VIRY.CZ

Tak dobrý, trochu jsem musela poopravit nastavení v Chromu, tady je druhý log:

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by sweety (administrator) on PC on 10-07-2015 09:11:15
Running from C:\Users\sweety\Desktop
Loaded Profiles: sweety (Available Profiles: sweety & Administrator)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sweety\Downloads\FRSTLauncher (2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PowerSkin] => c:\windows\temp\PowerSkin\PowerSkin.exe <===== ATTENTION
HKLM\...\Run: [DisableS3S4] => c:\windows\temp\DisableS3S464\sethigh.cmd <===== ATTENTION
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [30208 2014-10-29] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-07] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [StartMenu] => C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe [3359872 2015-02-09] (PS Media s.r.o.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [ShowDesktopAsRun] => C:\Users\sweety\AppData\Roaming\StartMenu\desktop.scf [81 2014-12-29] ()
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] ()
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [HCDNClient] => "C:\IQIYI Video\Common\QyKernel.exe" -shell_start
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-09-22]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-07] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... n.com&OSP=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-07] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-07] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8BB8FB53-2010-40A8-A652-6C3BAA166B04}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8BE840B6-453F-4810-BF03-1E0CC0F5AC41}: [DhcpNameServer] 40.52.1.201 40.52.1.203

FireFox:
========
FF ProfilePath: C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1033858388-2215584304-1103054407-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-07]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-07-08]

Chrome:
=======
CHR Profile: C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (gomekmidlodglbbmalcneegieacbdmki) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]
CHR Extension: (Google Wallet) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-07]

Opera:
=======
OPR Extension: (gomekmidlodglbbmalcneegieacbdmki) - C:\Users\sweety\AppData\Roaming\Opera Software\Opera Stable\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-07] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-09-22] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-07] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-07] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 09:11 - 2015-07-10 09:12 - 00019914 _____ C:\Users\sweety\Desktop\FRST.txt
2015-07-10 09:10 - 2015-07-10 09:10 - 00015327 _____ C:\Users\sweety\Desktop\LM.bat
2015-07-10 09:09 - 2015-07-10 09:10 - 00029696 _____ C:\Users\sweety\AppData\Local\MSGBOX.EXE
2015-07-10 09:08 - 2015-07-10 09:08 - 00112640 _____ (forum.viry.cz) C:\Users\sweety\Downloads\FRSTLauncher (2).exe
2015-07-10 09:06 - 2015-07-10 09:06 - 00112640 _____ (forum.viry.cz) C:\Users\sweety\Downloads\Nepotvrzeno 855854.crdownload
2015-07-10 09:02 - 2015-07-10 09:02 - 00112640 _____ (forum.viry.cz) C:\Users\sweety\Downloads\Nepotvrzeno 78642.crdownload
2015-07-10 08:55 - 2015-07-10 08:56 - 02112512 _____ (Farbar) C:\Users\sweety\Desktop\FRST64.exe
2015-07-10 08:51 - 2015-07-10 08:52 - 00000000 ____D C:\Program Files\trend micro
2015-07-10 08:48 - 2015-07-10 08:48 - 01222144 _____ C:\Users\sweety\Downloads\RSITx64.exe
2015-07-10 08:24 - 2015-07-10 08:26 - 00000250 _____ C:\Users\sweety\Downloads\DiskInfo.ini
2015-07-10 08:24 - 2015-07-10 08:24 - 00000000 ____D C:\Users\sweety\Downloads\Smart
2015-07-10 08:23 - 2012-06-15 14:08 - 01149912 _____ (Crystal Dew World) C:\Users\sweety\Downloads\DiskInfo.exe
2015-07-10 08:23 - 2012-05-27 20:28 - 00000000 ____D C:\Users\sweety\Downloads\CdiResource
2015-07-10 08:23 - 2012-01-05 07:02 - 00001268 _____ C:\Users\sweety\Downloads\COPYRIGHT.txt
2015-07-10 08:23 - 2012-01-05 07:02 - 00001122 _____ C:\Users\sweety\Downloads\COPYRIGHT-ja.txt
2015-07-10 08:21 - 2015-07-10 08:22 - 01496172 _____ C:\Users\sweety\Downloads\CrystalDiskInfo5_0_0.zip
2015-07-09 15:59 - 2015-07-09 15:59 - 00000024 _____ C:\Users\sweety\AppData\Roaming\appdataFr25.bin
2015-07-09 09:14 - 2015-07-09 09:14 - 00000000 ____D C:\Users\sweety\Downloads\Byt
2015-07-09 09:13 - 2015-07-09 09:13 - 00000000 ____D C:\Users\sweety\Downloads\Shereen
2015-07-09 07:43 - 2015-07-09 14:51 - 00007099 _____ C:\Users\sweety\Documents\MBAM.txt
2015-07-08 17:59 - 2015-07-08 18:00 - 00001870 _____ C:\Users\sweety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-07-08 11:23 - 2015-07-08 11:23 - 00000000 ____D C:\Users\sweety\AppData\Local\ESET
2015-07-08 11:15 - 2015-07-10 08:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 11:14 - 2015-07-08 11:37 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-08 11:14 - 2015-07-08 11:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 11:14 - 2015-07-08 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-08 11:14 - 2015-07-08 11:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 11:14 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-08 11:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-08 11:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-08 11:10 - 2015-07-08 11:22 - 00000000 ____D C:\AdwCleaner
2015-07-08 10:32 - 2015-07-08 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-07-08 10:27 - 2015-07-08 10:31 - 00039896 _____ C:\Users\sweety\Documents\Addition.txt
2015-07-08 10:15 - 2015-07-10 09:11 - 00000000 ____D C:\FRST
2015-07-08 09:38 - 2015-07-10 08:52 - 00000000 ____D C:\rsit
2015-07-08 09:38 - 2015-07-08 09:38 - 00000000 ____D C:\Program Files (x86)\trend micro
2015-07-07 19:58 - 2015-07-07 19:58 - 00000000 ____D C:\Users\sweety\AppData\Roaming\AVAST Software
2015-07-07 19:57 - 2015-07-07 19:57 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-07 19:57 - 2015-07-07 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-07 19:56 - 2015-07-07 19:56 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-07-07 19:56 - 2015-07-07 19:56 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-07-07 19:56 - 2015-07-07 19:56 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-07 19:56 - 2015-07-07 19:55 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-07 19:54 - 2015-07-07 19:54 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-07 19:20 - 2015-07-07 19:20 - 00000000 ____D C:\ProgramData\ESET
2015-07-07 19:20 - 2015-07-07 19:20 - 00000000 ____D C:\Program Files\ESET
2015-07-02 20:46 - 2015-07-02 20:47 - 00000000 ____D C:\ProgramData\LocalStorage
2015-07-02 20:42 - 2015-07-02 20:42 - 00000000 ____D C:\Users\sweety\.android
2015-07-02 20:41 - 2015-07-06 21:47 - 00000000 ____D C:\Users\sweety\AppData\Roaming\ppslog
2015-07-02 19:50 - 2015-07-02 19:50 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-07-02 18:50 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-02 18:50 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-02 18:50 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-02 18:50 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-07-02 18:50 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-07-02 18:50 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-07-02 18:50 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-07-02 18:49 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-07-02 18:49 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-07-02 18:49 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-07-02 18:49 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-07-02 18:49 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-07-02 18:49 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-02 18:49 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-07-02 18:49 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-07-02 18:49 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-02 18:49 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-07-02 18:49 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-07-02 18:49 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-07-02 18:49 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-07-02 18:49 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-07-02 18:49 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-02 18:49 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-07-02 18:49 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-07-02 18:49 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-07-02 18:49 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-07-02 18:49 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-07-02 18:49 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-02 18:49 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-07-02 18:49 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-07-02 18:14 - 2015-07-02 18:14 - 00003138 _____ C:\WINDOWS\System32\Tasks\{1B86ABB1-A28C-48A0-852C-6825E8569A58}
2015-07-02 16:25 - 2015-07-02 20:42 - 00000000 ____D C:\Users\sweety\AppData\Local\SysassistByHotWheel
2015-07-02 16:24 - 2015-07-08 09:13 - 00000000 ____D C:\Users\sweety\AppData\Local\Unity
2015-07-02 16:21 - 2015-07-02 16:21 - 00000000 ____D C:\Users\Public\QiYi
2015-07-02 16:14 - 2015-07-09 09:39 - 00000000 ____D C:\Program Files (x86)\49db72e9-803a-4bde-bd30-595c8b753e55
2015-07-02 16:06 - 2015-07-02 16:06 - 00000000 ____D C:\Users\sweety\AppData\Local\CrashRpt
2015-07-02 16:04 - 2015-07-02 16:04 - 00000000 ____D C:\Users\sweety\AppData\Local\Opera Software
2015-07-02 16:03 - 2015-07-02 16:03 - 00003810 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1435845708
2015-07-02 16:03 - 2015-07-02 16:03 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Opera Software
2015-07-02 16:02 - 2015-07-06 21:40 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-02 16:01 - 2015-07-02 16:01 - 00002281 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2015-07-02 16:01 - 2015-07-02 16:01 - 00002281 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2015-07-02 16:01 - 2015-07-02 16:01 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-02 16:00 - 2015-07-02 19:16 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-07-02 15:59 - 2015-07-02 19:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-02 15:57 - 2015-07-02 19:16 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Seznam.cz
2015-07-02 15:52 - 2015-07-07 17:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-02 15:47 - 2015-07-02 15:47 - 00000000 ____D C:\ProgramData\17679231924039402068
2015-07-02 15:45 - 2015-07-06 21:45 - 00000338 _____ C:\WINDOWS\Tasks\SearchHunt.job
2015-07-01 20:15 - 2015-07-01 20:15 - 00003060 _____ C:\WINDOWS\System32\Tasks\{B5847097-A385-4D84-8E2F-D82E59498F48}
2015-06-30 20:47 - 2015-07-06 13:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 20:28 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-30 20:28 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-30 20:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-30 20:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-30 20:26 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-30 20:26 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-30 20:26 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-30 20:26 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-30 20:26 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-30 20:26 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-30 20:26 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-30 20:26 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-30 20:26 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-30 20:26 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-30 20:26 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-30 20:26 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-30 20:26 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-30 20:26 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-30 20:26 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-30 20:26 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-30 20:26 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-30 20:26 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-30 20:26 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-30 20:26 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-30 20:26 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-30 20:26 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-30 20:26 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-30 20:26 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-30 20:26 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-30 20:26 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-30 20:26 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-30 20:26 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-30 20:26 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-30 20:26 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-30 20:26 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-30 20:26 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-30 20:26 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-30 20:26 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-30 20:26 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-30 20:26 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-30 20:26 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-30 20:26 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-30 20:23 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-29 09:17 - 2015-06-29 09:17 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 09:05 - 2014-12-29 10:16 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Skype
2015-07-10 09:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-10 08:52 - 2015-02-09 13:28 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 07:51 - 2015-02-09 13:28 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 18:54 - 2015-01-13 18:12 - 01585384 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-09 18:37 - 2014-09-24 18:23 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-09 18:37 - 2014-09-24 17:39 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2015-07-09 18:37 - 2014-09-24 17:39 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2015-07-09 18:34 - 2013-08-22 16:46 - 00359455 _____ C:\WINDOWS\setupact.log
2015-07-09 15:54 - 2014-09-24 09:10 - 00387996 _____ C:\WINDOWS\PFRO.log
2015-07-09 15:54 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-09 15:12 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-09 09:39 - 2012-09-22 18:26 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2015-07-08 22:47 - 2014-12-29 12:21 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1033858388-2215584304-1103054407-1001
2015-07-08 20:21 - 2015-01-13 18:25 - 00000000 ____D C:\Users\sweety
2015-07-08 20:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-08 11:24 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-08 11:21 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-07 19:54 - 2014-12-29 08:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-07 17:45 - 2014-12-28 22:44 - 00000000 ____D C:\Users\sweety\AppData\Local\VirtualStore
2015-07-06 23:24 - 2015-04-22 16:57 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2015-04-22 16:57 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 21:40 - 2015-01-13 19:14 - 00001428 _____ C:\Users\sweety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-06 21:40 - 2014-12-29 10:47 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-06 00:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-05 12:08 - 2015-04-06 15:28 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-02 20:28 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-02 20:14 - 2015-01-03 12:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-02 20:07 - 2015-01-03 12:30 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 19:49 - 2014-12-29 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 19:49 - 2013-08-22 16:44 - 00509128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-02 19:24 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-02 19:14 - 2014-12-29 09:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-02 18:24 - 2012-07-26 07:26 - 00000226 _____ C:\WINDOWS\win.ini
2015-07-02 18:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-07-02 11:00 - 2013-01-18 03:07 - 00000000 ____D C:\Users\sweety\AppData\Local\Packages
2015-07-01 19:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-30 21:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-30 19:38 - 2015-04-30 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-06-29 11:36 - 2015-01-06 18:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-29 09:11 - 2015-01-13 18:25 - 00000000 ____D C:\Users\Administrator
2015-06-29 09:11 - 2014-09-24 21:02 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-29 09:11 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-06-29 09:11 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-29 09:11 - 2012-09-22 18:30 - 00000000 ____D C:\ProgramData\P4G
2015-06-29 09:10 - 2015-04-07 13:28 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-29 09:10 - 2015-02-09 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-29 09:10 - 2014-12-29 10:51 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-29 09:10 - 2014-12-29 10:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-29 09:10 - 2014-12-29 10:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 09:10 - 2014-12-28 22:43 - 00000000 ____D C:\Users\sweety\AppData\Local\ASUS
2015-06-29 09:10 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-29 09:10 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\servicing
2015-06-29 08:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
2015-06-29 08:50 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-06-29 07:40 - 2015-04-30 19:55 - 00000000 __SHD C:\Users\sweety\AppData\Local\EmieUserList
2015-06-29 07:40 - 2015-04-30 19:55 - 00000000 __SHD C:\Users\sweety\AppData\Local\EmieSiteList
2015-06-29 07:40 - 2015-04-30 19:55 - 00000000 __SHD C:\Users\sweety\AppData\Local\EmieBrowserModeList
2015-06-22 20:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(21)
2015-06-18 09:38 - 2013-01-30 21:39 - 00000000 ____D C:\Users\sweety\Documents\VŠ
2015-06-12 22:17 - 2013-10-24 12:56 - 00000000 ____D C:\Users\sweety\Documents\Bluetooth Folder
2015-06-12 11:50 - 2015-01-16 18:35 - 00000000 ____D C:\Users\sweety\Documents\Recepty

