Re: prosim o kontrolu
Napsal: 23 kvě 2017 20:27
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_1\
CHR - Extension: No name found = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\
O1 HOSTS File: ([2017.05.14 13:39:04 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [ZAM] C:\programy\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
O4 - HKLM..\Run: [Raptr] C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [XPE] C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe (XPExplorer.com - 2016)
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\programy\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ab658422-083b-4799-8f6d-44ca0c7b0831}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.07.29 17:10:07 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2017.05.23 19:21:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2017.05.15 20:55:36 | 000,000,000 | ---D | C] -- C:\Soubory Laďa
[2017.05.15 20:48:11 | 000,000,000 | ---D | C] -- C:\FRST
[2017.05.15 20:47:27 | 002,429,952 | ---- | C] (Farbar) -- C:\Users\Asus\Desktop\FRST64.exe
[2017.05.14 14:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2017.05.14 14:01:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017.05.14 13:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2017.05.14 13:59:01 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Temp
[2017.05.14 13:38:19 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zamguard64.sys
[2017.05.14 13:38:19 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zam64.sys
[2017.05.14 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2017.05.14 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Zemana
[2017.05.14 10:00:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\catroot2
[2017.05.13 15:19:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2017.05.13 15:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2017.05.13 14:45:23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
[2017.05.13 14:44:31 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Yamicsoft
[2017.05.13 09:42:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Asus\Desktop\HijackThis.exe
[2017.04.30 07:41:26 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\AMD
[2017.04.29 17:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.04.29 16:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2017.04.29 16:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2017.04.28 15:28:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2017.04.28 15:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2017.04.28 11:08:40 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\call of duty 2 cz
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017.05.23 19:32:12 | 003,083,149 | ---- | M] () -- C:\WINDOWS\ZAM.krnl.trace
[2017.05.23 19:32:11 | 003,164,118 | ---- | M] () -- C:\WINDOWS\ZAM_Guard.krnl.trace
[2017.05.23 19:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2017.05.23 06:35:47 | 536,219,647 | -HS- | M] () -- C:\hiberfil.sys
[2017.05.23 06:35:45 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017.05.16 19:40:29 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017.05.16 09:33:19 | 002,036,902 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017.05.16 09:33:19 | 000,842,644 | ---- | M] () -- C:\WINDOWS\SysNative\perfh005.dat
[2017.05.16 09:33:19 | 000,826,832 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017.05.16 09:33:19 | 000,192,218 | ---- | M] () -- C:\WINDOWS\SysNative\perfc005.dat
[2017.05.16 09:33:19 | 000,171,820 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017.05.16 09:26:52 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017.05.16 09:25:26 | 002,429,952 | ---- | M] (Farbar) -- C:\Users\Asus\Desktop\FRST64.exe
[2017.05.14 13:39:04 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2017.05.14 13:38:19 | 000,203,680 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zamguard64.sys
[2017.05.14 13:38:19 | 000,203,680 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zam64.sys
[2017.05.14 13:38:18 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.05.14 13:37:07 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
[2017.05.14 13:36:28 | 001,309,184 | ---- | M] () -- C:\Users\Asus\Desktop\zoek.exe
[2017.05.14 09:22:36 | 000,028,272 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2017.05.13 15:55:18 | 004,970,688 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017.05.13 14:45:27 | 000,000,890 | ---- | M] () -- C:\Users\Asus\Desktop\Windows 10 Manager.lnk
[2017.05.13 14:45:27 | 000,000,880 | ---- | M] () -- C:\Users\Asus\Desktop\1-Click Cleaner.lnk
[2017.05.13 14:42:02 | 000,001,743 | ---- | M] () -- C:\Users\Asus\Desktop\CrystalDiskInfo.lnk
[2017.05.13 13:31:07 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2017.05.13 09:44:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Asus\Desktop\HijackThis.exe
[2017.04.28 15:28:02 | 000,001,561 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Singleplayer.lnk
[2017.04.28 15:28:02 | 000,001,561 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
[2017.04.28 15:27:31 | 000,000,282 | ---- | M] () -- C:\WINDOWS\game.ini
[2017.04.28 00:15:36 | 000,097,542 | ---- | M] () -- C:\Users\Asus\Desktop\i_love_russia_by_ariyan_iran-d9c15s6.jpg
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017.05.14 13:59:01 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2017.05.14 13:38:24 | 003,161,267 | ---- | C] () -- C:\WINDOWS\ZAM_Guard.krnl.trace
[2017.05.14 13:38:24 | 003,080,430 | ---- | C] () -- C:\WINDOWS\ZAM.krnl.trace
[2017.05.14 13:38:18 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.05.14 13:36:26 | 001,309,184 | ---- | C] () -- C:\Users\Asus\Desktop\zoek.exe
[2017.05.13 15:55:07 | 004,970,688 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017.05.13 14:45:26 | 000,000,890 | ---- | C] () -- C:\Users\Asus\Desktop\Windows 10 Manager.lnk
[2017.05.13 14:45:25 | 000,000,880 | ---- | C] () -- C:\Users\Asus\Desktop\1-Click Cleaner.lnk
[2017.05.13 14:42:02 | 000,001,743 | ---- | C] () -- C:\Users\Asus\Desktop\CrystalDiskInfo.lnk
[2017.04.28 15:28:02 | 000,001,561 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Singleplayer.lnk
[2017.04.28 15:28:02 | 000,001,561 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
[2017.04.28 15:27:31 | 000,000,282 | ---- | C] () -- C:\WINDOWS\game.ini
[2017.04.28 00:15:35 | 000,097,542 | ---- | C] () -- C:\Users\Asus\Desktop\i_love_russia_by_ariyan_iran-d9c15s6.jpg
[2016.11.25 18:52:18 | 000,221,184 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ServiceHelp.dll
