22/2016 9:33:54 AM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:33:54 AM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/22/2016 9:56:35 PM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:56:35 PM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/23/2016 9:31:37 AM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:31:37 AM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/23/2016 9:16:23 PM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:16:23 PM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/24/2016 9:29:15 AM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:29:15 AM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/24/2016 9:25:42 PM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:25:42 PM - Failed to retrieve nettv (Error: PackageName is invalid.)


Error - 5/25/2016 9:23:05 AM | Computer Name = gabi-PC | Source = MCUpdate | ID = 0
Description = 9:23:05 AM - Failed to retrieve nettv (Error: PackageName is invalid.)


[ System Events ]
Error - 5/24/2016 11:33:26 AM | Computer Name = gabi-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladace pro spouštení pocítace nebo systému
se nezdarilo: VDiskBus

Error - 5/24/2016 11:35:27 AM | Computer Name = gabi-PC | Source = Service Control Manager | ID = 7023
Description = Služba PnP-X IP Bus Enumerator byla ukoncena s následující chybou:
%%-2147023728

Error - 5/24/2016 12:21:16 PM | Computer Name = gabi-PC | Source = DCOM | ID = 10001
Description =

Error - 5/25/2016 3:53:46 AM | Computer Name = gabi-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 5/25/2016 11:56:43 AM | Computer Name = gabi-PC | Source = cdrom | ID = 262155
Description = Ovladac zjistil chybu radice na \Device\CdRom0.

Error - 5/25/2016 12:21:18 PM | Computer Name = gabi-PC | Source = DCOM | ID = 10001
Description =

Error - 5/25/2016 3:14:57 PM | Computer Name = gabi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Remote Access Connection Manager závisí na službe Secure Socket
Tunneling Protocol Service, která neuspela pri spuštení v dusledku následující
chyby: %%0

Error - 5/25/2016 3:14:57 PM | Computer Name = gabi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Internet Connection Sharing (ICS) závisí na službe Remote Access
Connection Manager, která neuspela pri spuštení v dusledku následující chyby: %%1068

Error - 5/25/2016 3:15:00 PM | Computer Name = gabi-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladace pro spouštení pocítace nebo systému
se nezdarilo: VDiskBus

Error - 5/25/2016 3:17:00 PM | Computer Name = gabi-PC | Source = Service Control Manager | ID = 7023
Description = Služba PnP-X IP Bus Enumerator byla ukoncena s následující chybou:
%%-2147023728


< End of report >
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz