﻿Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by BetaVerze (administrator) on BETAVERZE-PC (16-03-2016 22:11:56)
Running from C:\Users\BetaVerze\Desktop
Loaded Profiles: BetaVerze (Available Profiles: BetaVerze)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK COMPUTER INC.) C:\Windows\System32\ATKFUSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft) C:\Program Files (x86)\365dni\365dniNET.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
() C:\Program Files (x86)\EASEUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(forum.viry.cz) C:\Users\BetaVerze\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1065080 2016-03-03] ()
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-409041142-459604370-2198087559-1000\...\Run: [365dni] => C:\Program Files (x86)\365dni\365dniNET.exe [858624 2010-05-13] (Microsoft)
HKU\S-1-5-21-409041142-459604370-2198087559-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
Startup: C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2015-04-07]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk *  PDBoot.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-409041142-459604370-2198087559-1000] => http=127.0.0.1:1042;https=127.0.0.1:1042
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0DC0A56B-602D-40DE-A012-EAF600461F86}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{786BEB82-0C00-48F8-A716-46C470793C7B}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-409041142-459604370-2198087559-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-409041142-459604370-2198087559-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-409041142-459604370-2198087559-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-409041142-459604370-2198087559-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-26] (Qihu 360 Software Co., Ltd.)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-26] (Qihu 360 Software Co., Ltd.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-14] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll [2011-07-11] (Wolfram Research, Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF SearchPlugin: C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default\searchplugins\duckduckgo.xml [2014-09-04]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default\extensions\artur.dubovoy@gmail.com [2015-06-10]
FF Extension: Record Page - C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default\Extensions\{80249d94-cb27-4919-8ae8-70c3a10ec453}.xpi [2015-05-30] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-14] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-14] [not signed]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-02-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-03-03]
FF HKU\S-1-5-21-409041142-459604370-2198087559-1000\...\Firefox\Extensions: [{DBF68C10-4AEE-41f2-831A-BA4562C45E81}] - C:\Users\BetaVerze\AppData\Roaming\SAIG\Surfulater\FirefoxExtension\3.42.00
FF Extension: Surfulater Integration - C:\Users\BetaVerze\AppData\Roaming\SAIG\Surfulater\FirefoxExtension\3.42.00 [2011-10-29] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Obchod) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-16]
CHR Extension: (Disk Google) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-16]
CHR Extension: (YouTube) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (Vyhledávání Google) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-16]
CHR Extension: (Obchod) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-16]
CHR Extension: (Gmail) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-16]
CHR HKU\S-1-5-21-409041142-459604370-2198087559-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BETAVE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

Opera: 
=======
OPR Extension: (360 Internet Protection) - C:\Users\BetaVerze\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2016-03-15]
OPR Extension: (Record Page) - C:\Users\BetaVerze\AppData\Roaming\Opera Software\Opera Stable\Extensions\oaphlnkkagindbgmjlcnicllejgalilh [2015-05-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-09-22] (ABBYY)
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 ASWLCCSvc; C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [172032 2009-05-21] () [File not signed]
R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.) [File not signed]
S4 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37448 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [78536 2011-10-22] (Macrovision                                                    )
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657640 2014-05-12] (O&O Software GmbH)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (Â© pdfforge GmbH.)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [908408 2016-02-26] (QIHU 360 SOFTWARE CO. LIMITED)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2016-02-26] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-12-17] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-12-17] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-26] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-06-25] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-02-26] (360.cn)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-09-02] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2014-09-02] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-09-02] (Emsisoft GmbH)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-12-14] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-04-23] (Windows (R) Win 7 DDK provider)
R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
S3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [67352 2015-04-23] (ASUS Corporation)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-02-26] (360.cn)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-09-02] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2014-08-13] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-01] (Glarysoft Ltd)
R2 LiveTunerPM; D:\Ashampoo WinOptimizer 10.02.05 CZ portable\App\WinOptimizer\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 rvsmon; C:\Windows\System32\DRIVERS\rvsmon.sys [151752 2009-10-16] (CJSC Returnil Software)
R2 rvsmonf; C:\Windows\System32\DRIVERS\rvsmonf.sys [1326416 2009-10-16] (CJSC Returnil Software)
R2 rvsmonn; C:\Windows\System32\DRIVERS\rvsmonn2.sys [21936 2009-10-16] (CJSC Returnil Software)
R0 RVSystem; C:\Windows\System32\Drivers\RVSystem.sys [49736 2013-10-29] (CJSC Returnil Software)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [7408 2009-09-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-12-04] (Sony Ericsson Mobile Communications)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-06] (Duplex Secure Ltd.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-19] (BitDefender S.R.L.)
S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
R2 WiseFs; C:\Windows\WiseFs64.sys [13264 2015-08-26] (WiseCleaner.com)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-05-19] (wisecleaner.com)
R1 WiseUnlock; C:\Windows\WiseUnlock64.sys [12240 2015-05-19] (WiseCleaner.com)
S3 catchme; \??\C:\ComboFix-2\catchme.sys [X]
U3 DfSdkS; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 22:11 - 2016-03-16 22:11 - 00112640 _____ (forum.viry.cz) C:\Users\BetaVerze\Desktop\FRSTLauncher.exe
2016-03-16 21:16 - 2016-03-16 21:17 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-16 21:13 - 2016-03-16 21:13 - 01527296 _____ C:\Users\BetaVerze\Desktop\adwcleaner_5.102.exe
2016-03-16 19:49 - 2016-03-16 19:49 - 00017550 _____ C:\Users\BetaVerze\Desktop\Addition.zip
2016-03-16 19:41 - 2016-03-16 22:12 - 00032322 _____ C:\Users\BetaVerze\Desktop\FRST.txt
2016-03-16 19:41 - 2016-03-16 22:11 - 00000000 ____D C:\FRST
2016-03-16 19:33 - 2016-03-16 19:33 - 02374144 _____ (Farbar) C:\Users\BetaVerze\Desktop\FRST64.exe
2016-03-16 08:49 - 2016-03-16 08:49 - 00081821 _____ C:\ComboFix.txt
2016-03-16 08:27 - 2016-03-16 08:49 - 00000000 ____D C:\ComboFix-2
2016-03-16 08:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-16 08:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-16 08:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-16 08:26 - 2016-03-16 08:49 - 00000000 ____D C:\Qoobox
2016-03-16 08:26 - 2016-03-16 08:47 - 00000000 ____D C:\Windows\erdnt
2016-03-16 08:15 - 2016-03-16 08:15 - 00149552 _____ C:\Users\BetaVerze\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-16 08:12 - 2016-03-16 08:13 - 00504272 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-15 00:45 - 2016-03-15 00:46 - 36135041 _____ C:\Users\BetaVerze\Downloads\SeaMonkey_Setup_2.40.exe
2016-03-14 23:36 - 2016-03-16 21:20 - 00000954 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 23:36 - 2016-03-14 23:36 - 00003702 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-14 23:35 - 2016-03-14 23:35 - 00987728 _____ (Google Inc.) C:\Users\BetaVerze\Downloads\ChromeSetup.exe
2016-03-14 19:07 - 2016-03-14 19:07 - 00000000 ____D C:\Users\BetaVerze\AppData\LocalLow\Adobe
2016-03-14 19:06 - 2016-03-14 19:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-13 23:30 - 2016-03-13 15:38 - 00001244 _____ C:\keepass.kdb
2016-03-09 16:27 - 2016-03-09 16:27 - 00009837 _____ C:\Users\BetaVerze\AppData\Local\recently-used.xbel
2016-03-07 22:48 - 2016-03-08 00:32 - 00000000 ____D C:\Karta-obnova_videa_fotky
2016-03-07 13:09 - 2016-03-07 13:09 - 00000512 _____ C:\Windows\SysWOW64\HBEDV.KEY
2016-03-03 17:23 - 2016-03-03 17:23 - 00002968 _____ C:\Windows\System32\Tasks\{890F464C-5EEF-42DC-B672-692FA921B0C8}
2016-03-03 17:22 - 2016-03-03 17:22 - 00002968 _____ C:\Windows\System32\Tasks\{4555E3B7-E1A6-42D8-9FC1-1E8215A732FA}
2016-03-01 23:17 - 2016-03-02 08:53 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2016-03-01 23:17 - 2016-03-01 23:21 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\avidemux
2016-03-01 17:25 - 2016-03-01 17:25 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\Apowersoft
2016-03-01 17:25 - 2016-03-01 17:25 - 00000000 ____D C:\ProgramData\Apowersoft
2016-03-01 17:24 - 2016-03-02 08:52 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Apowersoft
2016-02-29 20:30 - 2016-02-29 20:32 - 22324543 _____ C:\Windows\REGBK03.ZIP
2016-02-29 13:46 - 2016-02-29 13:46 - 00000000 ____D C:\HoloBackup-179d978 – kopie
2016-02-29 13:46 - 2016-02-29 13:46 - 00000000 ____D C:\HoloBackup-179d978
2016-02-29 13:28 - 2016-02-29 12:39 - 33407759 _____ C:\HoloBackup-179d978.zip
2016-02-25 15:43 - 2016-02-25 15:43 - 00003584 _____ C:\Users\BetaVerze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-25 09:19 - 2016-02-25 09:19 - 00001458 _____ C:\Users\BetaVerze\Desktop\EaseUS Partition Master 10.8.lnk
2016-02-25 08:12 - 2016-02-25 08:12 - 00001384 _____ C:\Users\Public\Desktop\EaseUS Partition Master 10.8.lnk
2016-02-25 08:12 - 2016-02-25 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2016-02-25 08:12 - 2015-09-21 00:30 - 03557000 _____ C:\Windows\system32\BootMan.exe
2016-02-25 08:12 - 2015-09-21 00:19 - 02658952 _____ C:\Windows\SysWOW64\BootMan.exe
2016-02-25 08:12 - 2014-11-18 14:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2016-02-25 08:12 - 2014-11-18 14:46 - 00017504 _____ C:\Windows\system32\EuEpmGdi.dll
2016-02-25 08:12 - 2014-11-18 14:39 - 00018528 _____ C:\Windows\system32\epmntdrv.sys
2016-02-25 08:12 - 2014-11-18 14:39 - 00014944 _____ C:\Windows\SysWOW64\epmntdrv.sys
2016-02-25 08:12 - 2014-11-18 14:39 - 00010848 _____ C:\Windows\system32\EuGdiDrv.sys
2016-02-25 08:12 - 2014-11-18 14:39 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2016-02-25 08:12 - 2014-11-18 14:38 - 00101984 _____ C:\Windows\system32\setupempdrvx64.exe
2016-02-25 08:12 - 2014-11-18 14:38 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2016-02-24 21:36 - 2016-02-24 21:36 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-02-24 21:36 - 2016-02-24 21:36 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-02-22 08:19 - 2016-02-22 08:19 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-15 20:53 - 2016-02-15 20:53 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\SHAREit
2016-02-15 20:53 - 2016-02-15 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2016-02-15 20:53 - 2016-02-15 20:53 - 00000000 ____D C:\ProgramData\Lenovo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 22:12 - 2015-06-18 20:01 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000UA.job
2016-03-16 21:57 - 2015-07-07 21:27 - 00000000 ____D C:\$360Section
2016-03-16 21:57 - 2015-07-07 21:24 - 00000000 ____D C:\ProgramData\360Quarant
2016-03-16 21:41 - 2014-05-09 23:42 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 21:31 - 2015-07-07 19:00 - 00000000 ____D C:\Users\BetaVerze\AppData\LocalLow\360WD
2016-03-16 21:26 - 2009-07-14 05:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 21:26 - 2009-07-14 05:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-16 21:24 - 2014-10-13 22:03 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-16 21:24 - 2014-05-23 13:46 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-16 21:22 - 2012-01-10 21:18 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-16 21:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-16 18:12 - 2015-06-18 20:01 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000Core.job
2016-03-16 09:10 - 2011-10-11 21:32 - 00000000 ___HD C:\Users\BetaVerze\AppData\Local\CrashDumps
2016-03-16 08:43 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-03-16 08:39 - 2009-07-14 03:34 - 99090432 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 28835840 _____ C:\Windows\system32\config\SYSTEM.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 01310720 _____ C:\Windows\system32\config\DEFAULT.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2016-03-16 08:35 - 2015-01-15 22:27 - 00000000 ____D C:\ProgramData\Temp
2016-03-16 08:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-16 08:16 - 2016-01-04 12:44 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\365dni
2016-03-16 08:15 - 2013-03-30 17:26 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Wise Care 365
2016-03-16 08:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-15 11:31 - 2012-01-13 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-15 11:23 - 2012-01-07 22:38 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2016-03-15 11:19 - 2011-10-25 23:43 - 00000000 ____D C:\Windows\Minidump
2016-03-15 11:16 - 2015-04-23 10:08 - 00002058 _____ C:\Users\BetaVerze\Desktop\Wise Care 365.lnk
2016-03-15 09:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-15 01:58 - 2014-05-06 00:22 - 00000410 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2016-03-15 00:55 - 2015-09-29 16:43 - 00001982 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2016-03-15 00:55 - 2012-01-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2016-03-15 00:07 - 2014-05-10 09:55 - 00000056 _____ C:\Windows\Lic.xxx
2016-03-14 23:59 - 2009-07-14 03:34 - 00001045 _____ C:\Windows\win.ini
2016-03-14 23:38 - 2015-04-23 10:06 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\WiseUpdate
2016-03-14 23:36 - 2013-05-22 10:36 - 00003954 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-14 23:27 - 2011-10-07 21:14 - 00000000 ____D C:\Users\BetaVerze
2016-03-14 19:07 - 2014-10-20 22:09 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\Adobe
2016-03-14 19:07 - 2011-10-07 22:00 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\Adobe
2016-03-14 19:05 - 2012-09-04 07:03 - 00000000 ____D C:\ProgramData\Adobe
2016-03-14 18:47 - 2015-04-07 19:30 - 00000000 ____D C:\Users\BetaVerze\Downloads\Shareit
2016-03-13 23:38 - 2011-10-19 22:35 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\KeePass
2016-03-13 10:50 - 2013-01-10 21:55 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-13 10:50 - 2012-04-02 06:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-13 10:50 - 2011-10-07 22:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-09 16:32 - 2012-04-12 06:53 - 00000000 ____D C:\Users\BetaVerze\.gimp-2.8
2016-03-09 16:27 - 2014-01-06 22:59 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\gtk-2.0
2016-03-08 00:34 - 2015-12-11 09:44 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\vlc
2016-03-07 23:14 - 2013-10-10 07:21 - 00000000 ____D C:\1989c5bf6cc10c89bc90
2016-03-07 21:10 - 2009-07-14 16:18 - 00670658 _____ C:\Windows\system32\perfh005.dat
2016-03-07 21:10 - 2009-07-14 16:18 - 00142270 _____ C:\Windows\system32\perfc005.dat
2016-03-07 21:10 - 2009-07-14 06:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 21:06 - 2011-10-12 06:13 - 00000000 ____D C:\Program Files\Recuva
2016-03-03 18:30 - 2015-07-07 19:00 - 00001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-03-03 18:30 - 2015-07-07 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-03-03 17:00 - 2014-06-01 07:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-03 16:38 - 2015-07-08 07:55 - 00000000 _RSHD C:\360SANDBOX
2016-03-02 09:21 - 2015-06-15 20:00 - 00000476 __RSH C:\ProgramData\ntuser.pol
2016-03-02 08:53 - 2016-02-04 15:38 - 00000000 ____D C:\ProgramData\pdfforge
2016-03-02 08:53 - 2015-06-15 11:03 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-03-02 08:53 - 2011-10-12 05:50 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\GHISLER
2016-03-02 08:53 - 2011-10-11 21:23 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\Audacity
2016-03-02 08:53 - 2011-10-08 23:08 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\IrfanView
2016-03-02 08:53 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-29 23:58 - 2015-01-14 08:12 - 00000000 ____D C:\AdwCleaner
2016-02-29 23:28 - 2012-01-07 08:25 - 00785075 _____ C:\Users\BetaVerze\Documents\pinfect.zip
2016-02-29 16:45 - 2016-01-23 00:21 - 00000000 ____D C:\ASUS záloha
2016-02-29 09:08 - 2014-03-03 21:51 - 00000000 ____D C:\JY-G4
2016-02-28 21:27 - 2013-06-24 05:56 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\Windows Live
2016-02-28 18:27 - 2012-01-18 09:34 - 00000000 ____D C:\Windows\pss
2016-02-26 11:56 - 2015-07-07 19:00 - 00370768 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2016-02-26 11:56 - 2015-07-07 19:00 - 00319568 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-02-26 11:56 - 2015-07-07 19:00 - 00181328 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-02-26 11:56 - 2015-07-07 19:00 - 00137808 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-02-25 15:25 - 2015-06-15 11:04 - 00000000 ____D C:\Users\BetaVerze\Documents\The KMPlayer
2016-02-25 15:24 - 2015-06-15 11:03 - 00001035 _____ C:\Users\BetaVerze\Desktop\KMPlayer.lnk
2016-02-25 15:19 - 2015-06-15 12:40 - 00001209 _____ C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-02-25 15:19 - 2015-06-15 12:40 - 00001185 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-02-25 08:39 - 2013-10-03 20:57 - 00000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 5.2
2016-02-25 08:12 - 2012-01-31 11:33 - 00000000 ____D C:\Program Files (x86)\EASEUS
2016-02-22 08:19 - 2012-05-13 11:19 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Dropbox
2016-02-18 12:03 - 2016-02-11 12:03 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-02-17 16:34 - 2016-02-04 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-02-17 16:34 - 2015-04-07 17:07 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-02-15 20:53 - 2015-04-07 17:06 - 00001106 _____ C:\Users\Public\Desktop\SHAREit.lnk
2016-02-15 20:53 - 2015-04-07 17:06 - 00000000 ____D C:\Program Files (x86)\Lenovo