[2016.11.25 17:34:20 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2016.11.25 17:31:21 | 000,015,232 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2016.11.25 17:31:21 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2016.11.25 17:31:21 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2016.11.16 00:37:16 | 000,638,976 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2016.11.16 00:37:16 | 000,235,520 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2016.09.18 20:59:37 | 001,862,000 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016.05.31 23:25:51 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2016.03.13 14:16:38 | 000,707,354 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2016.03.13 14:10:10 | 000,002,576 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2016.02.10 17:19:32 | 000,014,464 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsUpIO.sys
[2015.12.30 17:47:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SetupTemp.ini
[2015.12.16 21:26:37 | 001,949,904 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015.12.16 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015.12.16 21:21:28 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015.12.16 21:07:40 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015.12.16 21:07:40 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015.12.16 21:07:38 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015.12.16 21:07:36 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015.12.16 21:07:34 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015.12.16 21:07:34 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015.10.30 09:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015.10.30 09:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015.10.30 09:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015.10.30 09:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015.10.30 09:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015.10.30 09:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015.10.30 09:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015.10.30 09:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015.10.30 09:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015.10.30 09:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015.10.30 09:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015.10.30 09:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015.10.30 09:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015.10.30 09:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015.08.22 02:54:10 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015.08.22 02:54:10 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015.07.05 00:07:05 | 000,000,424 | ---- | C] () -- C:\Users\Asus\AppData\Local\UserProducts.xml
========== ZeroAccess Check ==========
[2016.01.14 19:38:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016.09.07 07:23:32 | 006,605,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016.09.07 07:21:01 | 005,240,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.10.30 09:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015.10.30 09:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016.09.07 06:35:09 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014.11.09 00:06:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\.huntedcowcache
[2014.12.25 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\AMD
[2017.05.13 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Anvsoft
[2017.03.01 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\avidemux
[2015.01.23 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\BANDISOFT
[2017.02.06 10:53:32 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Canneverbe Limited
[2016.04.06 17:13:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite
[2015.10.26 12:22:57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Dropbox
[2017.01.06 13:34:07 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\EncryptStick
[2016.11.25 12:49:25 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\freepicturesolutions
[2016.04.06 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\InfraRecorder
[2017.04.02 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\IObit
[2014.12.19 18:04:53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\library_dir
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Mp3tag
[2017.05.06 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\MPC-HC
[2017.02.27 11:50:52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Octoshape
[2016.12.18 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PlaysTV
[2017.04.29 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Raptr
[2015.04.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Samsung
[2016.07.10 21:13:14 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Seznam.cz
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Sony
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Spotify
[2017.05.13 15:23:19 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TeamViewer
[2017.05.23 19:29:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TS3Client
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\vibranceGUI
[2017.05.13 14:44:31 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Yamicsoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NlsLexicons0009.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NlsData0009.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfreadwrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MFPlay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mantleaxl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\hsa-thunk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\dns-sd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\detoured.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\BackgroundTransferHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiuxpag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiumdva.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiumdag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiu9pag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atioglxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atimpc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atigktxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atieah32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atidxx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticfx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticalrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticaldd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticalcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiadlxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiadlxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdxc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdpcom32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl12cl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_ld32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_as32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdlvr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdhdl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdgfxinfo32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\difxapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\programy\CCleaner\CCleaner64.exe:$CmdTcID
< End of report >
CHR - Extension: No name found = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_1\
