VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by test (administrator) on HUTCH (29-01-2016 20:37:24)
Running from C:\Users\test\Desktop
Loaded Profiles: test (Available Profiles: test)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Tai Wai Shui Mu) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\dlohn\dlohn.exe
() C:\Program Files\Dripkix\Dripkix.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(tsvr.com) C:\Users\test\AppData\Roaming\TSv\TSvr.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(DotC United Inc) D:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\ProgramData\ohnuze\ohnuze.exe
() C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\jnss6155.tmp
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\hnsx7C94.tmp
() C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\knsb336B.tmp
() C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\snsc5768.tmp
() C:\Users\test\AppData\Local\35B51072-1453676912-E111-A818-DC0EA173A626\qnsj7D7D.tmp
() C:\ProgramData\Zitenop\Zitenop.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Program Files\Dripkix\packages\d854d95b-213a-4357-8590-71bc67fdb0e2\amdide.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(DotC United Inc) D:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
() C:\Program Files (x86)\baidu\ppt.exe
() C:\Users\test\AppData\Local\Viber\Viber.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Feed Notifier\notifier.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(DotC United Inc) D:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
() C:\ProgramData\ohnuze\ohnuze.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\C65A.tmp
() C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
() C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
() C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
() C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
() C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-01-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-01-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-01-14] (Lenovo)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4241512 2012-03-07] (AVAST Software)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EnergyCut] => c:\program files (x86)\lenovo\energycut\energycut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\Run: [GoogleChromeAutoLaunch_1B0E81B795B08FCFC87354BB5741BA8D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-11-30] (IObit)
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\ppt.exe [81920 2015-10-21] ()
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\Run: [Viber] => C:\Users\test\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\MountPoints2: {46ca87fe-3e96-11e1-bb0d-dc0ea173a626} - G:\AutoRunCD.exe
HKU\S-1-5-21-721941654-2744527999-12510684-1000\...\MountPoints2: {72347dc4-65c9-11e1-9ce7-e4d53ddb5633} - F:\LaunchU3.exe -a
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-18\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
AppInit_DLLs: C:\ProgramData\Zitenop\Flexity.dll => C:\ProgramData\Zitenop\Flexity.dll [805376 2015-12-26] ()
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\ProgramData\Zitenop\Lightfresh.dll => C:\ProgramData\Zitenop\Lightfresh.dll [257536 2015-12-26] ()
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-01-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk [2015-12-13]
ShortcutTarget: Feed Notifier.lnk -> C:\Program Files (x86)\Feed Notifier\notifier.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{64044D7E-9B24-46AF-9C95-C70214869202}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{666EB138-89B9-4E3C-9459-E5202D906ADA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CA8337B7-92C6-43AC-8D75-81041728570C}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130946028049947333&GUID=9CCD7523-BA08-4936-9F48-A3775ABDB6F5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130946028049947333&GUID=9CCD7523-BA08-4936-9F48-A3775ABDB6F5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130946028049947333&GUID=9CCD7523-BA08-4936-9F48-A3775ABDB6F5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130946028049947333&GUID=9CCD7523-BA08-4936-9F48-A3775ABDB6F5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=14 ... earchTerms}
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=14 ... earchTerms}
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130946028049947333&GUID=9CCD7523-BA08-4936-9F48-A3775ABDB6F5
HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130946028049947333&GUID=9CCD7523-BA08-4936-9F48-A3775ABDB6F5
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {356C663A-29A7-4B26-BB5A-1C70D8F4AB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> {356C663A-29A7-4B26-BB5A-1C70D8F4AB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> DefaultScope {18F9ACFF-FA75-4830-AEF8-CE6B65598CE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.dalesearch.com/?q={searchTerms}&bab ... 9&tsp=5011
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {18F9ACFF-FA75-4830-AEF8-CE6B65598CE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {53D943B4-F4B8-4035-9026-260DEFD2C4B6} URL = hxxp://search.eshield.com/serp?guid={8C59DF38-2BB6-4F38-B6D8-81C189E3DABE}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={6F36F090-5E2E-483E-9CD7-6AA50DC1E5CB}&mid=fb5e9410470e47d1819e0d47e7974fd5-80074e026c03b4622231e636b4e29f9bc7663ea2&lang=cs&ds=AVG&pr=pr&d=2012-05-08 20:50:27&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {A8885A04-562A-452B-B795-ADE1B3C43D21} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {D83A9746-0573-4C41-B746-32EAF5C87A8E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=13043D62-C29A-487F-AC62-399604DD8FAA&apn_sauid=526A3A61-C0D7-4F22-AE24-2B7FF1E2A618
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={CF48EA55-50FF-11E2-9170-DC0EA173A626}
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {F29BA006-1725-443E-AA40-D919C19925A4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {FDAE1BA8-D154-4204-B9A8-18198994F6CE} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKU\S-1-5-21-721941654-2744527999-12510684-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-09-21] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-30] (Oracle Corporation)
BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll [2015-11-20] (Spigot, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-12-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-12-26] (Oracle Corporation)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE64.dll [2015-11-20] (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll [2015-11-20] (Spigot, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-12-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-12-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-721941654-2744527999-12510684-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\test\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hdiuo2ez.default\extensions\deskCutv2@gmail.com
FF Extension: Newtab - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hdiuo2ez.default\extensions\deskCutv2@gmail.com [2015-12-02] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://home.sweetim.c ... W7116W7116"
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vocabla - budovat svou slovní zásobu) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnfmoippfkddcakmbeaglgjcfcfcfmk [2014-12-13]
CHR Extension: (ABA English - Online English Course) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnkfkmdhgomemhogjdianppfjkaddcc [2014-12-13]
CHR Extension: (eShield) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2015-12-13]
CHR Extension: (Gmail Offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-01-22]
CHR Extension: (Wiki Search.me) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2016-01-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (BetterCareerSearch) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccdakfilccajeijdfklolcafehhoika [2014-12-10] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrxGeneration1.xml?id=100000482&version=4.67.1.26152&track=S05647&trackRevision=1] <==== ATTENTION
CHR Extension: (Cool Hodin) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2015-10-23]
CHR Extension: (Mapy Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Battlefield 3) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni [2015-01-22]
CHR Extension: (SpeakIt!) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2015-12-25]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Camera Extension) - C:\Users\test\AppData\Local\Camera Extension\Component [2016-01-29]
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ads Removal) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-23]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-09-18] [UpdateUrl: hxxp://update.mybrowserbar.com/update/wt/gc/shoppingassistantebay/345987/update.xml] <==== ATTENTION
CHR Extension: (BetterCareerSearch) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iccdakfilccajeijdfklolcafehhoika [2014-08-10] [UpdateUrl: hxxps://updates.mywebsearch.com/updateCrxGeneration1.xml?id=100000482&version=4.67.1.26152&track=S05647&trackRevision=1] <==== ATTENTION
CHR Extension: (Domain Error Assistant) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-11-20] [UpdateUrl: hxxp://update.mybrowserbar.com/update/wt/gc/errorassistant/update.xml] <==== ATTENTION
CHR Extension: (AccelerateTab) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak [2014-08-21] [UpdateUrl: hxxps://www.instair.net/extensions/instair_spee ... update.xml] <==== ATTENTION
CHR Extension: (Slick Savings) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-08-10] [UpdateUrl: hxxp://www.mybrowserbar.com/update/wt/gc/coupons/update.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-08-10] [UpdateUrl: hxxp://update.mybrowserbar.com/update/wt/gc/shoppingassistantamazon/update.xml] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iccdakfilccajeijdfklolcafehhoika] - C:\Program Files (x86)\BetterCareerSearch_2b Chrome Extension\bar\BetterCareerSearch@mindspark.com.gen1 [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
S3 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-24] (APN LLC.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [970016 2011-05-12] (Broadcom Corporation.)
R2 dlohn; C:\ProgramData\\dlohn\\dlohn.exe [508416 2016-01-04] () [File not signed]
R2 Dripkix; C:\Program Files\Dripkix\Dripkix.exe [379904 2015-11-12] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IhPul; C:\Users\test\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
R2 MPCProtectService; D:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [349152 2016-01-27] (DotC United Inc)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 ohnuze; C:\ProgramData\\ohnuze\\ohnuze.exe [534016 2015-12-30] () [File not signed]
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-01-15] ()
S3 Program Manager; C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe [956136 2015-11-23] (Spigot, Inc.)
R2 pupivyhi; C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\jnss6155.tmp [240640 2015-11-30] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-08-10] (Realtek Semiconductor)
R2 ryrojiry; C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\hnsx7C94.tmp [617984 2015-11-30] () [File not signed]
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2580304 2014-05-28] () <==== ATTENTION
R2 wesypekyzbt; C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\knsb336B.tmp [204800 2016-01-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-10] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [731824 2016-01-20] (Tai Wai Shui Mu) <==== ATTENTION
R2 xenyduje; C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\snsc5768.tmp [325632 2015-11-30] () [File not signed]
R2 zigipyro; C:\Users\test\AppData\Local\35B51072-1453676912-E111-A818-DC0EA173A626\qnsj7D7D.tmp [158720 2015-12-26] () [File not signed]
R2 Zitenop; C:\ProgramData\\Zitenop\\Zitenop.exe [406016 2015-12-02] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-07] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [69976 2012-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-07] (AVAST Software)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-13] (Broadcom Corporation.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-14] (REALiX(tm))
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-05-03] (Intel Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-01-27] (DotC United Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-18] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2014-11-30] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 20:31 - 2016-01-29 20:31 - 00003270 _____ C:\Windows\System32\Tasks\psv_Tonanlight
2016-01-29 20:31 - 2016-01-29 20:31 - 00003270 _____ C:\Windows\System32\Tasks\psv_TechStrong
2016-01-29 20:31 - 2016-01-29 20:31 - 00003270 _____ C:\Windows\System32\Tasks\psv_BlackDonfind
2016-01-29 20:31 - 2016-01-29 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-01-28 22:23 - 2016-01-28 22:27 - 00077973 _____ C:\Users\test\Desktop\Addition.txt
2016-01-28 22:16 - 2016-01-29 20:37 - 00041763 _____ C:\Users\test\Desktop\FRST.txt
2016-01-28 22:13 - 2016-01-28 22:13 - 00112640 _____ (forum.viry.cz) C:\Users\test\Desktop\FRSTLauncher.exe
2016-01-28 22:11 - 2016-01-29 20:37 - 00000000 ___DC C:\FRST
2016-01-28 22:11 - 2016-01-28 22:09 - 02370560 _____ (Farbar) C:\Users\test\Desktop\FRST64.exe
2016-01-28 20:41 - 2016-01-28 20:41 - 00003274 _____ C:\Windows\System32\Tasks\psv_La-Fan
2016-01-28 20:41 - 2016-01-28 20:41 - 00003260 _____ C:\Windows\System32\Tasks\psv_Joyla
2016-01-28 20:41 - 2016-01-28 20:41 - 00003246 _____ C:\Windows\System32\Tasks\psv_Reddax
2016-01-24 23:08 - 2016-01-24 23:08 - 00000000 ____D C:\Users\test\AppData\Local\35B51072-1453676912-E111-A818-DC0EA173A626
2016-01-24 20:31 - 2016-01-24 20:31 - 00003264 _____ C:\Windows\System32\Tasks\psv_JayFind
2016-01-24 20:31 - 2016-01-24 20:31 - 00003258 _____ C:\Windows\System32\Tasks\psv_Dongolux
2016-01-24 20:31 - 2016-01-24 20:31 - 00003248 _____ C:\Windows\System32\Tasks\psv_Freeing
2016-01-23 09:18 - 2016-01-23 09:18 - 00003266 _____ C:\Windows\System32\Tasks\psv_Goodrantouch
2016-01-23 09:18 - 2016-01-23 09:18 - 00003248 _____ C:\Windows\System32\Tasks\psv_Redox
2016-01-20 17:37 - 2016-01-20 17:37 - 00003274 _____ C:\Windows\System32\Tasks\psv_Bigtom
2016-01-20 17:37 - 2016-01-20 17:37 - 00003256 _____ C:\Windows\System32\Tasks\psv_Lazap
2016-01-20 17:37 - 2016-01-20 17:37 - 00003252 _____ C:\Windows\System32\Tasks\psv_Ice-Ity
2016-01-18 20:29 - 2016-01-18 20:29 - 00003278 _____ C:\Windows\System32\Tasks\psv_Phys-Ity
2016-01-18 20:29 - 2016-01-18 20:29 - 00003266 _____ C:\Windows\System32\Tasks\psv_Newdom
2016-01-18 20:29 - 2016-01-18 20:29 - 00003256 _____ C:\Windows\System32\Tasks\psv_PlusAir
2016-01-17 19:59 - 2016-01-17 19:59 - 00003272 _____ C:\Windows\System32\Tasks\psv_Openzap
2016-01-17 19:59 - 2016-01-17 19:59 - 00003258 _____ C:\Windows\System32\Tasks\psv_Blacktax
2016-01-17 19:59 - 2016-01-17 19:59 - 00003254 _____ C:\Windows\System32\Tasks\psv_RedPhase
2016-01-16 21:59 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-16 21:59 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-16 21:59 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-16 21:59 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-16 21:59 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-16 21:59 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-16 21:59 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-16 21:59 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-16 21:59 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-16 21:59 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-16 21:59 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-16 21:59 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-16 21:59 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-16 21:59 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-16 21:59 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-16 21:59 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-16 21:59 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-16 21:59 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-16 21:59 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-16 21:59 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-16 21:59 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-16 21:59 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-16 21:59 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-16 21:59 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-16 21:59 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-16 21:59 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-16 21:59 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-16 21:58 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-16 21:58 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-16 21:58 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-16 21:58 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-16 21:58 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-16 21:58 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-16 21:58 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-16 21:58 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-16 21:58 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-16 21:58 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-16 21:58 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-16 21:58 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-16 21:58 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-16 21:58 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-16 21:58 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-16 21:58 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-16 21:58 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-16 21:58 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-16 21:58 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-16 21:58 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-16 21:58 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-16 21:58 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-16 21:58 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-16 21:58 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-16 21:58 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-16 21:58 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-16 21:58 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-16 21:58 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-16 21:58 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-16 21:58 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-16 21:58 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-16 21:58 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-16 21:58 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-16 21:58 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-16 21:58 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-16 21:58 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-16 21:58 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-16 21:58 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-16 21:58 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-16 21:58 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-16 21:58 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-16 21:58 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-16 21:58 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-16 21:58 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-16 21:58 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-16 21:58 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-16 21:58 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-16 21:58 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-16 21:58 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-16 21:58 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-16 21:58 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-16 21:58 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-16 21:58 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-16 21:58 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-16 21:58 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-16 21:58 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-16 21:58 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-16 21:58 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-16 21:58 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-16 21:58 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-16 21:58 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-16 21:58 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-16 21:58 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-16 21:58 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-16 21:53 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-16 21:53 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-16 21:53 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-16 21:53 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-16 21:53 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-16 21:53 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-16 21:53 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-16 21:53 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-16 21:53 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-16 21:53 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-16 21:53 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-16 21:53 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-16 21:53 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-16 21:52 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-16 21:52 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-16 21:52 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-16 21:52 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-16 21:52 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-16 21:52 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-16 21:52 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-16 21:52 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-16 21:52 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-16 21:52 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-16 21:52 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-16 21:52 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-16 21:52 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-16 21:52 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-16 21:52 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-16 21:52 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-16 21:52 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-16 21:52 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-16 21:52 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-16 21:52 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-16 21:52 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-16 21:52 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-16 21:52 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-16 21:52 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-16 21:52 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-16 21:52 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-16 21:52 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-16 21:52 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-16 21:52 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-16 21:52 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-16 21:52 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-16 21:52 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-16 21:52 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-16 21:52 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-16 21:52 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-16 21:52 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-16 21:52 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-16 21:52 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-16 21:52 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-16 21:52 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-16 21:52 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-16 21:52 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-16 21:52 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-16 21:52 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-16 21:52 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-16 21:52 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-16 21:52 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-16 21:52 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-16 21:52 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-16 21:52 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-16 21:52 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-16 21:52 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-16 21:52 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 20:55 - 2016-01-12 20:55 - 00003262 _____ C:\Windows\System32\Tasks\psv_SuperJob
2016-01-12 20:55 - 2016-01-12 20:55 - 00003262 _____ C:\Windows\System32\Tasks\psv_Kayfresh
2016-01-12 20:55 - 2016-01-12 20:55 - 00003262 _____ C:\Windows\System32\Tasks\psv_InchZoostock
2016-01-11 20:49 - 2016-01-11 20:49 - 00003272 _____ C:\Windows\System32\Tasks\psv_Singron
2016-01-11 20:49 - 2016-01-11 20:49 - 00003256 _____ C:\Windows\System32\Tasks\psv_Runis
2016-01-11 20:49 - 2016-01-11 20:49 - 00003250 _____ C:\Windows\System32\Tasks\psv_DanJob
2016-01-10 20:54 - 2016-01-29 20:31 - 00000722 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-01-10 18:00 - 2016-01-10 18:00 - 00000000 ____D C:\Users\test\AppData\Roaming\eCyber
2016-01-09 21:08 - 2016-01-09 21:24 - 00000000 ____D C:\Users\test\Desktop\Zima2016
2016-01-09 20:53 - 2016-01-09 20:53 - 00003276 _____ C:\Windows\System32\Tasks\psv_RoundRedfix
2016-01-09 20:53 - 2016-01-09 20:53 - 00003262 _____ C:\Windows\System32\Tasks\psv_TonApron
2016-01-09 20:53 - 2016-01-09 20:53 - 00003256 _____ C:\Windows\System32\Tasks\psv_Iceflex
2016-01-08 23:14 - 2016-01-09 21:10 - 00000000 ____D C:\Users\test\Desktop\Davídek_zima2016
2016-01-08 23:12 - 2016-01-08 23:12 - 00000000 ____D C:\Users\test\Desktop\Nová složka
2016-01-08 20:42 - 2016-01-08 20:42 - 00003268 _____ C:\Windows\System32\Tasks\psv_White-Fix
2016-01-08 20:42 - 2016-01-08 20:42 - 00003268 _____ C:\Windows\System32\Tasks\psv_VivaTip
2016-01-08 20:42 - 2016-01-08 20:42 - 00003250 _____ C:\Windows\System32\Tasks\psv_Over-Com
2016-01-07 20:26 - 2016-01-07 20:26 - 00003256 _____ C:\Windows\System32\Tasks\psv_Re-Flex
2016-01-07 20:25 - 2016-01-11 23:08 - 00002896 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_test
2016-01-07 20:25 - 2016-01-07 20:25 - 00003538 _____ C:\Windows\System32\Tasks\snp
2016-01-07 20:24 - 2016-01-07 20:24 - 00003260 _____ C:\Windows\System32\Tasks\psv_Domstrong
2016-01-07 20:23 - 2016-01-07 20:23 - 00003274 _____ C:\Windows\System32\Tasks\psv_Blacktouch
2016-01-07 20:23 - 2016-01-07 20:23 - 00003252 _____ C:\Windows\System32\Tasks\psv_Vilacom
2016-01-07 20:23 - 2016-01-07 20:23 - 00003252 _____ C:\Windows\System32\Tasks\psv_Ittip
2016-01-04 20:34 - 2016-01-29 20:31 - 00000000 ____D C:\ProgramData\dlohn
2016-01-04 20:34 - 2016-01-04 20:34 - 00003260 _____ C:\Windows\System32\Tasks\psv_BioZamtex
2016-01-03 20:49 - 2016-01-03 20:49 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2016-01-03 16:49 - 2016-01-03 16:49 - 00003262 _____ C:\Windows\System32\Tasks\psv_Redfax
2016-01-01 20:42 - 2016-01-01 20:42 - 00000401 _____ C:\Users\test\Desktop\Internet.lnk
2016-01-01 20:40 - 2016-01-01 20:40 - 00003268 _____ C:\Windows\System32\Tasks\psv_Dingtip
2016-01-01 20:40 - 2016-01-01 20:40 - 00003256 _____ C:\Windows\System32\Tasks\psv_Softotcom
2016-01-01 13:46 - 2016-01-27 20:58 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2015-12-31 20:36 - 2015-12-31 20:36 - 00003264 _____ C:\Windows\System32\Tasks\psv_Daltphase
2015-12-31 20:36 - 2015-12-31 20:36 - 00003252 _____ C:\Windows\System32\Tasks\psv_Dingjob
2015-12-30 21:16 - 2016-01-03 21:56 - 00000000 ___DC C:\Program Files (x86)\Elex-tech
2015-12-30 21:16 - 2015-12-30 21:16 - 00000000 ____D C:\Windows\system32\log
2015-12-30 20:47 - 2015-12-30 20:47 - 00003272 _____ C:\Windows\System32\Tasks\psv_Zoomaptough
2015-12-30 20:47 - 2015-12-30 20:47 - 00003272 _____ C:\Windows\System32\Tasks\psv_DentoMatdex
2015-12-30 20:47 - 2015-12-30 20:47 - 00000000 ____D C:\ProgramData\ohnuzes
2015-12-30 20:46 - 2016-01-29 20:31 - 00000000 ____D C:\ProgramData\ohnuze
2015-12-30 20:46 - 2015-12-30 20:46 - 00003262 _____ C:\Windows\System32\Tasks\psv_Double-Dox
2015-12-30 20:45 - 2015-12-30 20:45 - 00003264 _____ C:\Windows\System32\Tasks\psv_Zathair