==================== Files in the root of some directories =======

2015-07-19 23:12 - 2009-02-26 19:57 - 0652884 _____ (                                                            ) C:\Program Files\Vypínač na dobrou noc verze 2.0.exe
2014-02-28 10:36 - 2014-02-28 10:35 - 0581632 _____ (Joshua F. Madison) C:\Program Files (x86)\convert.exe
2014-09-05 08:21 - 2013-08-22 19:50 - 0357337 _____ () C:\Program Files (x86)\EAM-TR.exe
2014-05-01 19:10 - 2013-03-29 23:23 - 1563968 _____ (IObit) C:\Program Files (x86)\Iobit......HANZY.exe
2011-10-26 22:41 - 1997-12-01 01:00 - 2954628 ____R () C:\Program Files (x86)\Mtran.dic
2011-10-26 22:37 - 1997-12-01 01:00 - 0317440 ____R () C:\Program Files (x86)\Mtran.exe
2014-05-03 21:21 - 2014-04-16 13:04 - 7953080 _____ (DonationCoder) C:\Program Files (x86)\ScreenshotCaptor.exe
2005-03-05 17:21 - 2002-09-17 11:20 - 0035456 _____ () C:\Program Files (x86)\Common Files\EXIF Glossar.HLP
2005-03-05 17:21 - 2005-03-12 14:39 - 1347584 _____ (Ralf Bibinger) C:\Program Files (x86)\Common Files\EXIF Viewer.exe
2005-03-05 17:21 - 2005-03-12 14:49 - 0609358 _____ () C:\Program Files (x86)\Common Files\EXIF Viewer.HLP
2005-03-05 17:21 - 2005-03-22 12:47 - 0014790 _____ () C:\Program Files (x86)\Common Files\Kamera2.Cfg
2005-03-05 17:21 - 2004-08-19 17:40 - 0029532 _____ () C:\Program Files (x86)\Common Files\Nikon.jpg
2005-03-05 17:21 - 2005-02-03 18:45 - 0026097 _____ () C:\Program Files (x86)\Common Files\TIF.jpg
2013-10-04 22:42 - 2013-10-04 23:22 - 0012926 _____ () C:\Users\BetaVerze\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-04-05 17:52 - 2015-01-16 00:42 - 0000134 _____ () C:\Users\BetaVerze\AppData\Roaming\PDFShaper.ini
2014-07-31 13:08 - 2014-07-31 13:08 - 0000024 ___SH () C:\Users\BetaVerze\AppData\Roaming\System5908ConfigCollection.dat
2011-10-29 20:40 - 2015-08-30 15:01 - 0000202 _____ () C:\Users\BetaVerze\AppData\Roaming\varicad-work.ini
2012-07-19 23:34 - 2012-07-19 23:34 - 0000118 _____ () C:\Users\BetaVerze\AppData\Local\Config_4E29823E.dat
2016-02-25 15:43 - 2016-02-25 15:43 - 0003584 _____ () C:\Users\BetaVerze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 19:44 - 2014-05-04 19:44 - 0000058 _____ () C:\Users\BetaVerze\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-07-19 23:34 - 2012-07-19 23:34 - 0000038 _____ () C:\Users\BetaVerze\AppData\Local\Index_4E29823E.dat
2016-03-09 16:27 - 2016-03-09 16:27 - 0009837 _____ () C:\Users\BetaVerze\AppData\Local\recently-used.xbel
2011-10-29 20:35 - 2014-01-11 00:35 - 0007597 _____ () C:\Users\BetaVerze\AppData\Local\Resmon.ResmonCfg
2013-11-04 12:39 - 2013-11-04 12:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-10-13 19:47 - 2011-10-13 19:47 - 0000114 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

ZeroAccess:
C:\Users\BetaVerze\AppData\Local\01ea421c
C:\Users\BetaVerze\AppData\Local\01ea421c\@

Files to move or delete:
====================
C:\Users\BetaVerze\wmpfirefoxplugin.exe


Some files in TEMP:
====================
C:\Users\BetaVerze\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\msicwj32.dll
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-16 12:38

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:390.53 GB) (Free:24.1 GB) NTFS
Drive d: () (Fixed) (Total:540.89 GB) (Free:3.06 GB) NTFS

Available physical RAM: 5932.91 MB
Total physical RAM: 8191.14 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: E143B27D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000Core.job => C:\Users\BetaVerze\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000UA.job => C:\Users\BetaVerze\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:BC359956 [126]

==================== Security Center ==================

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\BetaVerze\Desktop" je 29 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
"C:\Users\BetaVerze\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EAM Trial Reset
"C:\Program Files (x86)\EAM-TR.exe" /autoreset [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS TB Tray Agent
"C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware
"c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOSTS Anti-Adware_PUPs
C:\Windows\inf\msjpoxh.vbe  [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter
C:\Windows\inf\msstp.vbe  [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnctielipSrv
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncvubtdtSrv
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msjpoxhSrv
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSStp
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFAUpdater
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\38A880~1.141\SSSCHE~1.EXE  [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^BetaVerze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\BETAVE~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^BetaVerze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk
C:\PROGRA~2\Evernote\Evernote\EVC5D8~1.EXE  