CHR - Extension: No name found = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\
O1 HOSTS File: ([2017.05.14 13:39:04 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [ZAM] C:\programy\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
O4 - HKLM..\Run: [Raptr] C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [XPE] C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe (XPExplorer.com - 2016)
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\programy\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ab658422-083b-4799-8f6d-44ca0c7b0831}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.07.29 17:10:07 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2017.05.23 19:21:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2017.05.15 20:55:36 | 000,000,000 | ---D | C] -- C:\Soubory Laďa
[2017.05.15 20:48:11 | 000,000,000 | ---D | C] -- C:\FRST
[2017.05.15 20:47:27 | 002,429,952 | ---- | C] (Farbar) -- C:\Users\Asus\Desktop\FRST64.exe
[2017.05.14 14:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2017.05.14 14:01:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017.05.14 13:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2017.05.14 13:59:01 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Temp
[2017.05.14 13:38:19 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zamguard64.sys
[2017.05.14 13:38:19 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zam64.sys
[2017.05.14 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2017.05.14 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Zemana
[2017.05.14 10:00:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\catroot2
[2017.05.13 15:19:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2017.05.13 15:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2017.05.13 14:45:23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
[2017.05.13 14:44:31 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Yamicsoft
[2017.05.13 09:42:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Asus\Desktop\HijackThis.exe
[2017.04.30 07:41:26 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\AMD
[2017.04.29 17:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.04.29 16:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2017.04.29 16:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2017.04.28 15:28:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2017.04.28 15:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2017.04.28 11:08:40 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\call of duty 2 cz
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017.05.23 19:32:12 | 003,083,149 | ---- | M] () -- C:\WINDOWS\ZAM.krnl.trace
[2017.05.23 19:32:11 | 003,164,118 | ---- | M] () -- C:\WINDOWS\ZAM_Guard.krnl.trace
[2017.05.23 19:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe
[2017.05.23 06:35:47 | 536,219,647 | -HS- | M] () -- C:\hiberfil.sys
[2017.05.23 06:35:45 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017.05.16 19:40:29 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017.05.16 09:33:19 | 002,036,902 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017.05.16 09:33:19 | 000,842,644 | ---- | M] () -- C:\WINDOWS\SysNative\perfh005.dat
[2017.05.16 09:33:19 | 000,826,832 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017.05.16 09:33:19 | 000,192,218 | ---- | M] () -- C:\WINDOWS\SysNative\perfc005.dat
[2017.05.16 09:33:19 | 000,171,820 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017.05.16 09:26:52 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017.05.16 09:25:26 | 002,429,952 | ---- | M] (Farbar) -- C:\Users\Asus\Desktop\FRST64.exe
[2017.05.14 13:39:04 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2017.05.14 13:38:19 | 000,203,680 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zamguard64.sys
[2017.05.14 13:38:19 | 000,203,680 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS\SysNative\drivers\zam64.sys
[2017.05.14 13:38:18 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.05.14 13:37:07 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
[2017.05.14 13:36:28 | 001,309,184 | ---- | M] () -- C:\Users\Asus\Desktop\zoek.exe
[2017.05.14 09:22:36 | 000,028,272 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2017.05.13 15:55:18 | 004,970,688 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017.05.13 14:45:27 | 000,000,890 | ---- | M] () -- C:\Users\Asus\Desktop\Windows 10 Manager.lnk
[2017.05.13 14:45:27 | 000,000,880 | ---- | M] () -- C:\Users\Asus\Desktop\1-Click Cleaner.lnk
[2017.05.13 14:42:02 | 000,001,743 | ---- | M] () -- C:\Users\Asus\Desktop\CrystalDiskInfo.lnk
[2017.05.13 13:31:07 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2017.05.13 09:44:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Asus\Desktop\HijackThis.exe
[2017.04.28 15:28:02 | 000,001,561 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Singleplayer.lnk
[2017.04.28 15:28:02 | 000,001,561 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
[2017.04.28 15:27:31 | 000,000,282 | ---- | M] () -- C:\WINDOWS\game.ini
[2017.04.28 00:15:36 | 000,097,542 | ---- | M] () -- C:\Users\Asus\Desktop\i_love_russia_by_ariyan_iran-d9c15s6.jpg
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017.05.14 13:59:01 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2017.05.14 13:38:24 | 003,161,267 | ---- | C] () -- C:\WINDOWS\ZAM_Guard.krnl.trace
[2017.05.14 13:38:24 | 003,080,430 | ---- | C] () -- C:\WINDOWS\ZAM.krnl.trace
[2017.05.14 13:38:18 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.05.14 13:36:26 | 001,309,184 | ---- | C] () -- C:\Users\Asus\Desktop\zoek.exe
[2017.05.13 15:55:07 | 004,970,688 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017.05.13 14:45:26 | 000,000,890 | ---- | C] () -- C:\Users\Asus\Desktop\Windows 10 Manager.lnk
[2017.05.13 14:45:25 | 000,000,880 | ---- | C] () -- C:\Users\Asus\Desktop\1-Click Cleaner.lnk
[2017.05.13 14:42:02 | 000,001,743 | ---- | C] () -- C:\Users\Asus\Desktop\CrystalDiskInfo.lnk
[2017.04.28 15:28:02 | 000,001,561 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Singleplayer.lnk
[2017.04.28 15:28:02 | 000,001,561 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
[2017.04.28 15:27:31 | 000,000,282 | ---- | C] () -- C:\WINDOWS\game.ini
[2017.04.28 00:15:35 | 000,097,542 | ---- | C] () -- C:\Users\Asus\Desktop\i_love_russia_by_ariyan_iran-d9c15s6.jpg
[2016.11.25 18:52:18 | 000,221,184 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ServiceHelp.dll
[2016.11.25 17:34:20 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2016.11.25 17:31:21 | 000,015,232 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2016.11.25 17:31:21 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2016.11.25 17:31:21 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2016.11.16 00:37:16 | 000,638,976 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2016.11.16 00:37:16 | 000,235,520 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2016.09.18 20:59:37 | 001,862,000 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016.05.31 23:25:51 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2016.03.13 14:16:38 | 000,707,354 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2016.03.13 14:10:10 | 000,002,576 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2016.02.10 17:19:32 | 000,014,464 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsUpIO.sys