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 20:36 - 2015-10-22 20:24 - 00000000 ____D C:\Users\test\AppData\Local\Seznam.cz
2016-01-29 20:35 - 2015-11-30 22:13 - 00000000 ____D C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626
2016-01-29 20:33 - 2015-12-14 20:43 - 00000000 ___DC C:\Program Files (x86)\WinZipper
2016-01-29 20:33 - 2015-10-17 14:41 - 00000000 ____D C:\Users\test\AppData\Roaming\ViberPC
2016-01-29 20:33 - 2015-02-28 23:40 - 00000000 ____D C:\Users\test\Documents\ViberDownloads
2016-01-29 20:32 - 2015-12-13 13:48 - 00000000 ___DC C:\Program Files (x86)\Feed Notifier
2016-01-29 20:31 - 2015-12-02 20:33 - 00000000 ____D C:\ProgramData\Zitenop
2016-01-29 20:31 - 2013-09-25 16:48 - 00000000 ____D C:\Users\test\AppData\LocalLow\SecurePlugin
2016-01-29 20:31 - 2013-05-17 18:53 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 20:31 - 2013-01-30 23:01 - 00000534 _____ C:\Windows\Tasks\Datová skartovačka - $RECYCLER .job
2016-01-29 20:31 - 2012-01-14 13:25 - 00000000 ____D C:\ProgramData\VeriFace
2016-01-29 20:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-28 22:15 - 2015-12-23 15:54 - 00000326 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_test.job
2016-01-28 22:12 - 2015-12-23 15:54 - 00000596 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_test.job
2016-01-28 22:10 - 2013-05-17 18:53 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 22:05 - 2009-07-14 05:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-28 22:05 - 2009-07-14 05:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 20:40 - 2013-11-21 17:29 - 00000000 ____D C:\ProgramData\ProductData
2016-01-24 23:19 - 2015-12-23 15:54 - 00003574 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_test
2016-01-24 22:33 - 2015-11-30 22:12 - 00000000 ___DC C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626
2016-01-24 20:37 - 2009-07-14 16:18 - 00677826 _____ C:\Windows\system32\perfh005.dat
2016-01-24 20:37 - 2009-07-14 16:18 - 00146712 _____ C:\Windows\system32\perfc005.dat
2016-01-24 20:37 - 2009-07-14 06:13 - 01611912 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-24 20:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-23 09:20 - 2015-12-05 23:15 - 00002253 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-01-23 09:18 - 2015-12-09 21:17 - 00003252 _____ C:\Windows\System32\Tasks\psv_Jayflex
2016-01-23 09:11 - 2015-12-14 20:42 - 00000000 ____D C:\ProgramData\rWdMr
2016-01-23 09:11 - 2015-12-14 20:40 - 00000000 ____D C:\ProgramData\2WdM2
2016-01-21 22:53 - 2013-04-15 20:07 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-01-20 18:43 - 2012-04-13 19:49 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000Core.job
2016-01-18 20:38 - 2014-12-24 20:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-17 19:57 - 2009-07-14 05:45 - 00409696 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 19:55 - 2014-12-12 20:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-17 19:55 - 2014-05-07 19:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-17 19:53 - 2013-03-13 22:55 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-01-17 19:53 - 2013-03-13 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 01:23 - 2013-03-13 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-17 01:21 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2016-01-17 01:19 - 2013-07-12 17:56 - 00000000 ____D C:\Windows\system32\MRT
2016-01-17 01:13 - 2012-01-14 11:46 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-16 23:44 - 2015-10-22 20:23 - 00000000 ____D C:\Users\test\AppData\Roaming\Seznam Browser
2016-01-16 21:36 - 2015-12-23 15:54 - 00000000 ____D C:\Users\test\AppData\Local\PPTAssist
2016-01-16 20:45 - 2015-12-26 21:35 - 00000401 _____ C:\Windows\system32\Internet.lnk
2016-01-11 22:32 - 2015-12-01 11:02 - 00003234 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-01-11 22:32 - 2014-05-03 20:16 - 00002866 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (test)
2016-01-11 21:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-10 21:04 - 2015-09-07 07:34 - 00000000 ____D C:\Users\test\Desktop\Prezentace
2016-01-08 21:18 - 2015-12-05 15:18 - 00000000 ____D C:\ProgramData\Tmp0x0x
2016-01-07 20:27 - 2012-01-14 16:52 - 00001294 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-07 20:26 - 2015-12-02 20:38 - 00003188 _____ C:\Windows\System32\Tasks\snf
2016-01-04 21:23 - 2012-01-18 08:37 - 00000000 ____D C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-04 21:14 - 2014-12-10 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-01 15:12 - 2015-12-26 14:05 - 00000000 ____D C:\ProgramData\3WdM3
2016-01-01 15:11 - 2015-12-28 20:54 - 00000000 ____D C:\ProgramData\HWdMH
2016-01-01 15:11 - 2015-12-25 22:57 - 00000000 ____D C:\ProgramData\gWdMg
2015-12-31 20:45 - 2015-12-06 13:56 - 00000017 _____ C:\Windows\SysWOW64\history.dat
2015-12-30 21:14 - 2015-12-14 20:43 - 00000000 ____D C:\Users\test\AppData\Roaming\WinZipper
2015-12-30 21:02 - 2015-12-29 19:15 - 00000000 ____D C:\ProgramData\6WdM6
2015-12-30 01:19 - 2015-12-29 18:27 - 00524288 ___SH C:\Windows\system32\config\components{a1cec485-ae4f-11e5-b325-e4d53ddb5633}.TMContainer00000000000000000002.regtrans-ms
2015-12-30 01:19 - 2015-12-29 18:27 - 00524288 ___SH C:\Windows\system32\config\components{a1cec485-ae4f-11e5-b325-e4d53ddb5633}.TMContainer00000000000000000001.regtrans-ms
2015-12-30 01:19 - 2015-12-29 18:27 - 00065536 ___SH C:\Windows\system32\config\components{a1cec485-ae4f-11e5-b325-e4d53ddb5633}.TM.blf

==================== Files in the root of some directories =======

2012-01-14 13:45 - 2012-01-14 13:46 - 0008192 _____ () C:\Users\test\AppData\Roaming\records_db
2012-01-15 19:42 - 2012-01-15 19:42 - 0000092 _____ () C:\Users\test\AppData\Local\fusioncache.dat
2012-01-14 11:36 - 2012-01-14 11:36 - 0001500 _____ () C:\Users\test\AppData\Local\PDLSetup.20120114.113657.txt
2012-01-14 11:46 - 2012-01-14 11:46 - 0001521 _____ () C:\Users\test\AppData\Local\PDLSetup.20120114.114632.txt
2012-01-14 11:46 - 2012-01-14 11:46 - 0001263 _____ () C:\Users\test\AppData\Local\PDLSetup.20120114.114636.txt
2012-01-14 11:46 - 2012-01-14 11:46 - 0001265 _____ () C:\Users\test\AppData\Local\PDLSetup.20120114.114659.txt
2012-01-14 12:40 - 2012-01-14 12:40 - 0001542 _____ () C:\Users\test\AppData\Local\PDLSetup.20120114.124051.txt
2012-03-20 23:26 - 2012-03-20 23:26 - 0000017 _____ () C:\Users\test\AppData\Local\resmon.resmoncfg
2015-12-02 21:50 - 2015-12-29 19:15 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================


LastRegBack: 2015-12-13 16:34

==================== End of FRST.txt ============================

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Rudy píše:Zdravím!
Jak je na tom váš oper. systém s legalitou?

Doufám, že dobře, ntb. jsem zakoupil standardně i se softwarem.

Udělejte následující sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

A kde jsou ty logy?

Jestli si hodláte dělat legraci, můžeme to ukončit.