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1
    DisableUnicastResponsesToMulticastBroadcast    REG_DWORD    0x0
    DoNotAllowExceptions    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1
    DoNotAllowExceptions    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================
﻿Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by BetaVerze (administrator) on BETAVERZE-PC (16-03-2016 22:13:51)
Running from C:\Users\BetaVerze\Desktop
Loaded Profiles: BetaVerze (Available Profiles: BetaVerze)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK COMPUTER INC.) C:\Windows\System32\ATKFUSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft) C:\Program Files (x86)\365dni\365dniNET.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
() C:\Program Files (x86)\EASEUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(forum.viry.cz) C:\Users\BetaVerze\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1065080 2016-03-03] ()
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-409041142-459604370-2198087559-1000\...\Run: [365dni] => C:\Program Files (x86)\365dni\365dniNET.exe [858624 2010-05-13] (Microsoft)
HKU\S-1-5-21-409041142-459604370-2198087559-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-01-24] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BetaVerze\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
Startup: C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2015-04-07]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk *  PDBoot.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-409041142-459604370-2198087559-1000] => http=127.0.0.1:1042;https=127.0.0.1:1042
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0DC0A56B-602D-40DE-A012-EAF600461F86}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{786BEB82-0C00-48F8-A716-46C470793C7B}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-409041142-459604370-2198087559-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-409041142-459604370-2198087559-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-409041142-459604370-2198087559-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-409041142-459604370-2198087559-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-26] (Qihu 360 Software Co., Ltd.)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-26] (Qihu 360 Software Co., Ltd.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-14] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll [2011-07-11] (Wolfram Research, Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF SearchPlugin: C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default\searchplugins\duckduckgo.xml [2014-09-04]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default\extensions\artur.dubovoy@gmail.com [2015-06-10]
FF Extension: Record Page - C:\Users\BetaVerze\AppData\Roaming\Mozilla\Firefox\Profiles\gnleqish.default\Extensions\{80249d94-cb27-4919-8ae8-70c3a10ec453}.xpi [2015-05-30] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-14] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-14] [not signed]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-02-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-03-03]
FF HKU\S-1-5-21-409041142-459604370-2198087559-1000\...\Firefox\Extensions: [{DBF68C10-4AEE-41f2-831A-BA4562C45E81}] - C:\Users\BetaVerze\AppData\Roaming\SAIG\Surfulater\FirefoxExtension\3.42.00
FF Extension: Surfulater Integration - C:\Users\BetaVerze\AppData\Roaming\SAIG\Surfulater\FirefoxExtension\3.42.00 [2011-10-29] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Obchod) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-16]
CHR Extension: (Disk Google) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-16]
CHR Extension: (YouTube) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (Vyhledávání Google) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-16]
CHR Extension: (Obchod) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-16]
CHR Extension: (Gmail) - C:\Users\BetaVerze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-16]
CHR HKU\S-1-5-21-409041142-459604370-2198087559-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BETAVE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