[2015.12.30 17:47:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SetupTemp.ini
[2015.12.16 21:26:37 | 001,949,904 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015.12.16 21:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2015.12.16 21:21:28 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015.12.16 21:07:40 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015.12.16 21:07:40 | 000,111,088 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015.12.16 21:07:38 | 001,004,032 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015.12.16 21:07:36 | 000,807,424 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015.12.16 21:07:34 | 000,198,640 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015.12.16 21:07:34 | 000,132,080 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015.10.30 09:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015.10.30 09:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015.10.30 09:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015.10.30 09:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015.10.30 09:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015.10.30 09:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015.10.30 09:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015.10.30 09:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015.10.30 09:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015.10.30 09:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015.10.30 09:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015.10.30 09:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015.10.30 09:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015.10.30 09:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015.08.22 02:54:10 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015.08.22 02:54:10 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015.07.05 00:07:05 | 000,000,424 | ---- | C] () -- C:\Users\Asus\AppData\Local\UserProducts.xml
========== ZeroAccess Check ==========
[2016.01.14 19:38:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016.09.07 07:23:32 | 006,605,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016.09.07 07:21:01 | 005,240,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.10.30 09:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015.10.30 09:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016.09.07 06:35:09 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014.11.09 00:06:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\.huntedcowcache
[2014.12.25 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\AMD
[2017.05.13 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Anvsoft
[2017.03.01 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\avidemux
[2015.01.23 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\BANDISOFT
[2017.02.06 10:53:32 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Canneverbe Limited
[2016.04.06 17:13:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite
[2015.10.26 12:22:57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Dropbox
[2017.01.06 13:34:07 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\EncryptStick
[2016.11.25 12:49:25 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\freepicturesolutions
[2016.04.06 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\InfraRecorder
[2017.04.02 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\IObit
[2014.12.19 18:04:53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\library_dir
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Mp3tag
[2017.05.06 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\MPC-HC
[2017.02.27 11:50:52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Octoshape
[2016.12.18 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PlaysTV
[2017.04.29 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Raptr
[2015.04.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Samsung
[2016.07.10 21:13:14 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Seznam.cz
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Sony
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Spotify
[2017.05.13 15:23:19 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TeamViewer
[2017.05.23 19:29:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TS3Client
[2016.07.10 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\vibranceGUI
[2017.05.13 14:44:31 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Yamicsoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NlsLexicons0009.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NlsData0009.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfreadwrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MFPlay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mantleaxl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\hsa-thunk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\dns-sd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\detoured.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\BackgroundTransferHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiuxpag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiumdva.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiumdag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiu9pag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atioglxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atimpc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atigktxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atieah32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atidxx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticfx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticalrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticaldd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticalcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiadlxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiadlxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdxc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdpcom32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl12cl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_ld32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_as32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdlvr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdhdl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdgfxinfo32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\difxapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\programy\CCleaner\CCleaner64.exe:$CmdTcID
< End of report >