OTL Extras logfile created on: 30.1.2016 21:19:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Stažený software
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18163)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,95 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 28,37% Memory free
7,89 Gb Paging File | 4,31 Gb Available in Paging File | 54,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 0,67 Gb Free Space | 1,14% Space Free | Partition Type: NTFS
Drive D: | 454,49 Gb Total Space | 105,42 Gb Free Space | 23,19% Space Free | Partition Type: NTFS

Computer Name: HUTCH | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055C25EE-0042-4CD9-ABD6-624B1B45397D}" = rport=139 | protocol=6 | dir=out | app=system |
"{08BAC1F6-D15A-47F7-B3FB-E112F5F1FB79}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{10704CFE-0DF7-4249-AE35-8D0C7B7E24FE}" = lport=445 | protocol=6 | dir=in | app=system |
"{13CCF8E7-F7B5-47AE-8880-9A510E21ACBD}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{22DE0365-D665-455F-8161-CE641D6F6E6E}" = lport=138 | protocol=17 | dir=in | app=system |
"{23E4DE17-C15E-4C1D-B488-A003FF0EAB63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CD6F68E-FFEB-4E66-82A7-1AC165EC57F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3182FEC5-E5B3-4828-8B06-9C9D0115B48D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A3E1AA0-75D9-4107-A4A9-5DC582BB9D83}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C6CA19E-0B22-4A8F-A02B-5707820A151A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FC8D82F-1C98-459E-B280-C667EBBE3E46}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{4C55213E-9213-4885-8C76-9EA9B5F6CF40}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CD83B47-1EE4-466F-8972-A5D4C5FA49F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{564E7BDA-AEDB-41E9-ABF6-F4DD085F919D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AB17908-7A1F-480A-BF06-9AF38FEAA686}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{6160E965-A4A2-4957-8C8B-82C7CFAFC316}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{6187E9E5-4CC0-46C8-AD4D-015D6926A3DC}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{6195B575-A697-4725-BE9F-F8982C96D888}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{641F8397-44EB-4B41-90C1-5351BBFA2D18}" = lport=139 | protocol=6 | dir=in | app=system |
"{6534D072-2A75-49DC-83DC-2DF09EA9F1B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6A646B85-3EA2-4935-81C8-53DD2DBE9258}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{74BAF5BA-E582-4466-990A-ACA8A22263C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{764C6586-634B-495A-93A3-DA094C84E40D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C277DFD-A843-471D-8328-12B7BAD3E8BE}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{816F3376-5F88-4A0F-B827-11A614464E38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BD31403-CB1F-4230-943C-699A199D53A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FDDED5A-D5E5-47FB-814C-E6368F0CF378}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9A90672C-D66D-469E-B399-D40AD4536FBC}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{9B7339EA-6677-4E07-8E4D-509DDCCB6661}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{A11D1619-97D8-41E3-9E93-29D8249774F2}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{B0FC3770-1C30-4B2D-BD6F-7C62DA67C0D5}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
"{B612DF39-F3D5-469D-9AFC-BDAB2C46DAA4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{BAF8EBEB-E61B-4CFA-B01C-F38FBB9BE0D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDAD5BE6-5DDA-4D61-BADD-B939459A7FFF}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{BFD29993-5E7C-4E82-8875-E77EAFE1D4A3}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CBC9A6A0-FCDA-4475-A8CF-D76498CE350A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEE71B13-EDDF-4B79-A04E-59EF8ADB97CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D58DFF93-7916-4D25-8081-EF40B48A2200}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{D7A6496E-43F0-43E2-B200-E7E38E8827F2}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D8C9C312-4481-418E-973D-1D1090BDEE1A}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{E43A6EE6-96F7-4BD2-AA31-478CE5BA1BF9}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{F768E74E-082A-43B7-9E9E-B25EEF4C0E06}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEB9DB9D-DD30-45E8-B564-D2464CD46F97}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF8756BD-DC14-4AC3-85CB-EA01E22E2045}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FD847A-78C7-4BBE-98AD-B57BAE5C11AD}" = dir=out | app=c:\program files (x86)\iobit\driver booster\driverbooster.exe |
"{0204FFF4-0DC7-4004-98B4-9762F892126B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{03D87881-DB04-4671-B511-A6AABE3C0AC0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{07E45A02-A5C8-493A-8F5C-C8B972B41F55}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{08BFB988-7A9A-4EE1-94BF-3E5FFFD3E9DA}" = dir=in | app=c:\program files (x86)\iobit\driver booster\dbdownloader.exe |
"{118BA28B-0608-4A25-ADFA-D2DFC45A2B9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19D5FCB4-C445-4E90-ADD9-70ECF3ABA21F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ADB2D14-C941-43C3-917C-2B3B01559FE9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B5932AD-8496-4CAD-AB06-7F02AF230D28}" = dir=out | app=c:\program files (x86)\iobit\driver booster\autoupdate.exe |
"{1BE9187F-BAEE-4784-8A4D-DD5165C7C3B4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1C174399-FE8E-4D3D-BE0C-ABD851510D5C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1D40A7E5-49E7-44E9-BDDB-F879048394CD}" = dir=in | app=c:\users\test\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{20F794D7-CC9A-4F16-BC3D-BF386D5D133E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{22389F1C-52E8-4A3B-A0B6-3D5D3A0B28CF}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe |
"{23AE2353-B21B-4AFD-9E3B-CDD3D633C078}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{28EEBA7B-A90A-4F22-A413-BB91DBD8345D}" = dir=in | app=c:\program files (x86)\iobit\driver booster\autoupdate.exe |
"{309412AB-7F6E-4065-A3E1-2E8F252C6D27}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{319740DF-5543-47E9-8224-19787B45C989}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{35243A9D-F66D-4071-8A2F-76B9BE8DB517}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36D8104B-0CEF-46EE-8F12-73C7881FC74F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{390DA7B2-A4EE-4722-B18C-643FD08F4B54}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3CEF37DB-3E55-4BD7-9087-498273132B63}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E7F29F4-2AF1-4F25-B01B-2B76E19BB824}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{446D90CE-42CB-468E-9D0F-10A151429752}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{571D7C10-5B75-4BA0-950A-95AECCD7FD42}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58DE06F6-F30C-498D-A47D-52F72DB0DC91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59EDBD9E-6008-4E69-ACE0-BED5A828542A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D3EC1FF-EBEA-4500-B6D3-7A833687C1D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D555FAA-5DA9-4565-A81A-9EA4133F57F4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5E977F3C-3A2B-4FFC-95E0-1A20F501D147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62BDA2E2-B7DF-45F8-BE97-29348048B23A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7985E4D4-A8F0-4AE4-8A70-8220D020653F}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe |
"{79F996D8-0764-4787-A40F-D8A5B676766D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe |
"{7A6456AD-7B52-47DF-9896-EE5E5B7A0DBB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C19F24F-BA31-4672-86AF-5B4DFF89F86E}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe |
"{7E0B8760-F4F7-4DF7-87DB-489F17CFA785}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7FF984BC-124A-4A13-A4C4-909E1FAA14A9}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{88C2BC89-41C8-40CB-B8A3-6AC95BDA25CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91117447-0F5B-4F1C-927B-54954F392514}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{94CB32DF-2266-4FBE-A8B1-0FD04B65C89B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9647E681-F072-4E8E-A675-B705556D5005}" = protocol=6 | dir=out | app=system |
"{A842862C-D19D-4AF5-9CDA-E6DA499921AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9A3C130-5134-42E5-9166-DD796F40D487}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{C44D99EA-B461-4158-9050-E922F6CAE4AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C4EDD415-6A23-472A-9C35-84440281166B}" = dir=out | app=c:\program files (x86)\iobit\driver booster\dbdownloader.exe |
"{C6F9B64A-EF33-4474-A538-0A0C3CCE1423}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe |
"{C8A1FB8F-5E38-4A98-9E68-A18C9471E82A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C8BBB3CD-F197-4045-9155-BB33A17889CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D19380B4-5D49-4FB8-91BF-4037CC68B427}" = dir=in | app=c:\program files (x86)\iobit\driver booster\driverbooster.exe |
"{D8DBBB59-B8E6-434C-BF99-FB2CD9765E10}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBF981FF-79F3-430F-AE85-B98B2D17CFCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E01FD139-22E4-4006-BDBA-C0B1C8C5F15C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0B99877-B5AA-4615-8846-D7ED7692520C}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe |
"{E336D7E9-E8EA-4E8D-B5C3-D26D2B0C57AA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E77D33F3-25AF-4665-84AC-1DA0827683A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4336BA4-A2A5-405F-A251-7AFBC58FF9C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F524AA8C-B15D-4204-B8FC-411CF77BBD22}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"TCP Query User{1B1584CF-AF66-476E-B439-494F037CA5F1}D:\hry\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\hry\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{1D450F1B-51E4-4405-8736-E16F3277AD32}D:\hry\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\hry\world_of_tanks\wotlauncher.exe |
"TCP Query User{5ED64028-33FE-4A62-82B1-0E116DB675EF}D:\hry\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\hry\world_of_tanks\worldoftanks.exe |
"TCP Query User{65D57EDF-2B50-4196-9CBA-A7DD754375BA}D:\wot test\worldoftanks.exe" = protocol=6 | dir=in | app=d:\wot test\worldoftanks.exe |
"TCP Query User{677577ED-3586-4524-8774-36F317B8CA48}D:\hry\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\hry\world_of_tanks\wotlauncher.exe |
"TCP Query User{684DD97A-FD99-4DC9-BBD3-E356A7EE0DBF}D:\hry\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\hry\world_of_tanks\worldoftanks.exe |
"UDP Query User{1E002367-A80D-42A6-9E03-D9DFD4884F9E}D:\hry\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\hry\world_of_tanks\worldoftanks.exe |
"UDP Query User{2423D57A-9882-4A77-8B49-F201FE932D3F}D:\hry\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\hry\world_of_tanks\worldoftanks.exe |
"UDP Query User{2A9DB7AA-EF6D-4438-8142-A7DCF874D4EC}D:\hry\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\hry\world_of_tanks\wotlauncher.exe |
"UDP Query User{60BF36B6-7881-41A2-B538-5105B98869CF}D:\wot test\worldoftanks.exe" = protocol=17 | dir=in | app=d:\wot test\worldoftanks.exe |
"UDP Query User{6918D7A2-C8B2-4BD9-B4E6-65B9790176F9}D:\hry\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\hry\world_of_tanks\wotlauncher.exe |
"UDP Query User{8E312410-F4A0-4DD6-99E2-BFD115CD720F}D:\hry\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\hry\activision\call of duty 4 - modern warfare\iw3mp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series" = Canon MG4200 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F06417072FF}" = Java 7 Update 72 (64-bit)
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Software Intel(R) PROSet/Wireless WiFi
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{709A2D23-C25E-47B5-9268-CB6FEE648504}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B255D495-4734-4E9B-B4F5-96702FD4A7B9}" = Podpora aplikací Apple (64bitová)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 353.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 353.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.31
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C48AF3CF-C632-3C19-838E-7DAB7283D46A}" = Microsoft .NET Framework 4.5.2 (CSY)
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}" = Microsoft Security Client
"{F11D09F7-49D0-487D-87A7-B16D8F1560E9}" = Windows 7 Manager
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Balíček ovladače systému Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04995D3C-F1A7-4946-90DE-960DA8EF1ED7}" = CDBurnerXP
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F03217072FF}" = Java 7 Update 72
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{44EB6B81-27FD-4A44-9D77-59D72EEAE6C5}" = IObit Apps Toolbar v23.8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{6091F327-2B13-4193-A6F1-4B2271613A74}_is1" = Feed Notifier 2.6
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{703E9CCF-0578-4AF0-B1F7-90368CFDC8DD}" = Viber
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FE25256-B7C1-480D-B736-10A67A833AEA}" = Podpora aplikací Apple (32bitová)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile MF60
"{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Czech
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 19 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 18 PPAPI
"BetterCareerSearch_2b Chrome Extension Uninstall" = BetterCareerSearch Toolbar Chrome Extension
"Canon MG4200 series On-screen Manual" = Canon MG4200 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Clarity recorder" = Clarity recorder
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ELPI elektronický podpis a šifrovanie adresárov_is1" = ELPI verzia 1.6
"Google Chrome" = Google Chrome
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Lucky Bright" = Lucky Bright
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PopupProduct" = Body Text Feathering
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Registrace uživatele zařízení Canon MG4200 series" = Registrace uživatele zařízení Canon MG4200 series
"simplitec POWER SUITE_is1" = KMPFaster
"SoftwareUpdater" = Licence Device
"The KMPlayer" = KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VeriFace" = VeriFace
"WinZipper" = WinZipper
"WNLT" = IB Updater Service
"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14 FREE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"{5B26FDE6-1F7E-A7B5-41AD-6A7C466D315F}" = Camera Extension
"{e577cb09-2068-44fb-8eed-cfcc1617b010}" = Viber
"PPTAssist" = PPT美化大师
"Seznam Browser" = Prohlížeč Seznam.cz

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.1.2016 16:00:44 | Computer Name = Hutch | Source = MsiInstaller | ID = 1024
Description =

Error - 21.1.2016 18:12:17 | Computer Name = Hutch | Source = IMFservice | ID = 0
Description =

Error - 21.1.2016 18:12:17 | Computer Name = Hutch | Source = IMFservice | ID = 0
Description =

Error - 24.1.2016 15:39:52 | Computer Name = Hutch | Source = MsiInstaller | ID = 11714
Description =

Error - 27.1.2016 15:50:07 | Computer Name = Hutch | Source = MsiInstaller | ID = 11328
Description =

Error - 27.1.2016 15:50:10 | Computer Name = Hutch | Source = MsiInstaller | ID = 1024
Description =

Error - 28.1.2016 15:56:19 | Computer Name = Hutch | Source = MsiInstaller | ID = 11714
Description =

Error - 28.1.2016 17:48:40 | Computer Name = Hutch | Source = IMFservice | ID = 0
Description =

Error - 28.1.2016 17:48:41 | Computer Name = Hutch | Source = IMFservice | ID = 0
Description =

Error - 30.1.2016 16:17:00 | Computer Name = Hutch | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 28.1.2016 16:00:47 | Computer Name = Hutch | Source = DCOM | ID = 10010
Description =

Error - 28.1.2016 16:01:43 | Computer Name = Hutch | Source = DCOM | ID = 10010
Description =

Error - 28.1.2016 16:03:34 | Computer Name = Hutch | Source = volsnap | ID = 393251
Description = Stínové kopie svazku C: byly přerušeny, protože se nepodařilo zvětšit
úložiště stínové kopie.

Error - 28.1.2016 16:25:42 | Computer Name = Hutch | Source = DCOM | ID = 10010
Description =

Error - 28.1.2016 16:27:19 | Computer Name = Hutch | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.213.4678.0 Zdroj aktualizace: %%859 Fáze aktualizace:
%%853 Zdrojová cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace:
%%803 Uživatel: NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu:
1.1.12400.0 Kód chyby: 0x80240022 Popis chyby: V daném programu nelze zkontrolovat
aktualizace definic.