Opera: 
=======
OPR Extension: (360 Internet Protection) - C:\Users\BetaVerze\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2016-03-15]
OPR Extension: (Record Page) - C:\Users\BetaVerze\AppData\Roaming\Opera Software\Opera Stable\Extensions\oaphlnkkagindbgmjlcnicllejgalilh [2015-05-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-09-22] (ABBYY)
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 ASWLCCSvc; C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [172032 2009-05-21] () [File not signed]
R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.) [File not signed]
S4 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37448 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [78536 2011-10-22] (Macrovision                                                    )
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657640 2014-05-12] (O&O Software GmbH)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (Â© pdfforge GmbH.)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [908408 2016-02-26] (QIHU 360 SOFTWARE CO. LIMITED)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2016-02-26] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-12-17] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-12-17] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-26] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-06-25] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-02-26] (360.cn)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-09-02] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2014-09-02] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-09-02] (Emsisoft GmbH)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-12-14] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-04-23] (Windows (R) Win 7 DDK provider)
R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
S3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [67352 2015-04-23] (ASUS Corporation)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-02-26] (360.cn)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-09-02] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2014-08-13] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-01] (Glarysoft Ltd)
R2 LiveTunerPM; D:\Ashampoo WinOptimizer 10.02.05 CZ portable\App\WinOptimizer\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 rvsmon; C:\Windows\System32\DRIVERS\rvsmon.sys [151752 2009-10-16] (CJSC Returnil Software)
R2 rvsmonf; C:\Windows\System32\DRIVERS\rvsmonf.sys [1326416 2009-10-16] (CJSC Returnil Software)
R2 rvsmonn; C:\Windows\System32\DRIVERS\rvsmonn2.sys [21936 2009-10-16] (CJSC Returnil Software)
R0 RVSystem; C:\Windows\System32\Drivers\RVSystem.sys [49736 2013-10-29] (CJSC Returnil Software)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [7408 2009-09-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-09-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-12-04] (Sony Ericsson Mobile Communications)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-06] (Duplex Secure Ltd.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-19] (BitDefender S.R.L.)
S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
R2 WiseFs; C:\Windows\WiseFs64.sys [13264 2015-08-26] (WiseCleaner.com)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-05-19] (wisecleaner.com)
R1 WiseUnlock; C:\Windows\WiseUnlock64.sys [12240 2015-05-19] (WiseCleaner.com)
S3 catchme; \??\C:\ComboFix-2\catchme.sys [X]
U3 DfSdkS; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 22:13 - 2016-03-16 22:13 - 00032208 _____ C:\Users\BetaVerze\Desktop\FRST.txt
2016-03-16 22:12 - 2016-03-16 22:12 - 00058129 _____ C:\Users\BetaVerze\Desktop\FRST3.txt
2016-03-16 22:11 - 2016-03-16 22:11 - 00112640 _____ (forum.viry.cz) C:\Users\BetaVerze\Desktop\FRSTLauncher.exe
2016-03-16 21:16 - 2016-03-16 21:17 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-16 21:13 - 2016-03-16 21:13 - 01527296 _____ C:\Users\BetaVerze\Desktop\adwcleaner_5.102.exe
2016-03-16 19:49 - 2016-03-16 19:49 - 00017550 _____ C:\Users\BetaVerze\Desktop\Addition.zip
2016-03-16 19:41 - 2016-03-16 22:13 - 00000000 ____D C:\FRST
2016-03-16 19:33 - 2016-03-16 19:33 - 02374144 _____ (Farbar) C:\Users\BetaVerze\Desktop\FRST64.exe
2016-03-16 08:49 - 2016-03-16 08:49 - 00081821 _____ C:\ComboFix.txt
2016-03-16 08:27 - 2016-03-16 08:49 - 00000000 ____D C:\ComboFix-2
2016-03-16 08:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-16 08:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-16 08:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-16 08:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-16 08:26 - 2016-03-16 08:49 - 00000000 ____D C:\Qoobox
2016-03-16 08:26 - 2016-03-16 08:47 - 00000000 ____D C:\Windows\erdnt
2016-03-16 08:15 - 2016-03-16 08:15 - 00149552 _____ C:\Users\BetaVerze\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-16 08:12 - 2016-03-16 08:13 - 00504272 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-15 00:45 - 2016-03-15 00:46 - 36135041 _____ C:\Users\BetaVerze\Downloads\SeaMonkey_Setup_2.40.exe
2016-03-14 23:36 - 2016-03-16 21:20 - 00000954 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 23:36 - 2016-03-14 23:36 - 00003702 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-14 23:35 - 2016-03-14 23:35 - 00987728 _____ (Google Inc.) C:\Users\BetaVerze\Downloads\ChromeSetup.exe
2016-03-14 19:07 - 2016-03-14 19:07 - 00000000 ____D C:\Users\BetaVerze\AppData\LocalLow\Adobe
2016-03-14 19:06 - 2016-03-14 19:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-13 23:30 - 2016-03-13 15:38 - 00001244 _____ C:\keepass.kdb
2016-03-09 16:27 - 2016-03-09 16:27 - 00009837 _____ C:\Users\BetaVerze\AppData\Local\recently-used.xbel
2016-03-07 22:48 - 2016-03-08 00:32 - 00000000 ____D C:\Karta-obnova_videa_fotky
2016-03-07 13:09 - 2016-03-07 13:09 - 00000512 _____ C:\Windows\SysWOW64\HBEDV.KEY
2016-03-03 17:23 - 2016-03-03 17:23 - 00002968 _____ C:\Windows\System32\Tasks\{890F464C-5EEF-42DC-B672-692FA921B0C8}
2016-03-03 17:22 - 2016-03-03 17:22 - 00002968 _____ C:\Windows\System32\Tasks\{4555E3B7-E1A6-42D8-9FC1-1E8215A732FA}
2016-03-01 23:17 - 2016-03-02 08:53 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2016-03-01 23:17 - 2016-03-01 23:21 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\avidemux
2016-03-01 17:25 - 2016-03-01 17:25 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\Apowersoft
2016-03-01 17:25 - 2016-03-01 17:25 - 00000000 ____D C:\ProgramData\Apowersoft
2016-03-01 17:24 - 2016-03-02 08:52 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Apowersoft
2016-02-29 20:30 - 2016-02-29 20:32 - 22324543 _____ C:\Windows\REGBK03.ZIP
2016-02-29 13:46 - 2016-02-29 13:46 - 00000000 ____D C:\HoloBackup-179d978 – kopie
2016-02-29 13:46 - 2016-02-29 13:46 - 00000000 ____D C:\HoloBackup-179d978
2016-02-29 13:28 - 2016-02-29 12:39 - 33407759 _____ C:\HoloBackup-179d978.zip
2016-02-25 15:43 - 2016-02-25 15:43 - 00003584 _____ C:\Users\BetaVerze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-25 09:19 - 2016-02-25 09:19 - 00001458 _____ C:\Users\BetaVerze\Desktop\EaseUS Partition Master 10.8.lnk
2016-02-25 08:12 - 2016-02-25 08:12 - 00001384 _____ C:\Users\Public\Desktop\EaseUS Partition Master 10.8.lnk
2016-02-25 08:12 - 2016-02-25 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2016-02-25 08:12 - 2015-09-21 00:30 - 03557000 _____ C:\Windows\system32\BootMan.exe
2016-02-25 08:12 - 2015-09-21 00:19 - 02658952 _____ C:\Windows\SysWOW64\BootMan.exe
2016-02-25 08:12 - 2014-11-18 14:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2016-02-25 08:12 - 2014-11-18 14:46 - 00017504 _____ C:\Windows\system32\EuEpmGdi.dll
2016-02-25 08:12 - 2014-11-18 14:39 - 00018528 _____ C:\Windows\system32\epmntdrv.sys
2016-02-25 08:12 - 2014-11-18 14:39 - 00014944 _____ C:\Windows\SysWOW64\epmntdrv.sys
2016-02-25 08:12 - 2014-11-18 14:39 - 00010848 _____ C:\Windows\system32\EuGdiDrv.sys
2016-02-25 08:12 - 2014-11-18 14:39 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2016-02-25 08:12 - 2014-11-18 14:38 - 00101984 _____ C:\Windows\system32\setupempdrvx64.exe