==================== Files in the root of some directories =======

2015-07-09 15:59 - 2015-07-09 15:59 - 0000024 _____ () C:\Users\sweety\AppData\Roaming\appdataFr25.bin
2014-12-28 23:38 - 2015-01-24 22:01 - 0000380 _____ () C:\Users\sweety\AppData\Roaming\sp_data.sys
2015-01-23 19:57 - 2015-02-07 18:00 - 0005120 _____ () C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-10 09:09 - 2015-07-10 09:10 - 0029696 _____ () C:\Users\sweety\AppData\Local\MSGBOX.EXE
2012-08-04 19:37 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:37 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\sweety\AppData\Local\Temp\AutoRun.exe
C:\Users\sweety\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\sweety\AppData\Local\Temp\EAInstall.dll
C:\Users\sweety\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\sweety\AppData\Local\Temp\Harry Potter and the Order of the Phoenix_uninst.exe
C:\Users\sweety\AppData\Local\Temp\InstHelper.exe
C:\Users\sweety\AppData\Local\Temp\IQIYIsetup_l_spl004@kb005.exe
C:\Users\sweety\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\sweety\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\sweety\AppData\Local\Temp\ppstreamsetup_unfix.exe
C:\Users\sweety\AppData\Local\Temp\Quarantine.exe
C:\Users\sweety\AppData\Local\Temp\setup3.exe
C:\Users\sweety\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sweety\AppData\Local\Temp\sqlite3.dll
C:\Users\sweety\AppData\Local\Temp\StartMenu.exe
C:\Users\sweety\AppData\Local\Temp\tu17p84.exe
C:\Users\sweety\AppData\Local\Temp\Updater.exe
C:\Users\sweety\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-10 08:34

==================== End of log ============================

Nez zacnu mazat, potrebuji vedet, jaky antivir chcete pouzivat. Mate tam desny brajgl. Jsou tam stopy Avastu, Esetu, McAfee a ted jeste MBAM. V pc muze zustat jen jeden. Ktery tedy chcete?

Jj, omlouvám se, vím, že je v tom bordel. Používám Avast.

Fajn, pokuste se vsechny ostatni odinstalovat. Ja uz mezitim sepisuju skript, bude to chvilku trvat, je tam toho dost

Dobře, odinstaluju to. Musím tak za půl hodiny odejít a vrátím se k netu až zítra, takže v pohodě

Napiste mi velikost adresare plochy (C:\Users\sweety\Plocha)



Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Tady je log. Akorát nevím, jak se zjišťuje velikost adresáře plochy, velikost C mám 119 GB, ale to asi není to, co potřebujete

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by sweety at 2015-07-12 20:55:04 Run:1
Running from C:\Users\sweety\Desktop
Loaded Profiles: sweety (Available Profiles: sweety & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [PowerSkin] => c:\windows\temp\PowerSkin\PowerSkin.exe <===== ATTENTION
HKLM\...\Run: [DisableS3S4] => c:\windows\temp\DisableS3S464\sethigh.cmd <===== ATTENTION
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [ShowDesktopAsRun] => C:\Users\sweety\AppData\Roaming\StartMenu\desktop.scf [81 2014-12-29] ()
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... n.com&OSP=

FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-1033858388-2215584304-1103054407-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-07-08]

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-09-22] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09 107848]

2015-07-09 07:43 - 2015-07-09 14:51 - 00007099 _____ C:\Users\sweety\Documents\MBAM.txt
2015-07-08 11:23 - 2015-07-08 11:23 - 00000000 ____D C:\Users\sweety\AppData\Local\ESET
2015-07-08 11:15 - 2015-07-10 08:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 11:14 - 2015-07-08 11:37 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-08 11:14 - 2015-07-08 11:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 11:14 - 2015-07-08 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-08 11:14 - 2015-07-08 11:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 11:14 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-08 11:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-08 11:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-08 10:32 - 2015-07-08 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-07-07 19:20 - 2015-07-07 19:20 - 00000000 ____D C:\ProgramData\ESET
2015-07-07 19:20 - 2015-07-07 19:20 - 00000000 ____D C:\Program Files\ESET
2015-07-02 15:52 - 2015-07-07 17:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-02 15:47 - 2015-07-02 15:47 - 00000000 ____D C:\ProgramData\17679231924039402068
2015-07-02 16:14 - 2015-07-09 09:39 - 00000000 ____D C:\Program Files (x86)\49db72e9-803a-4bde-bd30-595c8b753e55

C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
C:\WINDOWS\system32\drivers\mwac.sys
C:\Windows\System32\DRIVERS\eamonm.sys
C:\Windows\system32\DRIVERS\ehdrv.sys
C:\Windows\system32\DRIVERS\epfwwfpr.sys
C:\Program Files (x86)\Malwarebytes Anti-Malware
C:\Program Files\ESET
C:\Program Files\McAfee.com
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\SearchHunt.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PowerSkin => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DisableS3S4 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => value removed successfully
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ShowDesktopAsRun => value removed successfully
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
"HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
C:\IQIYI Video\LStyle\npWebPlayer.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully

"C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird" folder move:

Could not move "C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird" folder => Scheduled to move on reboot.

ekrn => Unable to stop service.
ekrn => Service could not remove
MBAMScheduler => Service not found.
MBAMService => Service not found.
Nero BackItUp Scheduler 4.0 => Service removed successfully
eamonm => Unable to stop service.
eamonm => Service could not remove
ehdrv => Unable to stop service.
ehdrv => Service could not remove
epfwwfpr => Unable to stop service.
epfwwfpr => Service removed successfully
MBAMProtector => Service not found.
MBAMSwissArmy => Service removed successfully
MBAMWebAccessControl => Service not found.
AdobeARMservice => Service removed successfully
gupdate => Service removed successfully
SkypeUpdate => Service removed successfully
gupdatem => Service removed successfully
C:\Users\sweety\Documents\MBAM.txt => moved successfully.
C:\Users\sweety\AppData\Local\ESET => moved successfully.
"C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys" => File/Folder not found.
"C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk" => File/Folder not found.
"C:\Program Files (x86)\Malwarebytes Anti-Malware" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware" => File/Folder not found.
C:\ProgramData\Malwarebytes => moved successfully.
"C:\WINDOWS\system32\Drivers\mwac.sys" => File/Folder not found.
"C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => File/Folder not found.
"C:\WINDOWS\system32\Drivers\mbam.sys" => File/Folder not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET => moved successfully.

"C:\ProgramData\ESET" folder move:

Could not move "C:\ProgramData\ESET" folder => Scheduled to move on reboot.


"C:\Program Files\ESET" folder move:

Could not move "C:\Program Files\ESET" folder => Scheduled to move on reboot.

C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\ProgramData\17679231924039402068 => moved successfully.
C:\Program Files (x86)\49db72e9-803a-4bde-bd30-595c8b753e55 => moved successfully.
"C:\WINDOWS\system32\drivers\mbam.sys" => File/Folder not found.
"C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys" => File/Folder not found.
"C:\WINDOWS\system32\drivers\mwac.sys" => File/Folder not found.
Could not move "C:\Windows\System32\DRIVERS\eamonm.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\DRIVERS\ehdrv.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\DRIVERS\epfwwfpr.sys" => Scheduled to move on reboot.
"C:\Program Files (x86)\Malwarebytes Anti-Malware" => File/Folder not found.

"C:\Program Files\ESET" folder move:

Could not move "C:\Program Files\ESET" folder => Scheduled to move on reboot.

"C:\Program Files\McAfee.com" => File/Folder not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\tasks\SearchHunt.job => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 2.5 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-12 21:06:50)<=

"C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird" => Could not move
"C:\ProgramData\ESET" => Could not move
C:\Program Files\ESET => moved successfully
"C:\Windows\System32\DRIVERS\eamonm.sys" => Could not move
"C:\Windows\system32\DRIVERS\ehdrv.sys" => Could not move
"C:\Windows\system32\DRIVERS\epfwwfpr.sys" => Could not move
C:\Program Files\ESET => Is moved successfully

==== End of Fixlog 21:06:58 ====

Meggie píše:Akorát nevím, jak se zjišťuje velikost adresáře plochy, velikost C mám 119 GB, ale to asi není to, co potřebujete

Kliknete na Pocitac -> disk C -> Users -> sweety. V adresari sweety by mel byt adresar pojmenovany Plocha (pripadne Desktop). Na ten adresar Plocha kliknete pravym mysitkem a levym kliknete na vlastnosti. Mela by se zobrazit krom jinych veci i velikost.



Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Mimochodem, vsechno nejlepsi k svatku

Díky moc, to mě potěšilo
Ta velikost je 2,96 MB (3 111 920 bajtů)
Posílám i logy, rozdělím to do více příspěvků.

OTL logfile created on: 13. 7. 2015 18:55:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sweety\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