Error - 28.1.2016 16:27:19 | Computer Name = Hutch | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.213.4678.0 Zdroj aktualizace: %%859 Fáze aktualizace:
%%853 Zdrojová cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace:
%%803 Uživatel: NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu:
1.1.12400.0 Kód chyby: 0x80240022 Popis chyby: V daném programu nelze zkontrolovat
aktualizace definic.

Error - 28.1.2016 16:28:12 | Computer Name = Hutch | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.213.4678.0 Zdroj aktualizace: %%851 Fáze aktualizace:
%%852 Zdrojová cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%800 Typ aktualizace: %%803 Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální
verze modulu: Předchozí verze modulu: 1.1.12400.0 Kód chyby: 0x80072ee7 Popis chyby:
Nelze rozpoznat název nebo adresu serveru.

Error - 28.1.2016 16:28:12 | Computer Name = Hutch | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.213.4678.0 Zdroj aktualizace: %%851 Fáze aktualizace:
%%852 Zdrojová cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%801 Typ aktualizace: %%803 Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální
verze modulu: Předchozí verze modulu: 1.1.12400.0 Kód chyby: 0x80072ee7 Popis chyby:
Nelze rozpoznat název nebo adresu serveru.

Error - 29.1.2016 16:21:24 | Computer Name = Hutch | Source = Service Control Manager | ID = 7034
Description = Služba Advanced SystemCare Service 9 byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 30.1.2016 16:57:13 | Computer Name = Hutch | Source = volsnap | ID = 393251
Description = Stínové kopie svazku C: byly přerušeny, protože se nepodařilo zvětšit
úložiště stínové kopie.


< End of report >

OTL logfile created on: 30.1.2016 21:19:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Stažený software
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18163)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,95 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 28,37% Memory free
7,89 Gb Paging File | 4,31 Gb Available in Paging File | 54,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 0,67 Gb Free Space | 1,14% Space Free | Partition Type: NTFS
Drive D: | 454,49 Gb Total Space | 105,42 Gb Free Space | 23,19% Space Free | Partition Type: NTFS

Computer Name: HUTCH | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2016.01.30 21:13:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Stažený software\OTL.exe
PRC - [2016.01.29 21:25:22 | 000,273,920 | ---- | M] () -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\knsp9A09.tmp
PRC - [2016.01.27 20:57:36 | 000,166,880 | ---- | M] (DotC United Inc) -- D:\Program Files (x86)\MPC Cleaner\MPCTray.exe
PRC - [2016.01.27 20:57:27 | 000,349,152 | ---- | M] (DotC United Inc) -- D:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
PRC - [2016.01.27 20:57:25 | 000,267,744 | ---- | M] (DotC United Inc) -- D:\Program Files (x86)\MPC Cleaner\MPCNews.exe
PRC - [2016.01.20 04:08:19 | 000,731,824 | ---- | M] (Tai Wai Shui Mu) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe
PRC - [2016.01.13 15:01:36 | 046,373,056 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
PRC - [2016.01.12 17:36:02 | 000,748,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016.01.04 19:35:06 | 000,508,416 | ---- | M] () -- C:\ProgramData\dlohn\dlohn.exe
PRC - [2015.12.30 20:35:34 | 000,534,016 | ---- | M] () -- C:\ProgramData\ohnuze\ohnuze.exe
PRC - [2015.12.26 09:59:52 | 000,158,720 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1454106713-E111-A818-DC0EA173A626\qnsvF6F.tmp
PRC - [2015.12.08 09:05:54 | 000,580,752 | ---- | M] (tsvr.com) -- C:\Users\test\AppData\Roaming\TSv\TSvr.exe
PRC - [2015.12.05 14:28:09 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
PRC - [2015.12.02 17:40:34 | 000,406,016 | ---- | M] () -- C:\ProgramData\Zitenop\Zitenop.exe
PRC - [2015.12.01 17:00:00 | 000,694,632 | ---- | M] (Zhuhai Kingsoft Office Software Co.,Ltd) -- C:\Users\test\AppData\Local\PPTAssist\ktpcntr.exe
PRC - [2015.11.30 22:13:38 | 000,325,632 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\snsc5768.tmp
PRC - [2015.11.30 22:13:36 | 000,516,608 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\onsc576A.tmp
PRC - [2015.11.30 22:12:42 | 000,617,984 | ---- | M] () -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\hnsx7C94.tmp
PRC - [2015.11.30 22:12:35 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\jnss6155.tmp
PRC - [2015.11.26 08:25:44 | 000,109,897 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\pnsc576B.exe
PRC - [2015.11.09 11:26:08 | 051,657,424 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\Viber.exe
PRC - [2015.10.21 22:09:34 | 000,081,920 | -H-- | M] () -- C:\Program Files (x86)\baidu\ppt.exe
PRC - [2015.09.23 14:31:38 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Feed Notifier\notifier.exe
PRC - [2015.08.27 01:37:44 | 002,634,872 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015.08.27 01:37:41 | 001,872,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2012.03.28 13:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2012.03.07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.01.14 13:25:25 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2007.03.09 19:00:18 | 001,167,360 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe


========== Modules (No Company Name) ==========

MOD - [2016.01.30 21:05:21 | 000,011,264 | ---- | M] () -- C:\Users\test\AppData\Local\Temp\nsm281A.tmp\System.dll
MOD - [2016.01.13 15:01:36 | 046,373,056 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
MOD - [2016.01.12 17:35:55 | 001,590,088 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
MOD - [2016.01.12 17:35:52 | 000,087,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
MOD - [2015.12.26 21:37:41 | 000,257,536 | ---- | M] () -- C:\ProgramData\Zitenop\Lightfresh.dll
MOD - [2015.11.30 22:22:21 | 000,031,232 | ---- | M] () -- C:\Users\test\AppData\Local\Camera Extension\{72CF7F9B-DC02-991B-E7CB-BC42B9BD5369}\CameraExtension.dll
MOD - [2015.11.30 22:22:21 | 000,010,752 | ---- | M] () -- C:\Users\test\AppData\Local\Camera Extension\{72CF7F9B-DC02-991B-E7CB-BC42B9BD5369}\ftslocf.dll
MOD - [2015.11.30 22:13:36 | 000,516,608 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\onsc576A.tmp
MOD - [2015.11.26 08:25:44 | 000,109,897 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\pnsc576B.exe
MOD - [2015.11.09 11:26:08 | 051,657,424 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\Viber.exe
MOD - [2015.11.09 11:19:32 | 000,389,632 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\imageformats\qsvg.dll
MOD - [2015.11.09 11:19:27 | 000,089,088 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\qfacebook.dll
MOD - [2015.10.21 22:09:34 | 000,081,920 | -H-- | M] () -- C:\Program Files (x86)\baidu\ppt.exe
MOD - [2015.10.05 15:22:16 | 000,073,728 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\libEGL.dll
MOD - [2015.10.05 15:19:14 | 001,481,728 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\libGLESv2.dll
MOD - [2015.09.29 15:34:24 | 000,425,984 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtLocation\declarative_location.dll
MOD - [2015.09.29 15:26:18 | 000,057,856 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2015.09.29 15:25:48 | 000,690,176 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015.09.29 03:04:28 | 000,184,320 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
MOD - [2015.09.29 03:03:32 | 000,065,024 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtPositioning\declarative_positioning.dll
MOD - [2015.09.29 02:58:25 | 000,044,032 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
MOD - [2015.09.29 02:58:23 | 000,012,288 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
MOD - [2015.09.29 02:58:22 | 000,012,288 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
MOD - [2015.09.29 02:58:20 | 000,012,288 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\QtQml\Models.2\modelsplugin.dll
MOD - [2015.09.29 02:37:50 | 000,010,240 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\libEGL.dll
MOD - [2015.09.29 02:37:49 | 001,601,536 | ---- | M] () -- C:\Users\test\AppData\Local\Viber\libGLESV2.dll
MOD - [2015.09.23 14:31:38 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Feed Notifier\notifier.exe
MOD - [2015.08.27 01:37:44 | 000,011,896 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015.07.23 05:06:23 | 000,012,104 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2015.05.15 22:31:47 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
MOD - [2014.11.30 22:21:29 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp331.ax
MOD - [2014.10.15 19:02:49 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014.10.15 19:00:40 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014.09.13 15:49:17 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012.01.15 22:00:21 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.01.14 13:25:24 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010.11.05 02:54:38 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll
MOD - [2005.06.24 19:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lenovo\EnergyCut\HookLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015.12.12 19:02:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015.11.12 22:55:26 | 000,379,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Dripkix\Dripkix.exe -- (Dripkix)
SRV:64bit: - [2015.08.23 13:33:19 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.07.24 05:22:13 | 001,155,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015.07.24 05:22:11 | 005,544,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2015.04.30 00:53:40 | 000,366,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2015.04.30 00:53:40 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014.08.10 13:48:32 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013.07.10 22:52:14 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011.05.12 16:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.05.02 14:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 14:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 14:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016.01.29 21:25:22 | 000,273,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\knsp9A09.tmp -- (pucufecozbt)
SRV - [2016.01.27 20:57:27 | 000,349,152 | ---- | M] (DotC United Inc) [Auto | Running] -- D:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
SRV - [2016.01.20 04:08:19 | 000,731,824 | ---- | M] (Tai Wai Shui Mu) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2016.01.04 19:35:06 | 000,508,416 | ---- | M] () [Auto | Running] -- C:\ProgramData\\dlohn\\dlohn.exe -- (dlohn)
SRV - [2015.12.30 20:35:34 | 000,534,016 | ---- | M] () [Auto | Running] -- C:\ProgramData\\ohnuze\\ohnuze.exe -- (ohnuze)
SRV - [2015.12.26 09:59:52 | 000,158,720 | ---- | M] () [Auto | Running] -- C:\Users\test\AppData\Local\35B51072-1454106713-E111-A818-DC0EA173A626\qnsvF6F.tmp -- (zigipyro)
SRV - [2015.12.13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015.12.08 09:05:54 | 000,580,752 | ---- | M] (tsvr.com) [Auto | Running] -- C:\Users\test\AppData\Roaming\TSv\TSvr.exe -- (IhPul)
SRV - [2015.12.02 17:40:34 | 000,406,016 | ---- | M] () [Auto | Running] -- C:\ProgramData\\Zitenop\\Zitenop.exe -- (Zitenop)
SRV - [2015.11.30 22:13:38 | 000,325,632 | ---- | M] () [Auto | Running] -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\snsc5768.tmp -- (xenyduje)
SRV - [2015.11.30 22:12:42 | 000,617,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\hnsx7C94.tmp -- (ryrojiry)
SRV - [2015.11.30 22:12:35 | 000,240,640 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\jnss6155.tmp -- (pupivyhi)
SRV - [2015.11.23 20:41:28 | 000,956,136 | ---- | M] (Spigot, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe -- (Program Manager)
SRV - [2015.11.20 17:44:02 | 000,955,056 | ---- | M] (Spigot, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2015.11.10 13:48:12 | 002,934,048 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015.08.27 01:37:41 | 001,872,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.06.24 00:58:10 | 000,165,784 | ---- | M] (APN LLC.) [On_Demand | Stopped] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014.05.28 15:46:02 | 002,580,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2014.04.11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.03.28 13:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2012.01.15 08:42:25 | 000,066,872 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016.01.27 20:58:52 | 000,060,136 | ---- | M] (DotC United Inc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MPCKpt.sys -- (MPCKpt)
DRV:64bit: - [2015.12.04 23:10:12 | 011,531,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2015.12.04 23:09:36 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2015.08.11 05:52:30 | 000,050,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015.07.24 05:22:11 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015.07.23 05:06:23 | 000,031,376 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2015.06.10 22:08:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2015.03.04 18:34:52 | 000,124,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014.11.30 22:22:16 | 000,454,416 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014.11.30 22:21:28 | 000,952,832 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2014.05.03 20:21:20 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014.04.18 20:00:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014.02.17 22:59:51 | 000,176,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2013.07.25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.11 10:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 00:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.03.07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.14 16:43:28 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.01.14 16:43:25 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.10.28 19:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.08.09 13:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 08:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011.08.04 08:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011.08.04 08:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011.05.13 08:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 08:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 08:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 08:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 08:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 08:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 09:26:40 | 000,137,728 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2011.05.10 09:26:40 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011.05.10 09:26:40 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011.05.10 09:26:40 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.16 17:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015.01.14 20:03:35 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... earchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursites123.com/web/?type=d ... earchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursites123.com/web/?type=d ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\..\SearchScopes,DefaultScope = {ielnksrch}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKLM\..\SearchScopes\ielnksrch: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {356C663A-29A7-4B26-BB5A-1C70D8F4AB2A}
IE - HKU\.DEFAULT\..\SearchScopes\{356C663A-29A7-4B26-BB5A-1C70D8F4AB2A}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {356C663A-29A7-4B26-BB5A-1C70D8F4AB2A}
IE - HKU\S-1-5-18\..\SearchScopes\{356C663A-29A7-4B26-BB5A-1C70D8F4AB2A}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... earchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes,DefaultScope = {18F9ACFF-FA75-4830-AEF8-CE6B65598CE5}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.dalesearch.com/?q={searchTer ... 9&tsp=5011
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{18F9ACFF-FA75-4830-AEF8-CE6B65598CE5}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.yoursites123.com/web/?type=d ... earchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{53D943B4-F4B8-4035-9026-260DEFD2C4B6}: "URL" = http://search.eshield.com/serp?guid={8C ... earchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcer ... DF&pc=MSSE
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6F36 ... 2012-05-08 20:50:27&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{A8885A04-562A-452B-B795-ADE1B3C43D21}: "URL" = http://search.yahoo.com/search?p={searc ... type=11467
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{D83A9746-0573-4C41-B746-32EAF5C87A8E}: "URL" = http://websearch.ask.com/redirect?clien ... 7FF1E2A618
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 0EA173A626}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{F29BA006-1725-443E-AA40-D919C19925A4}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{FDAE1BA8-D154-4204-B9A8-18198994F6CE}: "URL" = https://search.yahoo.com/search?fr=chr- ... earchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{ielnksrch}: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyucr_RRfpjzIC4jzU2Bn38fxswmdH7ZWjb5YPEBFP3Lr80KVX1IHnre-os1J5aQ3_abkrR41thdizjVpS_vQAKhBlz1EcPd0PlHg7n11MpQhM3DWU-1egyu3AmIlz8yJfrK6wN5ROinFZh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yoursearching.com/?type=hp&t ... W7116W7116"
FF - prefs.js..keyword.URL: "http://search.eshield.com/serp?guid={8C ... _search&k="
FF - prefs.js..browser.search.defaultenginename: "eShield Safe Web"
FF - prefs.js..browser.startup.homepage: "http://services.eshield.com/general/new ... E3DABE}&i="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\test\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\deskCutv2@gmail.com: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hdiuo2ez.default\extensions\deskCutv2@gmail.com [2015.12.02 21:49:57 | 000,000,000 | ---D | M]