2016-02-25 08:12 - 2014-11-18 14:38 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2016-02-24 21:36 - 2016-02-24 21:36 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-02-24 21:36 - 2016-02-24 21:36 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-02-22 08:19 - 2016-02-22 08:19 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-15 20:53 - 2016-02-15 20:53 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\SHAREit
2016-02-15 20:53 - 2016-02-15 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2016-02-15 20:53 - 2016-02-15 20:53 - 00000000 ____D C:\ProgramData\Lenovo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 22:12 - 2015-06-18 20:01 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000UA.job
2016-03-16 21:57 - 2015-07-07 21:27 - 00000000 ____D C:\$360Section
2016-03-16 21:57 - 2015-07-07 21:24 - 00000000 ____D C:\ProgramData\360Quarant
2016-03-16 21:41 - 2014-05-09 23:42 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 21:31 - 2015-07-07 19:00 - 00000000 ____D C:\Users\BetaVerze\AppData\LocalLow\360WD
2016-03-16 21:26 - 2009-07-14 05:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 21:26 - 2009-07-14 05:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-16 21:24 - 2014-10-13 22:03 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-16 21:24 - 2014-05-23 13:46 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-16 21:22 - 2012-01-10 21:18 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-16 21:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-16 18:12 - 2015-06-18 20:01 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000Core.job
2016-03-16 09:10 - 2011-10-11 21:32 - 00000000 ___HD C:\Users\BetaVerze\AppData\Local\CrashDumps
2016-03-16 08:43 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-03-16 08:39 - 2009-07-14 03:34 - 99090432 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 28835840 _____ C:\Windows\system32\config\SYSTEM.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 01310720 _____ C:\Windows\system32\config\DEFAULT.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2016-03-16 08:39 - 2009-07-14 03:34 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2016-03-16 08:35 - 2015-01-15 22:27 - 00000000 ____D C:\ProgramData\Temp
2016-03-16 08:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-16 08:16 - 2016-01-04 12:44 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\365dni
2016-03-16 08:15 - 2013-03-30 17:26 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Wise Care 365
2016-03-16 08:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-15 11:31 - 2012-01-13 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-15 11:23 - 2012-01-07 22:38 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2016-03-15 11:19 - 2011-10-25 23:43 - 00000000 ____D C:\Windows\Minidump
2016-03-15 11:16 - 2015-04-23 10:08 - 00002058 _____ C:\Users\BetaVerze\Desktop\Wise Care 365.lnk
2016-03-15 09:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-15 01:58 - 2014-05-06 00:22 - 00000410 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2016-03-15 00:55 - 2015-09-29 16:43 - 00001982 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2016-03-15 00:55 - 2012-01-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2016-03-15 00:07 - 2014-05-10 09:55 - 00000056 _____ C:\Windows\Lic.xxx
2016-03-14 23:59 - 2009-07-14 03:34 - 00001045 _____ C:\Windows\win.ini
2016-03-14 23:38 - 2015-04-23 10:06 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\WiseUpdate
2016-03-14 23:36 - 2013-05-22 10:36 - 00003954 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-14 23:27 - 2011-10-07 21:14 - 00000000 ____D C:\Users\BetaVerze
2016-03-14 19:07 - 2014-10-20 22:09 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\Adobe
2016-03-14 19:07 - 2011-10-07 22:00 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\Adobe
2016-03-14 19:05 - 2012-09-04 07:03 - 00000000 ____D C:\ProgramData\Adobe
2016-03-14 18:47 - 2015-04-07 19:30 - 00000000 ____D C:\Users\BetaVerze\Downloads\Shareit
2016-03-13 23:38 - 2011-10-19 22:35 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\KeePass
2016-03-13 10:50 - 2013-01-10 21:55 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-13 10:50 - 2012-04-02 06:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-13 10:50 - 2011-10-07 22:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-09 16:32 - 2012-04-12 06:53 - 00000000 ____D C:\Users\BetaVerze\.gimp-2.8
2016-03-09 16:27 - 2014-01-06 22:59 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\gtk-2.0
2016-03-08 00:34 - 2015-12-11 09:44 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\vlc
2016-03-07 23:14 - 2013-10-10 07:21 - 00000000 ____D C:\1989c5bf6cc10c89bc90
2016-03-07 21:10 - 2009-07-14 16:18 - 00670658 _____ C:\Windows\system32\perfh005.dat
2016-03-07 21:10 - 2009-07-14 16:18 - 00142270 _____ C:\Windows\system32\perfc005.dat
2016-03-07 21:10 - 2009-07-14 06:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 21:06 - 2011-10-12 06:13 - 00000000 ____D C:\Program Files\Recuva
2016-03-03 18:30 - 2015-07-07 19:00 - 00001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-03-03 18:30 - 2015-07-07 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-03-03 17:00 - 2014-06-01 07:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-03 16:38 - 2015-07-08 07:55 - 00000000 _RSHD C:\360SANDBOX
2016-03-02 09:21 - 2015-06-15 20:00 - 00000476 __RSH C:\ProgramData\ntuser.pol
2016-03-02 08:53 - 2016-02-04 15:38 - 00000000 ____D C:\ProgramData\pdfforge
2016-03-02 08:53 - 2015-06-15 11:03 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-03-02 08:53 - 2011-10-12 05:50 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\GHISLER
2016-03-02 08:53 - 2011-10-11 21:23 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\Audacity
2016-03-02 08:53 - 2011-10-08 23:08 - 00000000 ___HD C:\Users\BetaVerze\AppData\Roaming\IrfanView
2016-03-02 08:53 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-29 23:58 - 2015-01-14 08:12 - 00000000 ____D C:\AdwCleaner
2016-02-29 23:28 - 2012-01-07 08:25 - 00785075 _____ C:\Users\BetaVerze\Documents\pinfect.zip
2016-02-29 16:45 - 2016-01-23 00:21 - 00000000 ____D C:\ASUS záloha
2016-02-29 09:08 - 2014-03-03 21:51 - 00000000 ____D C:\JY-G4
2016-02-28 21:27 - 2013-06-24 05:56 - 00000000 ____D C:\Users\BetaVerze\AppData\Local\Windows Live
2016-02-28 18:27 - 2012-01-18 09:34 - 00000000 ____D C:\Windows\pss
2016-02-26 11:56 - 2015-07-07 19:00 - 00370768 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2016-02-26 11:56 - 2015-07-07 19:00 - 00319568 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-02-26 11:56 - 2015-07-07 19:00 - 00181328 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-02-26 11:56 - 2015-07-07 19:00 - 00137808 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-02-25 15:25 - 2015-06-15 11:04 - 00000000 ____D C:\Users\BetaVerze\Documents\The KMPlayer
2016-02-25 15:24 - 2015-06-15 11:03 - 00001035 _____ C:\Users\BetaVerze\Desktop\KMPlayer.lnk
2016-02-25 15:19 - 2015-06-15 12:40 - 00001209 _____ C:\Users\BetaVerze\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-02-25 15:19 - 2015-06-15 12:40 - 00001185 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-02-25 08:39 - 2013-10-03 20:57 - 00000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 5.2
2016-02-25 08:12 - 2012-01-31 11:33 - 00000000 ____D C:\Program Files (x86)\EASEUS
2016-02-22 08:19 - 2012-05-13 11:19 - 00000000 ____D C:\Users\BetaVerze\AppData\Roaming\Dropbox
2016-02-18 12:03 - 2016-02-11 12:03 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-02-17 16:34 - 2016-02-04 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-02-17 16:34 - 2015-04-07 17:07 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-02-15 20:53 - 2015-04-07 17:06 - 00001106 _____ C:\Users\Public\Desktop\SHAREit.lnk
2016-02-15 20:53 - 2015-04-07 17:06 - 00000000 ____D C:\Program Files (x86)\Lenovo