1,89 Gb Total Physical Memory | 0,45 Gb Available Physical Memory | 24,12% Memory free
4,14 Gb Paging File | 1,94 Gb Available in Paging File | 46,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 66,71 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
Drive D: | 157,85 Gb Total Space | 157,54 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: sweety | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/07/13 18:52:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe
PRC - [2015/07/07 19:56:58 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/07/07 19:56:03 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/07/07 05:49:05 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/06/01 21:00:40 | 000,290,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe
PRC - [2015/02/09 14:21:53 | 003,359,872 | ---- | M] (PS Media s.r.o.) -- C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe
PRC - [2014/05/27 14:58:30 | 002,139,328 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2013/04/16 18:25:30 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/08/10 18:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/08/06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/03 17:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/25 10:53:18 | 001,558,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/07/24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 12:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2015/07/07 19:56:19 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/07/07 19:56:05 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/07/07 19:56:03 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/07/07 05:49:05 | 016,285,512 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
MOD - [2015/07/07 05:49:03 | 001,281,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
MOD - [2015/07/07 05:49:02 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
MOD - [2015/06/03 11:03:54 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c8849d6fd3bee972ec451baea15949ca\UIAutomationTypes.ni.dll
MOD - [2015/05/14 18:08:42 | 012,897,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3a57545efff2de6efdcefb606e35e3e\System.Windows.Forms.ni.dll
MOD - [2015/05/14 18:07:10 | 000,967,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll
MOD - [2015/05/14 18:07:07 | 018,753,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\1683f0fd402eb83acb756d3d2c1ab331\PresentationFramework.ni.dll
MOD - [2015/05/14 18:06:29 | 011,014,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\d747b6eed1a44bfd51d76ed6af359316\PresentationCore.ni.dll
MOD - [2015/05/14 18:06:05 | 003,904,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\579202ba970d73dae32cc3a5c68af8e2\WindowsBase.ni.dll
MOD - [2015/01/20 18:26:28 | 007,787,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll
MOD - [2015/01/20 18:26:13 | 001,873,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d626184834dde3f4906aff139d4e5bbf\System.Xaml.ni.dll
MOD - [2015/01/20 17:54:43 | 001,639,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\d91798a9a9fcb450351fe8e49026a69f\System.Drawing.ni.dll
MOD - [2015/01/20 17:54:19 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e09d73263866a3b0472fd3a4d9aaccae\PresentationFramework.Aero2.ni.dll
MOD - [2015/01/20 17:48:45 | 010,069,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll
MOD - [2014/04/16 01:34:56 | 017,223,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/07/07 19:56:03 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/05/25 15:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/04/07 07:33:56 | 002,736,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2015/02/21 01:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/02/04 01:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/02/04 01:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/01/13 17:50:44 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/12/06 03:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/29 05:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/29 05:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/29 04:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/29 04:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/29 04:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/29 04:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/29 04:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/29 03:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/29 03:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/29 03:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/29 03:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/29 03:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/10/29 03:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/29 03:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/29 03:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/29 03:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/29 03:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/29 03:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/29 03:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/29 03:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/29 03:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/29 03:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/29 03:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/10/29 03:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/29 02:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/10/29 02:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/29 02:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/29 02:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2012/08/14 12:03:42 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2015/06/30 20:47:23 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/06/01 21:00:40 | 000,290,224 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/10/29 05:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/29 03:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 03:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/29 02:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/05/27 14:58:30 | 002,139,328 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/08/10 19:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/10 18:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/07/07 19:56:58 | 000,442,264 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2015/07/07 19:56:20 | 000,272,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/07/07 19:56:20 | 000,137,288 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/07/07 19:56:20 | 000,093,528 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/07/07 19:56:20 | 000,089,944 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/07/07 19:56:20 | 000,065,736 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/07/07 19:56:20 | 000,029,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/07/07 19:55:57 | 001,047,320 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/06/01 21:00:18 | 005,384,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2015/04/16 08:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/03/20 03:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/03/17 19:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/03/13 06:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/09 04:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/03/04 12:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/02/04 01:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/02/04 01:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/02/04 01:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/01/13 17:53:08 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/01/13 17:53:08 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/29 05:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/29 05:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/29 05:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/29 05:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/29 04:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/29 04:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/29 04:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/29 04:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/29 04:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 10:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/07 08:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 08:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/09/24 18:58:54 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 18:31:52 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 18:31:35 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 18:31:33 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/09/24 18:31:33 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 18:31:33 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 18:31:33 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 17:59:40 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/08/15 02:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/01/28 16:32:18 | 000,593,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/08/22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 13:40:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/08/22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 16:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/06/18 16:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2013/04/16 18:25:46 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/08/14 12:03:34 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/08/10 19:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 19:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 19:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 19:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 19:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 19:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 19:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/08/02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/24 05:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/05/31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.ptid: "obw"
FF - prefs.js..browser.search.searchengine.uid: "ST320LT020-9YG142_W0Q57LEXXXXXW0Q57LEX"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\IQIYI Video\LStyle\npclient.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer: C:\IQIYI Video\LStyle\npWebPlayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/07/07 19:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2014/12/29 10:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\Mozilla\Extensions
[2015/07/08 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default\extensions
[2015/06/30 20:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/06/30 20:47:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\18132.19.8_0\
CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_1\

O1 HOSTS File: ([2015/07/12 20:58:06 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [AuditSHD] C:\Windows\SysNative\oobe\AuditShD.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-1033858388-2215584304-1103054407-1001..\Run: [HCDNClient] "C:\IQIYI Video\Common\QyKernel.exe" -shell_start File not found
O4 - HKU\S-1-5-21-1033858388-2215584304-1103054407-1001..\Run: [StartMenu] C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe (PS Media s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BB8FB53-2010-40A8-A652-6C3BAA166B04}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BE840B6-453F-4810-BF03-1E0CC0F5AC41}: DhcpNameServer = 40.52.1.201 40.52.1.203
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015/07/13 18:52:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe
[2015/07/12 21:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2015/07/10 08:55:28 | 002,133,504 | ---- | C] (Farbar) -- C:\Users\sweety\Desktop\FRST64.exe
[2015/07/10 08:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015/07/08 11:10:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/07/08 10:15:57 | 000,000,000 | ---D | C] -- C:\FRST
[2015/07/08 09:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2015/07/08 09:38:41 | 000,000,000 | ---D | C] -- C:\rsit
[2015/07/07 19:58:52 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Roaming\AVAST Software
[2015/07/07 19:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/07/07 19:56:25 | 001,047,320 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2015/07/07 19:56:25 | 000,442,264 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2015/07/07 19:56:25 | 000,137,288 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2015/07/07 19:56:25 | 000,093,528 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2015/07/07 19:56:25 | 000,089,944 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2015/07/07 19:56:23 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\aswBoot.exe
[2015/07/07 19:56:05 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\WINDOWS\avastSS.scr
[2015/07/07 19:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/07/02 20:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalStorage
[2015/07/02 20:42:38 | 000,000,000 | ---D | C] -- C:\Users\sweety\.android
[2015/07/02 20:41:52 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Roaming\ppslog
[2015/07/02 18:50:04 | 002,483,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2015/07/02 18:50:03 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2015/07/02 18:50:02 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2015/07/02 18:50:02 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2015/07/02 18:50:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2015/07/02 18:50:01 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll
[2015/07/02 18:49:59 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastapi.dll
[2015/07/02 18:49:58 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastapi.dll
[2015/07/02 18:49:56 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rgb9rast.dll
[2015/07/02 18:49:53 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2015/07/02 18:49:53 | 001,018,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2015/07/02 18:49:50 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authz.dll
[2015/07/02 18:49:48 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2015/07/02 18:49:47 | 003,633,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2015/07/02 18:49:47 | 002,749,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2015/07/02 18:49:47 | 002,551,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2015/07/02 18:49:47 | 001,920,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2015/07/02 18:49:47 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2015/07/02 18:49:46 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2015/07/02 18:49:46 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssvp.dll
[2015/07/02 18:49:46 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2015/07/02 18:49:46 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2015/07/02 18:49:46 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll
[2015/07/02 18:49:45 | 001,430,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/07/02 18:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll
[2015/07/02 16:25:55 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\SysassistByHotWheel
[2015/07/02 16:24:43 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\Unity
[2015/07/02 16:06:05 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\CrashRpt
[2015/07/02 16:04:27 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\Opera Software
[2015/07/02 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Roaming\Opera Software
[2015/07/02 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\baidu
[2015/07/02 16:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seznam.cz
[2015/07/02 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2015/07/02 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Roaming\Seznam.cz
[2015/06/30 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/06/30 20:28:05 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2015/06/30 20:26:56 | 006,026,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/06/30 20:26:38 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2015/06/30 20:26:35 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/06/30 20:26:32 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/06/30 20:26:31 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/06/30 20:26:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2015/06/30 20:26:29 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/06/30 20:26:29 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2015/06/30 20:26:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/06/30 20:26:28 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/06/30 20:26:25 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/06/30 20:26:25 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/06/30 20:26:24 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2015/06/30 20:26:22 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/06/30 20:26:16 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015/06/30 20:26:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/06/30 20:26:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2015/06/30 20:26:09 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/06/30 20:26:08 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/06/30 20:26:06 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/06/30 20:00:13 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Microsoft
[1 C:\Users\sweety\Documents\*.tmp files -> C:\Users\sweety\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/07/13 19:08:00 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015/07/13 18:52:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe
[2015/07/13 18:46:51 | 001,745,984 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/07/13 18:46:51 | 000,739,924 | ---- | M] () -- C:\WINDOWS\SysNative\perfh005.dat
[2015/07/13 18:46:51 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/07/13 18:46:51 | 000,151,610 | ---- | M] () -- C:\WINDOWS\SysNative\perfc005.dat
[2015/07/13 18:46:51 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/07/13 12:39:39 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/07/13 12:37:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/07/13 12:37:35 | 1620,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/12 21:06:34 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/07/12 20:58:06 | 000,000,035 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2015/07/12 20:54:17 | 002,133,504 | ---- | M] (Farbar) -- C:\Users\sweety\Desktop\FRST64.exe
[2015/07/12 19:39:21 | 000,000,024 | ---- | M] () -- C:\Users\sweety\AppData\Roaming\appdataFr25.bin
[2015/07/10 09:10:38 | 000,029,696 | ---- | M] () -- C:\Users\sweety\AppData\Local\MSGBOX.EXE
[2015/07/07 19:57:14 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/07/07 19:56:58 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2015/07/07 19:56:20 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\aswBoot.exe
[2015/07/07 19:56:20 | 000,272,248 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2015/07/07 19:56:20 | 000,137,288 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2015/07/07 19:56:20 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2015/07/07 19:56:20 | 000,089,944 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2015/07/07 19:56:20 | 000,065,736 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2015/07/07 19:56:20 | 000,029,168 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2015/07/07 19:56:05 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\avastSS.scr
[2015/07/07 19:55:57 | 001,047,320 | ---- | M] (Avast Software s.r.o.) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys
[2015/07/06 23:24:13 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/07/06 23:24:13 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/07/02 19:49:49 | 000,509,128 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[1 C:\Users\sweety\Documents\*.tmp files -> C:\Users\sweety\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/07/13 19:08:00 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/07/10 09:09:26 | 000,029,696 | ---- | C] () -- C:\Users\sweety\AppData\Local\MSGBOX.EXE
[2015/07/09 15:59:30 | 000,000,024 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\appdataFr25.bin
[2015/07/08 17:59:45 | 000,001,870 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
[2015/07/07 19:57:14 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/07/07 19:56:25 | 000,272,248 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2015/07/07 19:56:25 | 000,065,736 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2015/07/07 19:56:25 | 000,029,168 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2015/07/02 19:50:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/07/02 18:50:05 | 000,410,336 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/07/02 16:02:26 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2015/06/01 21:00:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2015/03/12 20:39:18 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/03/12 20:35:10 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/01/23 19:57:45 | 000,005,120 | ---- | C] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/29 20:22:26 | 000,000,501 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2014/12/28 23:38:46 | 000,000,380 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\sp_data.sys
[2014/09/24 18:32:09 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/05/25 19:37:26 | 000,004,288 | ---- | C] () -- C:\Users\sweety\.recently-used.xbel
[2014/01/30 00:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2014/01/30 00:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2013/08/22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/08/04 19:37:02 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 19:37:02 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd

========== ZeroAccess Check ==========

[2015/07/07 19:44:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 19:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 19:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 03:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 02:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 03:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/04 19:37:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS WebStorage
[2014/12/28 23:40:12 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\ASUS WebStorage
[2015/07/07 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\AVAST Software
[2014/12/29 13:58:04 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\OpenOffice
[2015/07/02 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Opera Software
[2015/07/06 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\ppslog
[2015/07/02 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Seznam.cz
[2015/02/09 14:22:20 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\StartMenu

========== Purity Check ==========



========== Custom Scans ==========

< >
[2013/08/22 16:45:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

< >

< MD5 for: AGP440.SYS >
[2013/08/22 14:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) MD5=7DFAEBA9AD62D20102B576D5CAC45EC8 -- C:\WINDOWS\SysNative\drivers\AGP440.sys
[2013/08/22 14:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) MD5=7DFAEBA9AD62D20102B576D5CAC45EC8 -- C:\WINDOWS\SysNative\DriverStore\FileRepository\machine.inf_amd64_36be84f8fc597ea3\AGP440.sys
[2013/08/22 14:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) MD5=7DFAEBA9AD62D20102B576D5CAC45EC8 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.3.9600.17238_none_ab0b455c927bd60f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2013/08/22 14:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\WINDOWS\SysNative\drivers\atapi.sys
[2013/08/22 14:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\WINDOWS\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_64aa4354da84c2df\atapi.sys
[2013/08/22 14:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.3.9600.16384_none_cdf68824f580d510\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2014/09/24 18:32:13 | 000,792,576 | ---- | M] (Microsoft Corporation) MD5=1D31E78ED5C40B5C6CC8D3DE713177A5 -- C:\Windows\SysWOW64\autochk.exe
[2014/09/24 18:32:13 | 000,792,576 | ---- | M] (Microsoft Corporation) MD5=1D31E78ED5C40B5C6CC8D3DE713177A5 -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.3.9600.17031_none_76c6a414dd35029f\autochk.exe
[2014/09/24 18:31:50 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=387A1E98BE548E4F199343CBA01E9D6D -- C:\WINDOWS\SysNative\autochk.exe
[2014/09/24 18:31:50 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=387A1E98BE548E4F199343CBA01E9D6D -- C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.3.9600.17031_none_d2e53f98959273d5\autochk.exe

< MD5 for: CDROM.SYS >
[2013/08/22 10:46:35 | 000,164,352 | ---- | M] (Microsoft Corporation) MD5=C6796EA22B513E3457514D92DCDB1A3D -- C:\WINDOWS\SysNative\drivers\cdrom.sys
[2013/08/22 10:46:35 | 000,164,352 | ---- | M] (Microsoft Corporation) MD5=C6796EA22B513E3457514D92DCDB1A3D -- C:\WINDOWS\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_42e9c29f0affc440\cdrom.sys
[2013/08/22 10:46:35 | 000,164,352 | ---- | M] (Microsoft Corporation) MD5=C6796EA22B513E3457514D92DCDB1A3D -- C:\Windows\WinSxS\amd64_cdrom.inf_31bf3856ad364e35_6.3.9600.16384_none_5067bbed77be70be\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2015/03/15 16:40:47 | 000,018,016 | ---- | M] () MD5=14E1348B6D5DD39C23C2F8FE569B52E0 -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.3.9600.16384_none_66bdf96f6ec6545d\cryptsvc.dll
[2014/10/29 03:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) MD5=6324F0D18FB52833BA64BC828E29054C -- C:\WINDOWS\SysNative\cryptsvc.dll
[2014/10/29 03:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) MD5=6324F0D18FB52833BA64BC828E29054C -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.3.9600.17415_none_670a944b6e8cc0e5\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2015/03/15 16:52:14 | 000,087,190 | ---- | M] () MD5=1BF154F7BFAE2B9E0545FB09946C1817 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_42bfa1f94d79e1bb\explorer.exe
[2015/03/15 16:52:09 | 000,396,313 | ---- | M] () MD5=426AEABD8DD389A65A8EE92AB5936153 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2015/03/16 11:13:15 | 000,107,122 | ---- | M] () MD5=52063502D4A2E28FEBEA781D0EE5C453 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_4d144c4b81daa3b6\explorer.exe
[2015/01/28 01:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\SysWOW64\explorer.exe
[2015/01/28 01:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_4ce0410f82015c67\explorer.exe
[2015/01/21 21:22:30 | 000,219,647 | ---- | M] () MD5=B75E9C8434D53F8C187D352FA7F692D4 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17249_none_4cf7d9e381ef6297\explorer.exe
[2015/01/28 01:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\explorer.exe
[2015/01/28 01:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_428b96bd4da09a6c\explorer.exe
[2015/01/20 13:42:59 | 000,270,403 | ---- | M] () MD5=C20A0C44E241606430009E7F126A1125 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17249_none_42a32f914d8ea09c\explorer.exe
[2015/03/16 11:13:08 | 000,338,943 | ---- | M] () MD5=E4FD740C3316F1D1C8322471553466C7 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe

< MD5 for: HAL.DLL >
[2014/06/02 04:10:31 | 000,423,768 | ---- | M] (Microsoft Corporation) MD5=08DCA300264238F9AE941302321F3D54 -- C:\WINDOWS\SysNative\hal.dll
[2014/06/02 04:10:31 | 000,423,768 | ---- | M] (Microsoft Corporation) MD5=08DCA300264238F9AE941302321F3D54 -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.3.9600.17196_none_9bde68c32da7abbb\hal.dll
[2015/01/20 13:45:26 | 000,024,467 | ---- | M] () MD5=2635F50EAF3E1B4A8D32B21E1203E130 -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.3.9600.17031_none_9c1a44f32d7b883b\hal.dll

< MD5 for: IASTORV.SYS >
[2013/08/22 14:43:45 | 000,412,000 | ---- | M] (Intel Corporation) MD5=A2200C3033FA4EF249FC096A7A7D02A2 -- C:\WINDOWS\SysNative\drivers\iaStorV.sys
[2013/08/22 14:43:45 | 000,412,000 | ---- | M] (Intel Corporation) MD5=A2200C3033FA4EF249FC096A7A7D02A2 -- C:\WINDOWS\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_5069105fb236ae4b\iaStorV.sys
[2013/08/22 14:43:45 | 000,412,000 | ---- | M] (Intel Corporation) MD5=A2200C3033FA4EF249FC096A7A7D02A2 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.3.9600.16384_none_9fcfb2835bbf0103\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2013/08/22 14:43:45 | 000,021,856 | ---- | M] (Microsoft Corporation) MD5=8AFEEA3955AA43616A60F133B1D25F21 -- C:\WINDOWS\SysNative\drivers\isapnp.sys
[2013/08/22 14:43:45 | 000,021,856 | ---- | M] (Microsoft Corporation) MD5=8AFEEA3955AA43616A60F133B1D25F21 -- C:\WINDOWS\SysNative\DriverStore\FileRepository\machine.inf_amd64_36be84f8fc597ea3\isapnp.sys
[2013/08/22 14:43:45 | 000,021,856 | ---- | M] (Microsoft Corporation) MD5=8AFEEA3955AA43616A60F133B1D25F21 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.3.9600.17238_none_ab0b455c927bd60f\isapnp.sys