[2015.12.23 20:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions
[2015.11.30 22:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions\1448918575_xpi
[2015.11.30 23:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions\1448921190_xpi
[2015.12.20 14:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hdiuo2ez.default\extensions
[2015.12.02 21:49:57 | 000,000,000 | ---D | M] ("Newtab") -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hdiuo2ez.default\extensions\deskCutv2@gmail.com
[2015.12.23 20:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions
[2014.09.25 18:59:45 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\speeddial@instair.net
[2015.11.30 04:03:12 | 000,008,838 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions\{1c09e4c9-0906-443a-aa55-b0db4716d743}.xpi
[2012.02.23 22:44:48 | 000,021,707 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\adapter@babylontc.com.xpi
[2012.02.23 22:44:49 | 000,011,148 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\ocr@babylon.com.xpi
[2015.11.30 04:03:12 | 000,008,838 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\{1c09e4c9-0906-443a-aa55-b0db4716d743}.xpi
[2013.05.03 10:01:54 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

========== Chrome ==========

CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnfmoippfkddcakmbeaglgjcfcfcfmk\1.1.4_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnkfkmdhgomemhogjdianppfjkaddcc\3.3_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_1\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.5_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccdakfilccajeijdfklolcafehhoika\4.67.1.26152_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\3.2.2_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.4.1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak\0.2.987_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE64.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_LENOVO_MICPKEY] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyCut] c:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\.DEFAULT..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-721941654-2744527999-12510684-1000..\Run: [apphide] C:\Program Files (x86)\baidu\ppt.exe ()
O4 - HKU\S-1-5-21-721941654-2744527999-12510684-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-721941654-2744527999-12510684-1000..\Run: [GoogleChromeAutoLaunch_1B0E81B795B08FCFC87354BB5741BA8D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-721941654-2744527999-12510684-1000..\Run: [Viber] C:\Users\test\AppData\Local\Viber\Viber.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin File not found
O4 - HKU\.DEFAULT..\RunOnce: [iCloud] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin File not found
O4 - HKU\S-1-5-18..\RunOnce: [iCloud] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk = C:\Program Files (x86)\Feed Notifier\notifier.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/Action.htm File not found
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64044D7E-9B24-46AF-9C95-C70214869202}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{666EB138-89B9-4E3C-9459-E5202D906ADA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA8337B7-92C6-43AC-8D75-81041728570C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\ProgramData\Zitenop\Flexity.dll) - C:\ProgramData\Zitenop\Flexity.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\ProgramData\Zitenop\Lightfresh.dll) - C:\ProgramData\Zitenop\Lightfresh.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46ca87fe-3e96-11e1-bb0d-dc0ea173a626}\Shell - "" = AutoRun
O33 - MountPoints2\{46ca87fe-3e96-11e1-bb0d-dc0ea173a626}\Shell\AutoRun\command - "" = G:\AutoRunCD.exe
O33 - MountPoints2\{72347dc4-65c9-11e1-9ce7-e4d53ddb5633}\Shell - "" = AutoRun
O33 - MountPoints2\{72347dc4-65c9-11e1-9ce7-e4d53ddb5633}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VP80 - vp8vfw.dll File not found
Drivers32: vidc.XVID - xvidvfw.dll File not found
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 90 Days ==========