==================== Files in the root of some directories =======

2015-07-19 23:12 - 2009-02-26 19:57 - 0652884 _____ (                                                            ) C:\Program Files\Vypínač na dobrou noc verze 2.0.exe
2014-02-28 10:36 - 2014-02-28 10:35 - 0581632 _____ (Joshua F. Madison) C:\Program Files (x86)\convert.exe
2014-09-05 08:21 - 2013-08-22 19:50 - 0357337 _____ () C:\Program Files (x86)\EAM-TR.exe
2014-05-01 19:10 - 2013-03-29 23:23 - 1563968 _____ (IObit) C:\Program Files (x86)\Iobit......HANZY.exe
2011-10-26 22:41 - 1997-12-01 01:00 - 2954628 ____R () C:\Program Files (x86)\Mtran.dic
2011-10-26 22:37 - 1997-12-01 01:00 - 0317440 ____R () C:\Program Files (x86)\Mtran.exe
2014-05-03 21:21 - 2014-04-16 13:04 - 7953080 _____ (DonationCoder) C:\Program Files (x86)\ScreenshotCaptor.exe
2005-03-05 17:21 - 2002-09-17 11:20 - 0035456 _____ () C:\Program Files (x86)\Common Files\EXIF Glossar.HLP
2005-03-05 17:21 - 2005-03-12 14:39 - 1347584 _____ (Ralf Bibinger) C:\Program Files (x86)\Common Files\EXIF Viewer.exe
2005-03-05 17:21 - 2005-03-12 14:49 - 0609358 _____ () C:\Program Files (x86)\Common Files\EXIF Viewer.HLP
2005-03-05 17:21 - 2005-03-22 12:47 - 0014790 _____ () C:\Program Files (x86)\Common Files\Kamera2.Cfg
2005-03-05 17:21 - 2004-08-19 17:40 - 0029532 _____ () C:\Program Files (x86)\Common Files\Nikon.jpg
2005-03-05 17:21 - 2005-02-03 18:45 - 0026097 _____ () C:\Program Files (x86)\Common Files\TIF.jpg
2013-10-04 22:42 - 2013-10-04 23:22 - 0012926 _____ () C:\Users\BetaVerze\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-04-05 17:52 - 2015-01-16 00:42 - 0000134 _____ () C:\Users\BetaVerze\AppData\Roaming\PDFShaper.ini
2014-07-31 13:08 - 2014-07-31 13:08 - 0000024 ___SH () C:\Users\BetaVerze\AppData\Roaming\System5908ConfigCollection.dat
2011-10-29 20:40 - 2015-08-30 15:01 - 0000202 _____ () C:\Users\BetaVerze\AppData\Roaming\varicad-work.ini
2012-07-19 23:34 - 2012-07-19 23:34 - 0000118 _____ () C:\Users\BetaVerze\AppData\Local\Config_4E29823E.dat
2016-02-25 15:43 - 2016-02-25 15:43 - 0003584 _____ () C:\Users\BetaVerze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 19:44 - 2014-05-04 19:44 - 0000058 _____ () C:\Users\BetaVerze\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-07-19 23:34 - 2012-07-19 23:34 - 0000038 _____ () C:\Users\BetaVerze\AppData\Local\Index_4E29823E.dat
2016-03-09 16:27 - 2016-03-09 16:27 - 0009837 _____ () C:\Users\BetaVerze\AppData\Local\recently-used.xbel
2011-10-29 20:35 - 2014-01-11 00:35 - 0007597 _____ () C:\Users\BetaVerze\AppData\Local\Resmon.ResmonCfg
2013-11-04 12:39 - 2013-11-04 12:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-10-13 19:47 - 2011-10-13 19:47 - 0000114 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

ZeroAccess:
C:\Users\BetaVerze\AppData\Local\01ea421c
C:\Users\BetaVerze\AppData\Local\01ea421c\@

Files to move or delete:
====================
C:\Users\BetaVerze\wmpfirefoxplugin.exe


Some files in TEMP:
====================
C:\Users\BetaVerze\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\msicwj32.dll
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-16 12:38

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:390.53 GB) (Free:24.1 GB) NTFS
Drive d: () (Fixed) (Total:540.89 GB) (Free:3.06 GB) NTFS

Available physical RAM: 5906.84 MB
Total physical RAM: 8191.14 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: E143B27D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000Core.job => C:\Users\BetaVerze\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-409041142-459604370-2198087559-1000UA.job => C:\Users\BetaVerze\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:BC359956 [126]

==================== Security Center ==================

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\BetaVerze\Desktop" je 29 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
"C:\Users\BetaVerze\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EAM Trial Reset
"C:\Program Files (x86)\EAM-TR.exe" /autoreset [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS TB Tray Agent
"C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware
"c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOSTS Anti-Adware_PUPs
C:\Windows\inf\msjpoxh.vbe  [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter
C:\Windows\inf\msstp.vbe  [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnctielipSrv
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncvubtdtSrv
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msjpoxhSrv
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSStp
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFAUpdater
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\38A880~1.141\SSSCHE~1.EXE  [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^BetaVerze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\BETAVE~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^BetaVerze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk
C:\PROGRA~2\Evernote\Evernote\EVC5D8~1.EXE  

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1
    DisableUnicastResponsesToMulticastBroadcast    REG_DWORD    0x0
    DoNotAllowExceptions    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1
    DoNotAllowExceptions    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================