< MD5 for: LSASS.EXE >
[2014/10/29 05:51:48 | 000,047,024 | ---- | M] (Microsoft Corporation) MD5=382100E75B6F4668AEAEF228C6CEFFAD -- C:\WINDOWS\SysNative\lsass.exe
[2014/10/29 05:51:48 | 000,047,024 | ---- | M] (Microsoft Corporation) MD5=382100E75B6F4668AEAEF228C6CEFFAD -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.3.9600.17415_none_2e769c84660bda1b\lsass.exe
[2015/03/15 17:04:18 | 000,008,089 | ---- | M] () MD5=3FFB8CD649DEDA6497FD97550BE82357 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.3.9600.16408_none_2e8484166600f08e\lsass.exe

< MD5 for: NDIS.SYS >
[2015/02/05 22:24:44 | 001,113,920 | ---- | M] (Microsoft Corporation) MD5=6D3A2565E01B3E4B0F1BEDB0D4B00B3F -- C:\WINDOWS\SysNative\drivers\ndis.sys
[2015/02/05 22:24:44 | 001,113,920 | ---- | M] (Microsoft Corporation) MD5=6D3A2565E01B3E4B0F1BEDB0D4B00B3F -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17673_none_4a1d9ccbfbfbedff\ndis.sys
[2015/03/15 17:18:17 | 000,080,695 | ---- | M] () MD5=9C48968B0344AD63559D0D080DA66103 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17399_none_4a0df8fdfc06c676\ndis.sys
[2015/03/15 17:18:15 | 000,164,370 | ---- | M] () MD5=ED85CDFC3CB84F6619D2AF6D6E736BC1 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17199_none_4a0df531fc06cc28\ndis.sys

< MD5 for: NETLOGON.DLL >
[2014/10/29 03:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\WINDOWS\SysNative\netlogon.dll
[2014/10/29 03:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_eec2b22a0bb75b53\netlogon.dll
[2015/03/15 17:37:33 | 000,125,384 | ---- | M] () MD5=45C2C2EA335BD7FF360C7F006B915766 -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_ee9e39a60bd3552e\netlogon.dll
[2015/03/16 11:28:52 | 000,105,907 | ---- | M] () MD5=B25E2DE4078511EB1747FA0BDB6E4FC5 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_f8f2e3f840341729\netlogon.dll
[2014/10/29 03:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\SysWOW64\netlogon.dll
[2014/10/29 03:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_f9175c7c40181d4e\netlogon.dll

< MD5 for: NVRAID.SYS >
[2013/08/22 14:43:31 | 000,150,368 | ---- | M] (NVIDIA Corporation) MD5=BC6B5942AFF25EBAF62DE43C3807EDF8 -- C:\WINDOWS\SysNative\drivers\nvraid.sys
[2013/08/22 14:43:31 | 000,150,368 | ---- | M] (NVIDIA Corporation) MD5=BC6B5942AFF25EBAF62DE43C3807EDF8 -- C:\WINDOWS\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvraid.sys
[2013/08/22 14:43:31 | 000,150,368 | ---- | M] (NVIDIA Corporation) MD5=BC6B5942AFF25EBAF62DE43C3807EDF8 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.3.9600.16384_none_2a99233292f5aadb\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2013/08/22 14:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\WINDOWS\SysNative\drivers\nvstor.sys
[2013/08/22 14:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\WINDOWS\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2013/08/22 14:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.3.9600.16384_none_2a99233292f5aadb\nvstor.sys

< MD5 for: SCECLI.DLL >
[2015/03/16 11:28:00 | 000,042,572 | ---- | M] () MD5=22CDB04B964A8D34C42BB7ED150784F8 -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.16384_none_3320ecb8e1733781\scecli.dll
[2015/03/15 17:35:45 | 000,045,911 | ---- | M] () MD5=878EBE290BED3EE6AC21BF4EE1458F67 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.16384_none_28cc4266ad127586\scecli.dll
[2014/10/29 03:23:16 | 000,274,944 | ---- | M] (Microsoft Corporation) MD5=9A475B8F19A15BFDE8DF84E40ECAE8AA -- C:\WINDOWS\SysNative\scecli.dll
[2014/10/29 03:23:16 | 000,274,944 | ---- | M] (Microsoft Corporation) MD5=9A475B8F19A15BFDE8DF84E40ECAE8AA -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.17415_none_2918dd42acd8e20e\scecli.dll
[2014/10/29 03:01:41 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=FB740FE549197E7B08021EF30327921D -- C:\Windows\SysWOW64\scecli.dll
[2014/10/29 03:01:41 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=FB740FE549197E7B08021EF30327921D -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.17415_none_336d8794e139a409\scecli.dll

< MD5 for: SMSS.EXE >
[2014/09/24 18:31:35 | 000,142,576 | ---- | M] (Microsoft Corporation) MD5=D8564418BAC13776E43DB5F6B4FA775E -- C:\WINDOWS\SysNative\smss.exe
[2014/09/24 18:31:35 | 000,142,576 | ---- | M] (Microsoft Corporation) MD5=D8564418BAC13776E43DB5F6B4FA775E -- C:\Windows\WinSxS\amd64_microsoft-windows-smss-minwin_31bf3856ad364e35_6.3.9600.17031_none_6f522891bc9cbe45\smss.exe

< MD5 for: SVCHOST.EXE >
[2015/03/16 12:17:27 | 000,007,517 | ---- | M] () MD5=73AA583D4FB0F05C313B38C091D94804 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2015/03/15 17:38:12 | 000,007,559 | ---- | M] () MD5=CFE97816CBBEF783FD8634109F1877D2 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe
[2014/10/29 05:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\SysWOW64\svchost.exe
[2014/10/29 05:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_4aa7b90420adbfab\svchost.exe
[2014/10/29 06:11:20 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\WINDOWS\SysNative\svchost.exe
[2014/10/29 06:11:20 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_a6c65487d90b30e1\svchost.exe

< MD5 for: TCPIP.SYS >
[2015/01/21 20:17:38 | 000,448,879 | ---- | M] () MD5=36778C2B390B4142867DCD12BBB71416 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17136_none_a41467f93a330db6\tcpip.sys
[2014/10/29 05:52:15 | 002,485,056 | ---- | M] (Microsoft Corporation) MD5=468273F7089A3A33D149955F0F203FA4 -- C:\WINDOWS\SysNative\drivers\tcpip.sys
[2014/10/29 05:52:15 | 002,485,056 | ---- | M] (Microsoft Corporation) MD5=468273F7089A3A33D149955F0F203FA4 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17415_none_a4290d393a23b3f2\tcpip.sys
[2015/01/21 20:17:45 | 000,447,132 | ---- | M] () MD5=B4928ED9B47948E7D4C22D3B0916FCC4 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17238_none_a4166a733a313d8b\tcpip.sys
[2015/03/16 10:41:40 | 000,409,864 | ---- | M] () MD5=D0C41590A1BCB4C0BD592D8AB976FE2F -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17336_none_a4146bc53a330804\tcpip.sys
[2015/01/21 20:17:51 | 000,241,540 | ---- | M] () MD5=E7D9CAEE2A6C4007CB85632A13D4EEF3 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.3.9600.17278_none_a3eb2ac33a51ad4f\tcpip.sys

< MD5 for: USERINIT.EXE >
[2015/03/16 10:45:11 | 000,002,671 | ---- | M] () MD5=061AC3BD7ADC5DCBA6AC0F23895266F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2015/03/16 12:23:58 | 000,004,269 | ---- | M] () MD5=1AE98168631581DE1343C3A87A6CBCA9 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe
[2014/10/29 03:28:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\WINDOWS\SysNative\userinit.exe
[2014/10/29 03:28:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_cd33b4fca56d6b07\userinit.exe
[2014/10/29 03:05:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\SysWOW64\userinit.exe
[2014/10/29 03:05:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_71151978ed0ff9d1\userinit.exe

< MD5 for: WINLOGON.EXE >
[2015/03/16 10:50:10 | 000,100,951 | ---- | M] () MD5=A176623494AF009927242266EF51DCFB -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b45365a8c2ccdb\winlogon.exe
[2014/10/29 03:22:52 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/10/29 03:22:52 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_60cdfbfda8aeeef1\winlogon.exe