[2016.01.30 21:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016.01.29 22:31:53 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\35B51072-1454106713-E111-A818-DC0EA173A626
[2016.01.29 21:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2016.01.29 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2016.01.29 20:55:26 | 000,000,000 | ---D | C] -- C:\rsit
[2016.01.28 22:13:17 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\test\Desktop\FRSTLauncher.exe
[2016.01.28 22:11:22 | 000,000,000 | ---D | C] -- C:\FRST
[2016.01.28 22:11:06 | 002,370,560 | ---- | C] (Farbar) -- C:\Users\test\Desktop\FRST64.exe
[2016.01.16 21:59:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2016.01.16 21:59:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2016.01.16 21:59:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2016.01.16 21:59:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2016.01.16 21:59:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2016.01.16 21:59:39 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016.01.16 21:59:38 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2016.01.16 21:59:37 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2016.01.16 21:59:32 | 001,307,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2016.01.16 21:59:31 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2016.01.16 21:59:31 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2016.01.16 21:59:30 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2016.01.16 21:59:30 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2016.01.16 21:59:29 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2016.01.16 21:59:29 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2016.01.16 21:59:29 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2016.01.16 21:59:29 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2016.01.16 21:59:28 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2016.01.16 21:59:28 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2016.01.16 21:59:27 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2016.01.16 21:59:27 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2016.01.16 21:59:27 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2016.01.16 21:59:26 | 001,153,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2016.01.16 21:59:26 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2016.01.16 21:59:26 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2016.01.16 21:59:25 | 001,955,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2016.01.16 21:59:25 | 001,573,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2016.01.16 21:59:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2016.01.16 21:59:25 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2016.01.16 21:59:24 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2016.01.16 21:59:24 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2016.01.16 21:59:24 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2016.01.16 21:59:24 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2016.01.16 21:59:23 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2016.01.16 21:59:23 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2016.01.16 21:59:23 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2016.01.16 21:59:23 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2016.01.16 21:59:23 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2016.01.16 21:59:21 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2016.01.16 21:59:21 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2016.01.16 21:59:21 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2016.01.16 21:59:21 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2016.01.16 21:59:20 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2016.01.16 21:59:19 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2016.01.16 21:59:19 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2016.01.16 21:59:19 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2016.01.16 21:59:19 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2016.01.16 21:59:19 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2016.01.16 21:59:19 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2016.01.16 21:59:19 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2016.01.16 21:59:19 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2016.01.16 21:59:18 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2016.01.16 21:59:18 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2016.01.16 21:59:18 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2016.01.16 21:59:18 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2016.01.16 21:59:17 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2016.01.16 21:59:17 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2016.01.16 21:59:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2016.01.16 21:59:17 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2016.01.16 21:59:16 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2016.01.16 21:59:16 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2016.01.16 21:59:16 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2016.01.16 21:59:15 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2016.01.16 21:59:15 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2016.01.16 21:59:15 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2016.01.16 21:59:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2016.01.16 21:59:15 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2016.01.16 21:59:14 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2016.01.16 21:59:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2016.01.16 21:59:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2016.01.16 21:59:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2016.01.16 21:59:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2016.01.16 21:59:13 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2016.01.16 21:59:13 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2016.01.16 21:59:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2016.01.16 21:59:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2016.01.16 21:59:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2016.01.16 21:59:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2016.01.16 21:59:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2016.01.16 21:59:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2016.01.16 21:59:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2016.01.16 21:58:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016.01.16 21:58:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016.01.16 21:58:51 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016.01.16 21:58:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016.01.16 21:58:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016.01.16 21:58:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016.01.16 21:58:50 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016.01.16 21:58:49 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016.01.16 21:58:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016.01.16 21:58:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016.01.16 21:58:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016.01.16 21:58:46 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016.01.16 21:58:46 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016.01.16 21:58:46 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016.01.16 21:58:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016.01.16 21:58:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016.01.16 21:58:45 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016.01.16 21:58:45 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016.01.16 21:58:45 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016.01.16 21:58:45 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016.01.16 21:58:44 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016.01.16 21:58:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016.01.16 21:58:42 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016.01.16 21:58:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016.01.16 21:58:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016.01.16 21:58:41 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016.01.16 21:58:41 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016.01.16 21:58:40 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016.01.16 21:58:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016.01.16 21:58:39 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016.01.16 21:58:39 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016.01.16 21:58:38 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016.01.16 21:58:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016.01.16 21:58:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016.01.16 21:58:37 | 006,051,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016.01.16 21:58:37 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016.01.16 21:58:37 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016.01.16 21:58:36 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016.01.16 21:58:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016.01.16 21:58:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016.01.16 21:58:34 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016.01.16 21:53:31 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016.01.16 21:53:25 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016.01.16 21:53:25 | 000,792,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016.01.16 21:53:24 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016.01.16 21:53:24 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2016.01.16 21:53:23 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016.01.16 21:53:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016.01.16 21:53:21 | 000,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016.01.16 21:53:19 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016.01.16 21:53:01 | 005,572,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016.01.16 21:53:00 | 001,214,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016.01.16 21:52:59 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016.01.16 21:52:58 | 003,993,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016.01.16 21:52:57 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016.01.16 21:52:57 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016.01.16 21:52:55 | 001,461,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016.01.16 21:52:53 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016.01.16 21:52:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016.01.16 21:52:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016.01.16 21:52:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016.01.16 21:52:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016.01.16 21:52:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016.01.16 21:52:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016.01.16 21:52:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016.01.16 21:52:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016.01.16 21:52:37 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016.01.16 21:52:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016.01.16 21:52:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016.01.16 21:52:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016.01.16 21:52:34 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016.01.16 21:52:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016.01.16 21:52:32 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016.01.16 21:52:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016.01.16 21:52:29 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016.01.16 21:52:27 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016.01.16 21:52:26 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016.01.16 21:52:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016.01.16 21:52:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016.01.16 21:52:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016.01.16 21:52:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016.01.16 21:52:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016.01.16 21:52:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016.01.16 21:52:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016.01.16 21:52:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016.01.16 21:52:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016.01.16 21:52:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016.01.16 21:52:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016.01.16 21:52:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016.01.16 21:52:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016.01.16 21:52:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016.01.16 21:52:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016.01.16 21:52:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016.01.16 21:52:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016.01.16 21:52:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016.01.16 21:52:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016.01.16 21:52:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016.01.16 21:52:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016.01.16 21:52:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016.01.16 21:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016.01.16 21:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016.01.16 21:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016.01.16 21:52:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016.01.16 21:52:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.16 21:52:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.16 21:52:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016.01.16 21:52:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016.01.16 21:52:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016.01.16 21:52:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016.01.16 21:52:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016.01.16 21:52:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016.01.16 21:52:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016.01.16 21:52:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016.01.16 21:52:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016.01.16 21:52:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016.01.16 21:52:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016.01.16 21:52:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016.01.16 21:52:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016.01.16 21:52:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016.01.16 21:52:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016.01.16 21:52:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016.01.16 21:52:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016.01.16 21:52:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016.01.16 21:52:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016.01.16 21:52:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016.01.16 21:52:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016.01.16 21:52:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016.01.16 21:52:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016.01.16 21:52:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016.01.16 21:52:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016.01.16 21:52:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016.01.16 21:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016.01.16 21:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016.01.16 21:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016.01.16 21:52:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016.01.16 21:52:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016.01.16 21:52:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016.01.16 21:52:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016.01.16 21:52:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016.01.16 21:52:07 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016.01.16 21:52:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016.01.16 21:52:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016.01.16 21:52:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016.01.16 21:52:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016.01.16 21:52:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016.01.10 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\eCyber
[2016.01.09 21:08:19 | 000,000,000 | ---D | C] -- C:\Users\test\Desktop\Zima2016
[2016.01.08 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\test\Desktop\Davídek_zima2016
[2016.01.08 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\test\Desktop\Nová složka
[2016.01.04 20:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\dlohn
[2016.01.03 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
[2016.01.01 13:46:19 | 000,060,136 | ---- | C] (DotC United Inc) -- C:\Windows\SysNative\drivers\MPCKpt.sys
[2015.12.30 21:16:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2015.12.30 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elex-tech
[2015.12.30 20:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ohnuzes
[2015.12.30 20:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ohnuze
[2015.12.29 19:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\6WdM6
[2015.12.28 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HWdMH
[2015.12.27 22:53:00 | 001,382,240 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2015.12.27 22:53:00 | 000,873,464 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2015.12.27 22:53:00 | 000,158,704 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2015.12.27 22:53:00 | 000,075,544 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2015.12.27 22:52:58 | 001,121,864 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2015.12.27 22:52:58 | 000,961,848 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2015.12.27 22:52:58 | 000,749,000 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2015.12.27 22:52:56 | 002,997,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2015.12.27 22:52:56 | 002,893,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2015.12.27 22:52:54 | 000,343,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2015.12.27 22:52:53 | 003,271,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2015.12.27 22:52:53 | 000,195,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2015.12.27 22:52:53 | 000,023,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2015.12.27 22:52:52 | 000,689,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2015.12.27 22:52:52 | 000,387,320 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2015.12.27 22:52:52 | 000,214,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2015.12.27 22:52:52 | 000,110,984 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2015.12.27 22:52:52 | 000,088,352 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2015.12.27 22:52:49 | 001,351,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2015.12.27 22:52:48 | 000,321,720 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2015.12.27 22:52:47 | 000,321,720 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2015.12.27 22:52:46 | 002,965,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2015.12.27 22:52:44 | 002,028,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2015.12.27 22:52:38 | 003,278,408 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2015.12.27 22:52:36 | 001,601,944 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll
[2015.12.27 22:52:36 | 000,122,328 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2015.12.27 22:52:36 | 000,118,600 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2015.12.27 22:52:35 | 000,574,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2015.12.26 23:27:31 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015.12.26 22:20:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015.12.26 14:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\3WdM3
[2015.12.25 22:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\gWdMg
[2015.12.23 21:05:00 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\kingsoft
[2015.12.23 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\PPTAssist
[2015.12.23 15:54:40 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\pptassist
[2015.12.23 15:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2015.12.23 15:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\baidu
[2015.12.14 20:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[2015.12.14 20:43:04 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\WinZipper
[2015.12.14 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipper
[2015.12.14 20:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\rWdMr
[2015.12.14 20:41:41 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\TSv
[2015.12.14 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\2WdM2
[2015.12.13 13:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feed Notifier
[2015.12.12 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
[2015.12.12 23:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2015.12.12 23:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simplitec
[2015.12.12 23:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2015.12.12 23:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\7a44e8de-0f81-0
[2015.12.12 23:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\7a44e8de-0111-1
[2015.12.10 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\PlutoTV
[2015.12.09 22:02:11 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015.12.09 22:02:10 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015.12.09 22:02:09 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015.12.09 22:02:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015.12.09 22:02:09 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015.12.09 22:02:09 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015.12.09 22:02:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015.12.09 22:02:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015.12.09 22:02:09 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015.12.09 22:02:09 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015.12.09 22:02:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015.12.09 22:02:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015.12.09 22:02:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015.12.09 22:02:08 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015.12.09 22:02:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015.12.09 22:02:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015.12.09 22:02:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015.12.09 22:02:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015.12.09 22:02:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015.12.09 22:02:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015.12.09 22:02:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015.12.09 22:02:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015.12.09 22:02:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015.12.09 22:02:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015.12.09 22:01:56 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015.12.09 22:01:54 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015.12.09 22:01:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015.12.09 22:01:49 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015.12.09 22:01:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015.12.09 22:01:48 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015.12.09 22:01:48 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015.12.09 22:01:48 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015.12.09 22:01:48 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015.12.09 21:53:57 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015.12.09 21:53:55 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015.12.06 13:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015.12.05 15:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Tmp0x0x
[2015.12.04 23:10:12 | 011,531,536 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwsw00.sys
[2015.12.04 23:09:36 | 000,458,960 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys
[2015.12.02 21:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\nWMiniPron
[2015.12.02 21:14:24 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\35B51072-1449090864-E111-A818-DC0EA173A626
[2015.12.02 20:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Zitenops
[2015.12.02 20:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Zitenop
[2015.12.01 11:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
[2015.12.01 10:33:23 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\jnhtnwej.sys
[2015.11.30 23:06:51 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\35B51072-1448924811-E111-A818-DC0EA173A626
[2015.11.30 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Camera Extension
[2015.11.30 22:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
[2015.11.30 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Dripkix
[2015.11.30 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626
[2015.11.30 22:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626
[2015.11.23 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2015.11.23 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2015.11.22 14:38:56 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\CEF
[2015.11.22 14:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2015.11.16 14:54:30 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Viber
[2015.11.10 21:32:46 | 000,299,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2015.11.10 21:32:46 | 000,251,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2015.11.10 21:31:37 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2015.11.10 21:31:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2015.11.10 21:31:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2015.11.10 21:31:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2015.11.10 21:31:26 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2015.11.10 21:31:26 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2015.11.10 21:31:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2016.01.30 21:27:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016.01.30 21:17:18 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.01.30 21:17:18 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.01.30 21:15:13 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\PPTAssistantNotifyTask_test.job
[2016.01.30 21:12:23 | 000,000,596 | ---- | M] () -- C:\Windows\tasks\PPTAssistantUpdateTask_test.job
[2016.01.30 21:10:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.01.30 21:06:45 | 000,677,826 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016.01.30 21:06:45 | 000,663,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.01.30 21:06:45 | 000,146,712 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016.01.30 21:06:45 | 000,126,378 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.01.30 21:06:44 | 001,611,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.01.30 21:02:07 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.01.30 21:02:05 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016.01.30 21:02:04 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\Datová skartovačka - $RECYCLER .job
[2016.01.30 20:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.01.30 20:58:48 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2016.01.29 20:55:00 | 001,222,144 | ---- | M] () -- C:\Users\test\Desktop\RSITx64.exe
[2016.01.28 22:13:20 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\test\Desktop\FRSTLauncher.exe
[2016.01.28 22:09:50 | 002,370,560 | ---- | M] (Farbar) -- C:\Users\test\Desktop\FRST64.exe
[2016.01.27 20:58:52 | 000,060,136 | ---- | M] (DotC United Inc) -- C:\Windows\SysNative\drivers\MPCKpt.sys
[2016.01.20 18:43:32 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000Core.job
[2016.01.17 19:57:13 | 000,409,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.01.16 20:45:56 | 000,000,401 | ---- | M] () -- C:\Windows\SysNative\Internet.lnk
[2016.01.06 11:57:22 | 001,475,392 | ---- | M] () -- C:\Users\test\Desktop\IMG_2304.JPG
[2016.01.01 20:42:26 | 000,000,401 | ---- | M] () -- C:\Users\test\Desktop\Internet.lnk
[2015.12.31 20:45:29 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\history.dat
[2015.12.30 20:08:35 | 005,572,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.12.30 20:05:33 | 001,730,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015.12.30 20:02:28 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2015.12.30 20:02:28 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015.12.30 20:02:28 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015.12.30 20:02:17 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2015.12.30 20:01:56 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015.12.30 20:01:56 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015.12.30 20:01:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015.12.30 20:01:55 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015.12.30 20:01:14 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015.12.30 20:01:10 | 001,214,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015.12.30 20:00:23 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2015.12.30 19:59:11 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015.12.30 19:59:02 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015.12.30 19:58:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015.12.30 19:58:00 | 001,461,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015.12.30 19:57:55 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2015.12.30 19:57:55 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2015.12.30 19:55:46 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015.12.30 19:55:45 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2015.12.30 19:54:58 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015.12.30 19:54:58 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015.12.30 19:54:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015.12.30 19:54:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015.12.30 19:54:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015.12.30 19:54:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015.12.30 19:54:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015.12.30 19:54:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015.12.30 19:54:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015.12.30 19:54:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015.12.30 19:54:57 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015.12.30 19:47:23 | 003,993,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015.12.30 19:47:23 | 003,938,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015.12.30 19:41:32 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2015.12.30 19:39:32 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015.12.30 19:39:17 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015.12.30 19:37:35 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015.12.30 19:37:35 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015.12.30 19:37:35 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015.12.30 19:37:35 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015.12.30 19:37:35 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015.12.30 19:37:34 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015.12.30 19:37:34 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015.12.30 19:37:34 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015.12.30 19:37:34 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015.12.30 19:37:34 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015.12.30 19:37:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015.12.30 19:37:30 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015.12.30 18:57:51 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015.12.30 18:50:50 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2015.12.30 18:49:09 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015.12.30 18:44:49 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015.12.30 18:41:00 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015.12.30 18:32:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2015.12.30 18:32:53 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2015.12.30 18:32:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2015.12.30 18:32:51 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2015.12.30 18:30:40 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015.12.30 18:30:40 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015.12.30 18:30:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015.12.30 18:30:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015.12.29 19:15:41 | 000,000,074 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015.12.27 22:53:00 | 001,382,240 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2015.12.27 22:53:00 | 000,873,464 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2015.12.27 22:53:00 | 000,158,704 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2015.12.27 22:53:00 | 000,075,544 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2015.12.27 22:52:58 | 001,121,864 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2015.12.27 22:52:58 | 000,961,848 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2015.12.27 22:52:58 | 000,749,000 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2015.12.27 22:52:56 | 002,997,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2015.12.27 22:52:56 | 002,893,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2015.12.27 22:52:54 | 000,343,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2015.12.27 22:52:53 | 003,271,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2015.12.27 22:52:53 | 000,387,320 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2015.12.27 22:52:53 | 000,195,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2015.12.27 22:52:53 | 000,023,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2015.12.27 22:52:52 | 000,689,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2015.12.27 22:52:52 | 000,214,840 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2015.12.27 22:52:52 | 000,110,984 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2015.12.27 22:52:52 | 000,088,352 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2015.12.27 22:52:50 | 001,351,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2015.12.27 22:52:49 | 004,005,405 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2015.12.27 22:52:49 | 000,321,720 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2015.12.27 22:52:48 | 000,321,720 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2015.12.27 22:52:47 | 002,965,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2015.12.27 22:52:44 | 002,028,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2015.12.27 22:52:38 | 003,278,408 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2015.12.27 22:52:36 | 001,601,944 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll
[2015.12.27 22:52:36 | 000,574,760 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2015.12.27 22:52:36 | 000,122,328 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2015.12.27 22:52:36 | 000,118,600 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2015.12.26 23:26:38 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015.12.18 21:48:06 | 001,587,562 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015.12.15 21:29:09 | 000,024,405 | ---- | M] () -- C:\Users\test\Desktop\Cenik_TP_OA+NA+TK_-201526.pdf
[2015.12.14 21:21:10 | 002,986,442 | ---- | M] () -- C:\Users\test\Desktop\ústavko - zápočtový test II.zip
[2015.12.14 21:20:42 | 002,986,442 | ---- | M] () -- C:\Users\test\Desktop\ústavko - zápočtový test.zip
[2015.12.13 13:50:16 | 000,001,075 | ---- | M] () -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk
[2015.12.12 23:43:06 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\KMPFaster.lnk
[2015.12.12 23:41:01 | 000,000,697 | ---- | M] () -- C:\Users\test\Desktop\KMPlayer.lnk
[2015.12.12 19:30:59 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015.12.12 19:16:29 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015.12.12 19:15:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015.12.12 19:15:40 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015.12.12 19:15:09 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015.12.12 19:14:59 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015.12.12 19:07:27 | 006,051,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.12.12 19:07:00 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015.12.12 19:03:49 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015.12.12 19:02:40 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015.12.12 19:02:34 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015.12.12 19:02:34 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015.12.12 19:02:19 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.12.12 18:55:26 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015.12.12 18:51:44 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015.12.12 18:44:06 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015.12.12 18:40:39 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015.12.12 18:39:41 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015.12.12 18:37:41 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015.12.12 18:37:18 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015.12.12 18:37:05 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015.12.12 18:36:57 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015.12.12 18:36:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015.12.12 18:35:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015.12.12 18:30:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015.12.12 18:28:38 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015.12.12 18:27:24 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015.12.12 18:27:22 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015.12.12 18:27:04 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015.12.12 18:23:11 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015.12.12 18:22:58 | 000,718,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015.12.12 18:21:12 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015.12.12 18:20:50 | 002,123,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015.12.12 18:14:57 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015.12.12 18:12:17 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015.12.12 18:10:58 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015.12.12 18:08:59 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015.12.12 18:00:20 | 002,050,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015.12.12 18:00:09 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015.12.12 17:42:36 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015.12.12 17:36:53 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015.12.11 23:33:26 | 001,787,189 | ---- | M] () -- C:\Users\test\Desktop\CLS.jpeg
[2015.12.11 19:57:53 | 001,164,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015.12.10 20:54:30 | 000,000,013 | ---- | M] () -- C:\Users\test\.pluto.tv
[2015.12.08 22:54:13 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2015.12.08 22:54:13 | 001,568,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2015.12.08 22:54:13 | 001,325,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2015.12.08 22:54:13 | 000,902,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2015.12.08 22:54:13 | 000,815,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2015.12.08 22:54:13 | 000,740,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2015.12.08 22:54:13 | 000,739,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2015.12.08 22:54:13 | 000,665,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2015.12.08 22:54:13 | 000,541,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2015.12.08 22:54:13 | 000,358,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2015.12.08 22:54:04 | 002,285,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2015.12.08 22:54:00 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2015.12.08 22:53:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2015.12.08 22:53:54 | 001,329,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2015.12.08 22:53:54 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2015.12.08 22:53:54 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2015.12.08 22:53:54 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2015.12.08 22:53:50 | 000,970,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2015.12.08 22:53:50 | 000,829,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2015.12.08 22:53:49 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2015.12.08 22:53:48 | 000,415,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2015.12.08 22:53:48 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2015.12.08 22:53:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2015.12.08 22:53:47 | 003,209,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015.12.08 22:53:47 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2015.12.08 22:53:47 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2015.12.08 22:53:47 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2015.12.08 22:53:47 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2015.12.08 22:53:44 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2015.12.08 22:53:41 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2015.12.08 22:53:40 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2015.12.08 22:53:25 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2015.12.08 22:53:19 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2015.12.08 22:53:08 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2015.12.08 22:50:41 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2015.12.08 20:07:52 | 001,955,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2015.12.08 20:07:52 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2015.12.08 20:07:52 | 001,575,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2015.12.08 20:07:52 | 001,393,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMALFXGFXDSP.dll
[2015.12.08 20:07:52 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2015.12.08 20:07:52 | 001,153,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2015.12.08 20:07:52 | 001,026,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2015.12.08 20:07:52 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2015.12.08 20:07:52 | 000,666,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2015.12.08 20:07:52 | 000,642,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2015.12.08 20:07:52 | 000,447,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2015.12.08 20:07:46 | 002,777,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2015.12.08 20:07:44 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2015.12.08 20:07:42 | 000,378,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2015.12.08 20:07:39 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2015.12.08 20:07:36 | 001,573,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2015.12.08 20:07:36 | 000,624,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2015.12.08 20:07:36 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2015.12.08 20:07:36 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2015.12.08 20:07:33 | 001,307,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2015.12.08 20:07:33 | 001,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2015.12.08 20:07:32 | 004,121,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015.12.08 20:07:32 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2015.12.08 20:07:32 | 000,653,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2015.12.08 20:07:32 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2015.12.08 20:07:32 | 000,432,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2015.12.08 20:07:32 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2015.12.08 20:07:32 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2015.12.08 20:07:32 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015.12.08 20:07:32 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2015.12.08 20:07:32 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2015.12.08 20:07:31 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2015.12.08 20:07:28 | 000,632,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2015.12.08 20:07:28 | 000,405,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2015.12.08 20:07:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2015.12.08 20:07:25 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2015.12.08 20:07:23 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2015.12.08 20:07:07 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2015.12.08 20:06:59 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2015.12.08 20:06:44 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2015.12.08 20:04:27 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2015.12.08 19:54:36 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2015.12.08 19:12:08 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2015.12.06 14:07:24 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.12.06 13:50:24 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.12.06 13:50:24 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.12.05 21:07:47 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015.12.04 23:10:12 | 011,531,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwsw00.sys
[2015.12.04 23:09:36 | 000,458,960 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys
[2015.12.01 10:33:25 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\jnhtnwej.sys
[2015.11.30 22:35:22 | 000,000,476 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015.11.30 18:15:28 | 000,000,000 | -H-- | M] () -- C:\asc_rdflag
[2015.11.28 18:33:45 | 000,393,153 | ---- | M] () -- C:\Users\test\Desktop\Zák. o PČR.pdf
[2015.11.28 00:04:19 | 000,092,415 | ---- | M] () -- C:\Users\test\Desktop\čs.pdf
[2015.11.22 22:16:38 | 000,210,571 | ---- | M] () -- C:\Users\test\Desktop\Daňové přiznání_zápočet.PDF
[2015.11.22 14:02:33 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015.11.20 19:54:59 | 003,170,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015.11.20 19:54:59 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015.11.20 19:54:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015.11.20 19:54:59 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015.11.20 19:54:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015.11.20 19:54:58 | 000,709,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015.11.20 19:54:28 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015.11.20 19:54:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015.11.20 19:54:15 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015.11.20 19:54:15 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015.11.20 19:34:36 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015.11.20 19:34:36 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015.11.20 19:34:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015.11.20 19:34:35 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015.11.20 19:33:56 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015.11.17 02:11:57 | 000,025,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2015.11.17 02:08:25 | 000,705,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015.11.17 02:08:23 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015.11.17 02:08:20 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015.11.17 02:08:18 | 001,381,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015.11.17 02:08:18 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015.11.16 21:17:46 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015.11.14 00:09:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2015.11.14 00:09:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2015.11.14 00:08:28 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2015.11.13 23:50:01 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2015.11.13 23:49:15 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2015.11.13 20:59:54 | 000,048,914 | ---- | M] () -- C:\Users\test\Desktop\Já_old school.jpg
[2015.11.11 19:53:48 | 001,735,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015.11.11 19:53:47 | 000,525,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015.11.11 19:39:34 | 001,242,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015.11.11 19:39:33 | 000,487,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015.11.10 19:55:29 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015.11.10 19:55:26 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015.11.05 20:05:04 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015.11.05 20:02:52 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015.11.05 10:53:59 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015.11.03 20:04:51 | 000,802,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015.11.03 20:04:37 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015.11.03 19:55:58 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015.11.02 11:28:48 | 000,000,383 | ---- | M] () -- C:\ftconfig.ini
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016.01.30 21:27:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016.01.29 20:54:53 | 001,222,144 | ---- | C] () -- C:\Users\test\Desktop\RSITx64.exe
[2016.01.10 20:54:45 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016.01.09 21:10:17 | 001,475,392 | ---- | C] () -- C:\Users\test\Desktop\IMG_2304.JPG
[2016.01.01 20:42:26 | 000,000,401 | ---- | C] () -- C:\Users\test\Desktop\Internet.lnk
[2015.12.28 20:56:05 | 000,844,815 | ---- | C] () -- C:\Users\test\Desktop\PSD kurz.jpg
[2015.12.28 20:52:39 | 000,212,665 | ---- | C] () -- C:\Users\test\Desktop\Střelnice.jpg
[2015.12.27 22:52:49 | 004,005,405 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2015.12.26 21:35:50 | 000,000,401 | ---- | C] () -- C:\Windows\SysNative\Internet.lnk
[2015.12.23 15:54:53 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\PPTAssistantNotifyTask_test.job
[2015.12.23 15:54:50 | 000,000,596 | ---- | C] () -- C:\Windows\tasks\PPTAssistantUpdateTask_test.job
[2015.12.18 20:27:58 | 000,036,592 | ---- | C] () -- C:\Users\test\Desktop\4
[2015.12.15 21:29:06 | 000,024,405 | ---- | C] () -- C:\Users\test\Desktop\Cenik_TP_OA+NA+TK_-201526.pdf
[2015.12.14 21:21:10 | 002,986,442 | ---- | C] () -- C:\Users\test\Desktop\ústavko - zápočtový test II.zip
[2015.12.14 21:20:41 | 002,986,442 | ---- | C] () -- C:\Users\test\Desktop\ústavko - zápočtový test.zip
[2015.12.13 13:50:16 | 000,001,075 | ---- | C] () -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk
[2015.12.12 23:43:06 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\KMPFaster.lnk
[2015.12.12 23:42:42 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2015.12.12 23:41:01 | 000,000,697 | ---- | C] () -- C:\Users\test\Desktop\KMPlayer.lnk
[2015.12.11 23:34:10 | 001,787,189 | ---- | C] () -- C:\Users\test\Desktop\CLS.jpeg
[2015.12.10 20:54:30 | 000,000,013 | ---- | C] () -- C:\Users\test\.pluto.tv
[2015.12.06 13:56:21 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\history.dat
[2015.12.06 01:50:01 | 005,693,162 | ---- | C] () -- C:\Users\test\Desktop\Výcvik.jpg
[2015.12.05 21:07:47 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015.12.02 21:50:38 | 000,000,074 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015.11.30 22:35:22 | 000,000,476 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015.11.30 18:15:28 | 000,000,000 | -H-- | C] () -- C:\asc_rdflag
[2015.11.28 18:33:44 | 000,393,153 | ---- | C] () -- C:\Users\test\Desktop\Zák. o PČR.pdf
[2015.11.28 00:04:19 | 000,092,415 | ---- | C] () -- C:\Users\test\Desktop\čs.pdf
[2015.11.22 22:16:33 | 000,210,571 | ---- | C] () -- C:\Users\test\Desktop\Daňové přiznání_zápočet.PDF
[2015.11.22 14:02:33 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015.11.22 14:02:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2015.11.14 00:20:03 | 000,261,142 | ---- | C] () -- C:\Users\test\Desktop\Já_ZOP.jpg
[2015.11.13 20:59:53 | 000,048,914 | ---- | C] () -- C:\Users\test\Desktop\Já_old school.jpg
[2015.11.02 11:28:48 | 000,000,383 | ---- | C] () -- C:\ftconfig.ini
[2015.07.29 22:05:17 | 037,748,880 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2014.11.30 22:21:28 | 000,001,822 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2014.11.30 22:21:28 | 000,001,822 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini
[2012.03.20 23:26:52 | 000,000,017 | ---- | C] () -- C:\Users\test\AppData\Local\resmon.resmoncfg
[2012.01.15 19:42:15 | 000,000,092 | ---- | C] () -- C:\Users\test\AppData\Local\fusioncache.dat
[2012.01.14 13:45:24 | 000,008,192 | ---- | C] () -- C:\Users\test\AppData\Roaming\records_db

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.08.06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.08.06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.12.10 21:40:42 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\AVG
[2013.09.18 21:35:37 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Babylon
[2012.01.14 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Canneverbe Limited
[2013.04.29 18:57:13 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Canon
[2016.01.10 18:00:59 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\eCyber
[2012.02.26 20:38:22 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ESET
[2012.07.07 12:54:19 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Fighters
[2012.01.24 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\GHISLER
[2013.01.29 21:50:29 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Inv Softworks
[2015.12.01 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\IObit
[2015.12.23 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\kingsoft
[2012.07.09 20:52:28 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Nokia
[2015.12.10 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\OpenCandy
[2015.12.18 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Opera Software
[2012.01.15 09:16:14 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\PC Suite
[2015.12.23 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\pptassist
[2015.11.05 21:03:35 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ProductData
[2014.12.10 21:36:09 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\RHEng
[2014.06.13 19:44:31 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\SanDisk
[2013.09.19 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\SanDisk SecureAccess
[2016.01.16 23:44:02 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Seznam Browser
[2014.11.30 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\SketchUp
[2014.04.06 16:28:19 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\systweak
[2015.12.14 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\TSv
[2016.01.30 21:02:52 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ViberPC
[2012.03.20 21:30:37 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\wargaming.net
[2015.12.30 21:14:24 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\WinZipper
[2012.04.02 10:46:29 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.13 19:49:10 | 000,000,956 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000Core.job
[2012.04.13 19:49:11 | 000,000,978 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000UA.job
[2012.11.06 10:53:26 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.30 23:01:44 | 000,000,534 | ---- | C] () -- C:\Windows\Tasks\Datová skartovačka - $RECYCLER .job
[2013.05.17 18:53:17 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 18:53:18 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015.12.23 15:54:50 | 000,000,596 | ---- | C] () -- C:\Windows\Tasks\PPTAssistantUpdateTask_test.job
[2015.12.23 15:54:53 | 000,000,326 | ---- | C] () -- C:\Windows\Tasks\PPTAssistantNotifyTask_test.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2015.04.11 05:31:36 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=43DCEC23557C32F7702C8D5BC729738F -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2015.04.13 04:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\SysNative\services.exe
[2015.04.13 04:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.11.26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< >

< %systemroot%*.* /U /s >
[53 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[72 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\357c8435a7f80800732a3f695f44b143\*.tmp files -> C:\Windows\SoftwareDistribution\Download\357c8435a7f80800732a3f695f44b143\*.tmp -> ]
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
[10 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.01.14 12:08:19 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Adobe
[2013.10.21 18:44:55 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Apple Computer
[2014.12.10 21:40:42 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\AVG
[2013.09.18 21:35:37 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Babylon
[2012.01.14 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Canneverbe Limited
[2013.04.29 18:57:13 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Canon
[2013.01.12 07:39:08 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\dvdcss
[2016.01.10 18:00:59 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\eCyber
[2012.02.26 20:38:22 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ESET
[2012.07.07 12:54:19 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Fighters
[2012.01.24 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\GHISLER
[2012.01.14 16:52:13 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Identities
[2012.01.14 17:22:14 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\InstallShield
[2012.01.14 11:35:50 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Intel
[2013.01.29 21:50:29 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Inv Softworks
[2015.12.01 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\IObit
[2015.12.23 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\kingsoft
[2012.01.14 11:14:29 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Macromedia
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Media Center Programs
[2015.08.11 20:48:40 | 000,000,000 | --SD | M] -- C:\Users\test\AppData\Roaming\Microsoft
[2015.12.03 22:35:53 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Mozilla
[2012.07.09 20:52:28 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Nokia
[2015.12.10 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\OpenCandy
[2015.12.18 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Opera Software
[2012.01.15 09:16:14 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\PC Suite
[2015.12.23 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\pptassist
[2015.11.05 21:03:35 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ProductData
[2014.12.10 21:36:09 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\RHEng
[2014.06.13 19:44:31 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\SanDisk
[2013.09.19 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\SanDisk SecureAccess
[2012.01.15 08:43:50 | 000,000,000 | RH-D | M] -- C:\Users\test\AppData\Roaming\SecuROM
[2016.01.16 23:44:02 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Seznam Browser
[2014.11.30 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\SketchUp
[2015.04.24 20:39:25 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Skype
[2014.04.06 16:28:19 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\systweak
[2015.12.14 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\TSv
[2016.01.30 21:02:52 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ViberPC
[2015.03.10 21:41:22 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Vidalia
[2013.01.19 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\vlc
[2012.03.20 21:30:37 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\wargaming.net
[2012.01.23 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\WinRAR
[2015.12.30 21:14:24 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\WinZipper
[2012.04.02 10:46:29 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2014.11.30 22:10:05 | 000,777,504 | ---- | M] () -- C:\Users\test\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2014.11.30 22:09:32 | 002,197,280 | ---- | M] (IObit) -- C:\Users\test\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2015.12.25 13:05:13 | 000,098,664 | ---- | M] (Zhuhai Kingsoft Office Software Co.,Ltd) -- C:\Users\test\AppData\Roaming\kingsoft\pptassist\update\down\fileconn.exe
[2015.12.23 21:05:20 | 000,744,312 | ---- | M] () -- C:\Users\test\AppData\Roaming\kingsoft\pptassist\update\down\ktpcntrstp1.exe
[2015.08.11 20:48:40 | 000,119,808 | R--- | M] () -- C:\Users\test\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2015.11.30 22:18:44 | 000,316,192 | ---- | M] () -- C:\Users\test\AppData\Roaming\OpenCandy\18E5C91826A54A20BA3E880A9262467B\setup.exe
[2013.09.18 21:36:54 | 000,914,400 | ---- | M] () -- C:\Users\test\AppData\Roaming\OpenCandy\5299BA8CFCCC4DAABE9ABD4B9E70BEB0\PasswordBoxCHSTORE_p1v0.exe
[2013.09.20 14:57:47 | 000,914,400 | ---- | M] () -- C:\Users\test\AppData\Roaming\OpenCandy\761C38E6E98245568CA59F1F755014F4\PasswordBoxCHSTORE_p1v0.exe
[2013.01.29 03:33:10 | 032,682,184 | ---- | M] (SweetLabs,Inc.) -- C:\Users\test\AppData\Roaming\OpenCandy\98BB92F0F51F45BEB7D7CD269C74D982\version51030bc4470a0.exe
[2015.12.10 20:52:49 | 072,500,800 | ---- | M] (Pluto TV ) -- C:\Users\test\AppData\Roaming\OpenCandy\A1933B7FF7C84BF4A20F793635560AEB\PlutoTVSetup0910.exe
[2016.01.20 19:01:20 | 000,576,872 | ---- | M] (珠海金山办公软件有限公司) -- C:\Users\test\AppData\Roaming\pptassist\update\down\tbdtip1.exe
[2014.12.10 21:38:08 | 048,113,464 | ---- | M] (AVG Technologies) -- C:\Users\test\AppData\Roaming\RHEng\71420DF166904D6AA7EA4D53EFA12922\AVG-PC-TuneUp2015_CS_2200604.exe
[2014.12.10 21:43:25 | 000,683,104 | ---- | M] (Opera Software) -- C:\Users\test\AppData\Roaming\RHEng\7ADB81964F9442E5AB79E132191EFA3C\Opera_NI_stable.exe
[2012.02.14 08:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\test\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
[2015.01.20 10:22:10 | 001,490,944 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\ImportFavs.exe
[2015.01.28 11:55:26 | 004,777,984 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\nwsnapshot.exe
[2015.09.30 18:00:20 | 000,057,024 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\restart.exe
[2015.12.15 13:50:36 | 000,040,120 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\restartBack.exe
[2016.01.13 15:01:36 | 046,373,056 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\Seznam.cz.exe
[2015.10.22 20:23:46 | 000,116,219 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\uninstall.exe
[2015.06.18 15:48:04 | 000,167,936 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\unzip.exe
[2015.12.07 14:31:14 | 000,245,248 | ---- | M] (Paralint.com) -- C:\Users\test\AppData\Roaming\Seznam Browser\node_modules\node-notifier\vendor\notifu\notifu.exe
[2015.12.07 14:31:14 | 000,323,584 | ---- | M] (Paralint.com) -- C:\Users\test\AppData\Roaming\Seznam Browser\node_modules\node-notifier\vendor\notifu\notifu64.exe
[2015.12.07 14:31:14 | 000,014,848 | ---- | M] () -- C:\Users\test\AppData\Roaming\Seznam Browser\node_modules\node-notifier\vendor\toaster\toast.exe
[2015.12.08 09:05:54 | 000,580,752 | ---- | M] (tsvr.com) -- C:\Users\test\AppData\Roaming\TSv\TSvr.exe
[2015.12.30 21:14:29 | 000,432,128 | ---- | M] (equal max) -- C:\Users\test\AppData\Roaming\WinZipper\update\zip_update_v1.5.132.exe
[2016.01.20 19:18:09 | 002,921,072 | ---- | M] () -- C:\Users\test\AppData\Roaming\WinZipper\update\zip_update_v1.5.137.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2015.12.06 14:07:24 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016.01.30 21:02:04 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\Datová skartovačka - $RECYCLER .job
[2016.01.20 18:43:32 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000Core.job
[2015.02.09 19:34:20 | 000,000,978 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000UA.job
[2016.01.30 21:02:07 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016.01.30 22:10:04 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2016.01.30 22:15:02 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\PPTAssistantNotifyTask_test.job
[2016.01.30 22:12:40 | 000,000,596 | ---- | M] () -- C:\Windows\Tasks\PPTAssistantUpdateTask_test.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"GoogleChromeAutoLaunch_1B0E81B795B08FCFC87354BB5741BA8D" = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window -- [2016.01.12 17:36:02 | 000,748,360 | ---- | M] (Google Inc.)
"apphide" = C:\Program Files (x86)\baidu\ppt.exe -- [2015.10.21 22:09:34 | 000,081,920 | -H-- | M] ()
"Viber" = "C:\Users\test\AppData\Local\Viber\Viber.exe" StartMinimized -- [2015.11.09 11:26:08 | 051,657,424 | ---- | M] ()
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2015.11.16 17:54:04 | 008,591,272 | ---- | M] (Piriform Ltd)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2015.12.23 23:52:08 | 000,815,304 | ---- | M] (Microsoft Corporation) MD5=0E5C2FBD4CF9CB08DCDA586247195FF2 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2016.01.12 17:36:02 | 000,748,360 | ---- | M] (Google Inc.) MD5=23294E80AF6A4C653522D12A391933A1 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016.01.30 21:27:42 | 000,000,512 | ---- | M] () MD5=B04F9F998A9F71EDAED5DCC5481DAA97 -- C:\PhysicalMBR.bin
[3 C:\*.tmp files -> C:\*.tmp -> ]