< MD5 for: WS2_32.DLL >
[2014/10/29 05:05:15 | 000,321,248 | ---- | M] (Microsoft Corporation) MD5=34E71A52A1BFA68411CAECCFB6D72F8C -- C:\Windows\SysWOW64\ws2_32.dll
[2014/10/29 05:05:15 | 000,321,248 | ---- | M] (Microsoft Corporation) MD5=34E71A52A1BFA68411CAECCFB6D72F8C -- C:\Windows\WinSxS\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.3.9600.17415_none_87a41025e9b6078a\ws2_32.dll
[2014/10/29 05:51:53 | 000,363,080 | ---- | M] (Microsoft Corporation) MD5=3A0B3B44C263DB1823360FF3E5C223CE -- C:\WINDOWS\SysNative\ws2_32.dll
[2014/10/29 05:51:53 | 000,363,080 | ---- | M] (Microsoft Corporation) MD5=3A0B3B44C263DB1823360FF3E5C223CE -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.3.9600.17415_none_e3c2aba9a21378c0\ws2_32.dll
[2015/03/16 12:24:56 | 000,062,052 | ---- | M] () MD5=58D09EFD883813FC9709A9D98A7209DF -- C:\Windows\WinSxS\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.3.9600.16384_none_87577549e9ef9b02\ws2_32.dll
[2015/03/16 10:47:15 | 000,065,749 | ---- | M] () MD5=F77C96590EA4741EB62B0FBC7A9FFFE8 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.3.9600.16384_none_e37610cda24d0c38\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\25fb187813b8c2cbe82f0e9ffac7b4cd\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\25fb187813b8c2cbe82f0e9ffac7b4cd\*.tmp -> ]
[6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015/07/12 15:10:03 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Adobe
[2014/12/28 23:40:12 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\ASUS WebStorage
[2015/05/12 10:46:37 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Atheros
[2015/07/07 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\AVAST Software
[2014/12/29 16:21:10 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\CyberLink
[2015/01/13 19:14:14 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Identities
[2014/12/28 23:47:41 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Macromedia
[2015/07/08 18:01:06 | 000,000,000 | --SD | M] -- C:\Users\sweety\AppData\Roaming\Microsoft
[2014/12/29 10:48:06 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Mozilla
[2015/04/30 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Nero
[2014/12/29 13:58:04 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\OpenOffice
[2015/07/02 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Opera Software
[2015/07/06 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\ppslog
[2015/07/02 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Seznam.cz
[2015/07/12 20:41:05 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\Skype
[2015/02/09 14:22:20 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\StartMenu
[2015/01/04 22:43:58 | 000,000,000 | ---D | M] -- C:\Users\sweety\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012/09/29 22:00:36 | 000,381,600 | ---- | M] () -- C:\Users\sweety\AppData\Roaming\StartMenu\DesktopAsRun.exe
[2015/02/09 14:21:53 | 003,359,872 | ---- | M] (PS Media s.r.o.) -- C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe
[2014/12/29 10:28:46 | 000,720,365 | ---- | M] () -- C:\Users\sweety\AppData\Roaming\StartMenu\unins000.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015/07/13 12:40:15 | 000,000,018 | ---- | M] () -- C:\WINDOWS\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"StartMenu" = C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe -- [2015/02/09 14:21:53 | 003,359,872 | ---- | M] (PS Media s.r.o.)
"HCDNClient" = "C:\IQIYI Video\Common\QyKernel.exe" -shell_start

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015/07/13 19:08:00 | 000,000,512 | ---- | M] () MD5=4B413A0C275F8209523F6C9C90C2AEF5 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2015/01/16 18:28:06 | 000,023,487 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe\Assets\Episode1\Data\Scenes\Canyon\WallCrackZoom.xml
[2015/01/16 18:28:06 | 000,079,559 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe\Assets\Episode2\Data\Scenes\CrackedWall\CrackedWall.xml
[2015/01/16 18:28:07 | 000,005,094 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe\Assets\Episode3\Data\Scenes\StoneCocoonChamber\FloorCrackZoom.xml