< >

< *crack* /s >
[2014.02.05 18:41:19 | 000,213,184 | ---- | M] () -- \Hry\World_of_Tanks\res\audio\objects_ice_crack.fsb

< *keygen* /s >

< *loader* /s >
[2015.05.15 15:27:10 | 000,060,712 | ---- | M] () -- \Common Files\Apple\Apple Application Support\YSLoader.exe
[2015.04.26 13:02:04 | 000,043,816 | ---- | M] () -- \Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
[2015.04.26 13:02:04 | 001,505,576 | ---- | M] () -- \Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader_main.dll
[2014.09.03 00:27:24 | 000,268,432 | ---- | M] () -- \Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014.09.03 00:27:24 | 000,019,096 | ---- | M] () -- \Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2015.07.24 05:22:02 | 001,176,720 | ---- | M] () -- \GFExperience\ExtensionLoader.dll
[2013.01.09 18:20:26 | 000,071,208 | ---- | M] () -- \Hry\World_of_Tanks\PhysXLoader.dll
[2015.11.11 16:13:56 | 000,009,971 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\app_loader\loader.pyc
[2015.11.11 16:13:56 | 000,001,512 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\eulaversionloader.pyc
[2015.11.11 16:13:56 | 000,002,209 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2015.11.11 16:13:56 | 000,007,130 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2015.11.11 16:13:56 | 000,003,955 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2015.11.11 16:13:56 | 000,002,753 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2015.11.11 16:13:59 | 000,001,519 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2015.11.11 16:13:59 | 000,006,157 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2015.11.11 16:14:00 | 000,011,861 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\shared\remotedatadownloader.pyc
[2015.11.11 16:14:00 | 000,003,419 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\helpers\rssdownloader.pyc
[2015.11.11 16:14:02 | 000,011,524 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\tutorial\loader.pyc
[2015.11.11 16:07:35 | 000,011,336 | ---- | M] () -- \Hry\World_of_Tanks\res_bw\scripts\common\lib\unittest\loader.pyc
[2015.11.11 16:07:35 | 000,049,402 | ---- | M] () -- \Hry\World_of_Tanks\res_bw\scripts\common\lib\unittest\test\test_loader.pyc
[2013.08.15 21:27:46 | 000,010,773 | ---- | M] () -- \IObit\Advanced SystemCare 6\Downloader.log
[2015.04.08 15:33:08 | 002,163,488 | ---- | M] () -- \IObit\Advanced SystemCare 8\ActionCenterDownloader.exe
[2015.06.23 13:41:58 | 002,193,728 | ---- | M] () -- \IObit\Driver Booster\IObitDownloader.exe
[2015.07.06 14:31:20 | 002,193,728 | ---- | M] () -- \IObit\Driver Booster\Freeware\IObitDownloader.exe
[2015.01.09 17:46:14 | 002,157,344 | ---- | M] () -- \IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe
[2015.01.19 21:04:52 | 002,158,880 | ---- | M] () -- \IObit\IObit Uninstaller\Downloader.exe
[2015.01.14 19:51:39 | 002,156,832 | ---- | M] () -- \IObit\IObit Uninstaller\IObitDownloader.exe
[2015.01.16 16:19:22 | 002,161,440 | ---- | M] () -- \IObit\Smart Defrag 4\ActionCenterDownloader.exe
[2015.01.19 16:23:36 | 002,161,440 | ---- | M] () -- \IObit\Smart Defrag 4\Freeware\SD_FreeSoftwareDownloader.exe
[2015.07.24 05:22:13 | 000,916,112 | ---- | M] () -- \NVI2\NVDownloader.dll
[2015.07.24 05:21:16 | 000,028,430 | ---- | M] () -- \NVI2\NVI2DownloaderExt.CFG
[2015.07.24 05:22:13 | 000,828,048 | ---- | M] () -- \NVI2\NVI2DownloaderExt.DLL
[2015.07.24 05:22:02 | 001,176,720 | ---- | M] () -- \NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2015.07.25 00:28:36 | 000,057,592 | ---- | M] () -- \NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2015.07.25 00:28:36 | 000,065,784 | ---- | M] () -- \NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2015.07.25 00:28:36 | 000,073,976 | ---- | M] () -- \NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2015.07.25 00:28:36 | 000,090,872 | ---- | M] () -- \NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2015.07.25 00:28:36 | 000,057,592 | ---- | M] () -- \PhysX\files\Common\PhysXLoader.dll
[2015.07.25 00:28:36 | 000,065,784 | ---- | M] () -- \PhysX\files\Common\PhysXLoader64.dll
[2015.07.25 00:28:36 | 000,073,976 | ---- | M] () -- \PhysX\files\Common\PhysXUpdateLoader.dll
[2015.07.25 00:28:36 | 000,090,872 | ---- | M] () -- \PhysX\files\Common\PhysXUpdateLoader64.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.10 21:46:23 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.05 20:35:55 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18839_none_68c745e9927b4528\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.06.07 21:11:44 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_68a6d625929398fb\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:39:37 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:28:21 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.05 20:35:54 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23040_none_693ce850aba95016\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.06.07 21:11:43 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_691e7920abbfd697\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.12 20:39:18 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015.03.12 20:39:18 | 000,033,208 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winload.efi.mui_35ee487d
[2015.03.12 20:39:18 | 000,034,752 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winload.exe.mui_3bc5b827
[2015.03.12 20:39:18 | 000,029,624 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winresume.efi.mui_f412814e
[2015.03.12 20:39:18 | 000,030,136 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winresume.exe.mui_ff8b5358
[2015.03.12 20:39:21 | 000,005,744 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2015.03.12 20:39:21 | 000,693,176 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winload.efi_75834aa0
[2015.03.12 20:39:22 | 000,619,056 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winload.exe_75835076
[2015.03.12 20:39:22 | 000,616,360 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winresume.efi_85cd069f
[2015.03.12 20:39:22 | 000,532,176 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2015.05.05 20:37:09 | 000,000,616 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2009.07.14 16:15:51 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2015.02.03 05:49:45 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015.01.16 07:36:46 | 000,004,141 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2015.01.27 06:32:05 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22943_cs-cz_91d08fc02cdfefb2.manifest
[2015.02.03 06:30:16 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2015.05.05 20:34:25 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_cs-cz_91cd67042ce2d6ef.manifest
[2015.06.07 21:11:12 | 000,004,431 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_cs-cz_91aef7d42cf95d70.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015.02.03 04:51:30 | 000,005,744 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2015.01.16 07:37:02 | 000,005,511 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015.01.27 05:22:06 | 000,005,744 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22943_none_b9b4db489c7d55e5.manifest
[2015.02.03 05:17:47 | 000,005,744 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2015.05.05 20:34:28 | 000,005,744 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_b9b1b28c9c803d22.manifest
[2015.06.07 21:11:14 | 000,005,744 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_b993435c9c96c3a3.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.10 21:46:23 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.05 20:35:56 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18839_none_0ca8aa65da1dd3f2\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.06.07 21:11:44 | 000,003,584 | -H-- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_0c883aa1da3627c5\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.05 20:35:54 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23040_none_0d1e4cccf34bdee0\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.06.07 21:11:44 | 000,003,584 | ---- | M] () -- \Přesunuto z CÉČKA\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_0cffdd9cf3626561\api-ms-win-core-libraryloader-l1-1-0.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \SOFTWARE\The KMPlayer\ImLoader.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Sta×enř software\The KMPlayer\ImLoader.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Stažený software\KMPlayer\ImLoader.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \The KMPlayer\ImLoader.dll
[2013.08.21 12:48:08 | 000,071,208 | ---- | M] () -- \WOT test\PhysXLoader.dll
[2013.08.21 12:48:08 | 000,002,221 | ---- | M] () -- \WOT test\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2013.08.21 12:48:08 | 000,007,015 | ---- | M] () -- \WOT test\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2013.08.21 12:48:08 | 000,003,974 | ---- | M] () -- \WOT test\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2013.08.29 11:52:04 | 000,006,629 | ---- | M] () -- \WOT test\res\scripts\client\gui\doc_loaders\logindataloader.pyc
[2013.08.21 12:48:08 | 000,002,773 | ---- | M] () -- \WOT test\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2013.08.21 12:48:08 | 000,001,504 | ---- | M] () -- \WOT test\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2013.08.21 12:48:08 | 000,006,493 | ---- | M] () -- \WOT test\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2013.08.21 12:48:08 | 000,003,668 | ---- | M] () -- \WOT test\res\scripts\client\helpers\rssdownloader.pyc
[2013.08.21 12:48:08 | 000,006,907 | ---- | M] () -- \WOT test\res\scripts\client\tutorial\loader.pyc
[2011.12.06 12:06:24 | 000,429,568 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 13:12:40 | 000,053,640 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Facebook\ZPSPluginLoader.exe
[2011.12.06 12:06:24 | 000,319,488 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Facebook\en\ZPSFacebookUploader.resources.dll
[2011.12.06 12:06:40 | 000,444,416 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 13:12:42 | 000,053,640 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Flickr\ZPSPluginLoader.exe
[2011.12.06 12:06:40 | 000,323,584 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Flickr\en\ZPSFlickrUploader.resources.dll
[2011.03.08 16:09:04 | 000,194,048 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 13:12:40 | 000,053,640 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Picasa\ZPSPluginLoader.exe
[2010.11.11 11:07:12 | 000,323,584 | ---- | M] () -- \Zoner\Photo Studio 14\Plugins\Picasa\en\ZPSPicasaUploader.resources.dll
[2011.12.21 17:07:52 | 000,102,792 | ---- | M] () -- \Zoner\Photo Studio 14\Program32\8bfLoader.exe
[2011.12.21 17:08:06 | 000,016,776 | ---- | M] () -- \Zoner\Photo Studio 14\Program32\WICLoader.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 5960 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
[2016.01.20 19:01:20 | 000,576,872 | ---- | M] (珠海金山办公软件有限公司) -- C:\Users\test\AppData\Roaming\pptassist\update\down\tbdtip1.exe
@Alternate Data Stream - 5960 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720
PRC - [2015.11.30 22:13:38 | 000,325,632 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\snsc5768.tmp
PRC - [2015.11.30 22:13:36 | 000,516,608 | ---- | M] () -- C:\Users\test\AppData\Local\35B51072-1448921610-E111-A818-DC0EA173A626\onsc576A.tmp
PRC - [2015.11.30 22:12:42 | 000,617,984 | ---- | M] () -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\hnsx7C94.tmp
PRC - [2015.11.30 22:12:35 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\35B51072-1448917933-E111-A818-DC0EA173A626\jnss6155.tmp
MOD - [2016.01.30 21:05:21 | 000,011,264 | ---- | M] () -- C:\Users\test\AppData\Local\Temp\nsm281A.tmp\System.dll
SRV - [2015.11.23 20:41:28 | 000,956,136 | ---- | M] (Spigot, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe -- (Program Manager)
SRV - [2015.11.20 17:44:02 | 000,955,056 | ---- | M] (Spigot, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\..\SearchScopes,DefaultScope = {ielnksrch}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKLM\..\SearchScopes\ielnksrch: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Zh8mg,,&q={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {356C663A-29A7-4B26-BB5A-1C70D8F4AB2A}
IE - HKU\.DEFAULT\..\SearchScopes\{356C663A-29A7-4B26-BB5A-1C70D8F4AB2A}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Zh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Zh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Zh8mg,,&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes,DefaultScope = {18F9ACFF-FA75-4830-AEF8-CE6B65598CE5}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.dalesearch.com/?q={searchTer ... 9&tsp=5011
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{18F9ACFF-FA75-4830-AEF8-CE6B65598CE5}: "URL" = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.yoursites123.com/web/?type=d ... 16W7116&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{53D943B4-F4B8-4035-9026-260DEFD2C4B6}: "URL" = http://search.eshield.com/serp?guid={8C ... earchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6F36 ... 2012-05-08 20:50:27&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{D83A9746-0573-4C41-B746-32EAF5C87A8E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=13043D62-C29A-487F-AC62-399604DD8FAA&apn_sauid=526A3A61-C0D7-4F22-AE24-2B7FF1E2A618
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 0EA173A626}
IE - HKU\S-1-5-21-721941654-2744527999-12510684-1000\..\SearchScopes\{ielnksrch}: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Zh8mg,,&q={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: File not found
[2015.12.23 20:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions
[2015.11.30 22:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions\1448918575_xpi
[2015.11.30 23:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions\1448921190_xpi
[2015.12.20 14:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hdiuo2ez.default\extensions
[2015.12.23 20:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions
[2015.11.30 04:03:12 | 000,008,838 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\6aicucig.default\extensions\{1c09e4c9-0906-443a-aa55-b0db4716d743}.xpi
[2012.02.23 22:44:48 | 000,021,707 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\adapter@babylontc.com.xpi
[2012.02.23 22:44:49 | 000,011,148 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\ocr@babylon.com.xpi
[2015.11.30 04:03:12 | 000,008,838 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\{1c09e4c9-0906-443a-aa55-b0db4716d743}.xpi
[2013.05.03 10:01:54 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\ojq716qt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnfmoippfkddcakmbeaglgjcfcfcfmk\1.1.4_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnkfkmdhgomemhogjdianppfjkaddcc\3.3_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_1\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.5_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccdakfilccajeijdfklolcafehhoika\4.67.1.26152_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\3.2.2_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.4.1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak\0.2.987_0\
CHR - Extension: No name found = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE64.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\23.8\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\.DEFAULT..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://D:\Stažený software\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O18 - Protocol\Handler\ms-help - No CLSID value found
O33 - MountPoints2\{46ca87fe-3e96-11e1-bb0d-dc0ea173a626}\Shell - "" = AutoRun
O33 - MountPoints2\{46ca87fe-3e96-11e1-bb0d-dc0ea173a626}\Shell\AutoRun\command - "" = G:\AutoRunCD.exe
O33 - MountPoints2\{72347dc4-65c9-11e1-9ce7-e4d53ddb5633}\Shell - "" = AutoRun
O33 - MountPoints2\{72347dc4-65c9-11e1-9ce7-e4d53ddb5633}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a


:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000Core.job
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Windows\SysNative\drivers\jnhtnwej.sys
C:\Users\test\AppData\Roaming\Babylon
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000Core.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721941654-2744527999-12510684-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files (x86)\IObit Apps Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.