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2015/04/29 06:33:17 | 000,002,534 | ---- | M] () -- \AdwCleaner\Quarantine\C\IQIYI Video\Common\Medialoader.swf.vir
[2015/04/29 06:37:29 | 000,293,312 | ---- | M] () -- \AdwCleaner\Quarantine\C\IQIYI Video\LStyle\Downloader.dll.vir
[2014/12/29 10:06:02 | 000,019,765 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\configLoader.js.vir
[2014/12/29 10:06:06 | 000,002,597 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\scriptLoader.js.vir
[2015/07/06 21:58:02 | 003,438,741 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\sweety\AppData\Roaming\IQIYI Video\PStyle\UploaderSetup\IQIYIUploader.exe_0.vir
[2015/07/06 21:58:04 | 003,438,741 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\sweety\AppData\Roaming\IQIYI Video\PStyle\UploaderSetup\IQIYIUploader.exe_1.vir
[2015/07/06 21:58:59 | 000,066,560 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\sweety\AppData\Roaming\IQIYI Video\PStyle\UploaderSetup\IQIYIUploader.exe_2.vir
[2013/04/16 18:25:34 | 000,171,832 | ---- | M] () -- \Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
[2013/04/16 18:25:30 | 000,170,808 | ---- | M] () -- \Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
[2014/09/03 01:27:24 | 000,268,432 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2014/09/03 01:27:24 | 000,019,096 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014/05/27 16:15:42 | 000,597,278 | ---- | M] () -- \Program Files (x86)\Comodo\Dragon\extensions\media_downloader.crx
[2012/05/30 21:55:22 | 000,010,781 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2012/05/30 21:55:28 | 000,003,492 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\widget\langloader.kc
[2012/05/30 21:55:28 | 000,013,453 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\widget\layoutloader.kc
[2011/05/05 16:35:06 | 000,010,775 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2011/05/05 16:35:08 | 000,003,567 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cox\widget\langloader.kc
[2011/05/05 16:35:08 | 000,013,369 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cox\widget\layoutloader.kc
[2014/07/29 14:34:32 | 000,029,696 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\javaloader.uno.dll
[2014/08/13 10:30:44 | 000,005,813 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\pythonloader.py
[2014/07/29 14:34:34 | 000,020,992 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\pythonloader.uno.dll
[2014/08/13 11:09:38 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\pythonloader.uno.ini
[2014/08/13 10:11:40 | 000,003,868 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\classes\unoloader.jar
[2014/07/29 10:07:24 | 000,013,501 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\lib\unittest\loader.py
[2015/07/07 19:56:02 | 000,072,440 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2015/07/07 19:56:02 | 000,085,336 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2014/09/03 01:27:24 | 000,364,176 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014/09/03 01:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2015/01/06 20:07:17 | 000,017,128 | ---- | M] () -- \Program Files\Microsoft Office 15\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.CLRLoader\15.0.0.0__71E9BCE111E9429C\Microsoft.Office.Infopath.CLRLoader.dll
[2014/09/24 18:04:50 | 000,000,856 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.322_x64__8wekyb3d8bbwe\js\HtmlFileLoader.js
[2015/01/15 13:39:15 | 000,001,290 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\ApplicationLoader.xbf
[2015/01/15 13:39:42 | 000,038,912 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll
[2015/01/15 13:39:43 | 000,002,560 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.winmd
[2015/01/15 13:39:44 | 000,032,768 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.DDSLoader.dll
[2015/01/15 13:39:44 | 000,002,560 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.DDSLoader.winmd
[2015/01/15 13:41:27 | 000,004,686 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\MvvmStructure\View\Controls\PreloaderControl.xbf
[2015/01/15 13:39:42 | 000,038,912 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll
[2015/01/15 13:39:43 | 000,002,560 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.winmd
[2015/01/15 13:39:44 | 000,032,768 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.DDSLoader.dll
[2015/01/15 13:39:44 | 000,002,560 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.DDSLoader.winmd
[2015/01/15 16:11:20 | 000,011,287 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Controls\PreloaderPage.xbf
[2015/01/15 16:11:25 | 000,001,262 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Pages\LoaderPage.xbf
[2015/06/29 16:40:16 | 000,001,160 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\modernpeople\appframe\backgroundloader.js
[2015/06/29 16:40:18 | 000,004,996 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\modernshareanything\sharedataloader.js
[2015/06/29 16:40:18 | 000,002,125 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\modernsharetarget\sharemaildataloader.js
[2014/09/24 18:07:17 | 000,043,128 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2015/05/13 14:57:28 | 000,072,638 | ---- | M] () -- \Users\sweety\AppData\Local\Skype\Apps\login\images\loader.gif
[2015/05/13 14:57:28 | 000,003,032 | ---- | M] () -- \Users\sweety\AppData\Local\Skype\Apps\login\images\loader.png
[2015/05/13 14:57:28 | 000,006,012 | ---- | M] () -- \Users\sweety\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015/05/13 14:57:28 | 000,021,956 | ---- | M] () -- \Users\sweety\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015/05/13 14:57:28 | 000,009,772 | ---- | M] () -- \Users\sweety\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2015/01/21 22:46:49 | 000,103,936 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O29577370#\677c0a3d3d70025584ab0470fe6e345d\Microsoft.Office.InfoPath.CLRLoader.ni.dll
[2015/01/21 22:46:49 | 000,000,696 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O29577370#\677c0a3d3d70025584ab0470fe6e345d\Microsoft.Office.InfoPath.CLRLoader.ni.dll.aux
[2015/01/13 18:27:50 | 000,017,128 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.InfoPath.CLRLoader\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.CLRLoader.dll
[2013/08/22 06:17:27 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 06:17:25 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 06:17:24 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 06:17:20 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 06:17:34 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 06:17:33 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-stringloader-l1-1-1.dll
[2014/10/29 03:51:40 | 000,041,472 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/22 15:25:39 | 000,003,584 | ---- | M] () -- \Windows\System32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 15:25:39 | 000,003,072 | ---- | M] () -- \Windows\System32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 15:25:38 | 000,002,560 | ---- | M] () -- \Windows\System32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll
[2013/08/22 06:17:27 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 06:17:25 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 06:17:24 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 06:17:20 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 06:17:34 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 06:17:33 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-stringloader-l1-1-1.dll
[2014/10/29 03:51:40 | 000,041,472 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2013/08/22 15:25:39 | 000,003,584 | ---- | M] () -- \Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 15:25:39 | 000,003,072 | ---- | M] () -- \Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 15:25:38 | 000,002,560 | ---- | M] () -- \Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll
[2014/09/24 21:22:41 | 000,592,677 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.16384_none_210fb36c397c4e2b\hvloader.efi
[2014/09/24 21:22:40 | 000,536,051 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.16384_none_210fb36c397c4e2b\hvloader.exe
[2014/09/24 21:22:46 | 000,598,463 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17031_none_2142a5b03956989d\hvloader.efi
[2014/09/24 21:22:45 | 000,542,292 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17031_none_2142a5b03956989d\hvloader.exe
[2014/09/24 21:22:51 | 000,598,454 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17039_none_214aa800394f6355\hvloader.efi
[2014/09/24 21:22:49 | 000,542,288 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.3.9600.17039_none_214aa800394f6355\hvloader.exe
[2015/03/15 16:34:20 | 000,010,089 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.16384_none_36b27bfc6399d5ce\dmloader.dll
[2014/10/29 04:34:00 | 000,050,688 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.17415_none_36ff16d863604256\dmloader.dll
[2013/08/22 15:25:37 | 000,003,584 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 15:25:37 | 000,003,072 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 15:25:36 | 000,002,560 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-stringloader-l1-1-1.dll
[2013/08/22 13:45:31 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 13:45:33 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 13:45:35 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 13:45:30 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 13:45:40 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 13:45:44 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_fb7050014fc6f9b0\api-ms-win-core-stringloader-l1-1-1.dll
[2014/09/24 18:34:14 | 000,000,465 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_cs-cz_2433c0f8d0dacafb.manifest
[2014/09/24 21:27:15 | 000,009,588 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_cs-cz_2433c0f8d0dacafb_winload.efi.mui_35ee487d
[2014/09/24 21:27:15 | 000,009,604 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_cs-cz_2433c0f8d0dacafb_winload.exe.mui_3bc5b827
[2014/09/24 21:27:15 | 000,007,885 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_cs-cz_2433c0f8d0dacafb_winresume.efi.mui_f412814e
[2014/09/24 21:27:15 | 000,007,900 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_cs-cz_2433c0f8d0dacafb_winresume.exe.mui_ff8b5358
[2014/09/24 18:42:35 | 000,000,547 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd.manifest
[2014/09/24 21:27:18 | 000,724,249 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winload.efi_75834aa0
[2014/09/24 21:27:19 | 000,660,625 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winload.exe_75835076
[2014/09/24 21:27:21 | 000,646,411 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winresume.efi_85cd069f
[2014/09/24 21:27:22 | 000,587,303 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd_winresume.exe_85cd1215
[2015/07/02 20:06:35 | 000,000,616 | ---- | M] () -- \Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2013/08/22 17:34:52 | 000,000,596 | ---- | M] () -- \Windows\WinSxS\FileMaps\programdata_microsoft_network_downloader_7fafaef6d33e4371.cdf-ms
[2014/09/24 17:37:42 | 000,000,463 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_2400ceb4d1008089.manifest
[2014/09/24 18:29:08 | 000,000,465 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.3.9600.17031_cs-cz_2433c0f8d0dacafb.manifest
[2013/08/22 17:22:38 | 000,000,542 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.16384_none_4be51a3d409de6bc.manifest
[2014/09/24 18:29:10 | 000,000,545 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17031_none_4c180c814078312e.manifest
[2014/09/24 18:39:58 | 000,000,547 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.3.9600.17238_none_4c1f12534071dcdd.manifest
[2015/03/16 11:43:47 | 000,008,359 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.16384_none_da93e078ab3c6498\dmloader.dll
[2014/10/29 03:51:40 | 000,041,472 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.3.9600.17415_none_dae07b54ab02d120\dmloader.dll
[2013/08/22 15:25:39 | 000,003,584 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 15:25:39 | 000,003,072 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 15:25:38 | 000,002,560 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-stringloader-l1-1-1.dll
[2013/08/22 06:17:27 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/22 06:17:25 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-l1-1-1.dll
[2013/08/22 06:17:24 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-l1-2-0.dll
[2013/08/22 06:17:20 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-libraryloader-private-l1-1-0.dll
[2013/08/22 06:17:34 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-stringloader-l1-1-0.dll
[2013/08/22 06:17:33 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.3.9600.16384_none_9f51b47d9769887a\api-ms-win-core-stringloader-l1-1-1.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2014/07/09 03:45:06 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2015/05/21 10:42:11 | 000,167,592 | ---- | M] () -- \Program Files\Microsoft Office 15\root\office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll
[2015/05/21 10:39:41 | 000,210,600 | ---- | M] () -- \Program Files\Microsoft Office 15\root\office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll
[2014/07/09 03:45:33 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2015/01/13 17:40:41 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013/08/17 02:06:37 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/24 00:12:42 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2015/01/13 17:40:40 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014/07/09 03:45:06 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2015/01/20 17:54:56 | 002,803,200 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll
[2015/01/20 17:54:56 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll.aux
[2015/01/20 18:36:47 | 003,529,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7261725660985a097e5b19c7f33db9e5\System.Runtime.Serialization.ni.dll
[2015/01/20 18:36:47 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7261725660985a097e5b19c7f33db9e5\System.Runtime.Serialization.ni.dll.aux
[2013/08/22 17:32:39 | 000,001,032 | ---- | M] () -- \Windows\Inf\c_multiportserial.inf
[2014/09/24 17:38:46 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/10 02:55:16 | 000,142,104 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/10 02:55:16 | 000,029,392 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/08/10 02:55:16 | 000,029,432 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2014/06/05 05:33:14 | 000,113,952 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013/08/10 02:55:16 | 000,029,896 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014/07/24 05:20:32 | 001,059,536 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/08/10 02:55:49 | 000,045,720 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/08/10 02:55:49 | 000,029,848 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014/06/24 00:12:42 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/17 02:06:37 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/07/09 03:45:07 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014/07/24 05:20:32 | 001,059,536 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/08/10 02:55:16 | 000,142,104 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/10 02:55:16 | 000,029,392 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/08/10 02:55:16 | 000,029,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/08/10 02:55:16 | 000,029,896 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/08/10 02:55:49 | 000,045,720 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/08/10 02:55:49 | 000,029,848 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2014/09/24 17:38:46 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/05 05:33:14 | 000,113,952 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2014/06/24 00:12:50 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/17 02:06:37 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014/07/09 03:45:34 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014/07/24 05:20:21 | 001,059,536 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2013/08/10 02:41:27 | 000,142,104 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/10 02:41:27 | 000,029,392 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/08/10 02:41:28 | 000,029,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/08/10 02:41:28 | 000,029,896 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/08/10 02:42:08 | 000,045,720 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2013/08/10 02:42:08 | 000,029,848 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2014/09/24 17:38:44 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/05 05:33:14 | 000,113,952 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2013/08/22 22:12:22 | 000,008,827 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~cs-CZ~6.3.9600.16384.cat
[2013/08/22 21:40:12 | 000,000,781 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~cs-CZ~6.3.9600.16384.mum
[2013/08/22 14:55:01 | 000,008,827 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat
[2013/08/22 08:47:48 | 000,000,511 | ---- | M] () -- \Windows\servicing\Packages\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~~6.3.9600.16384.mum
[2014/10/29 03:46:05 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2013/08/22 22:12:22 | 000,008,827 | ---- | M] () -- \Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~cs-CZ~6.3.9600.16384.cat
[2013/08/22 14:55:01 | 000,008,827 | ---- | M] () -- \Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Serial-UartClass-package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat
[2014/09/24 17:38:31 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2014/09/24 17:38:22 | 000,000,232 | ---- | M] () -- \Windows\System32\DriverStore\en-US\c_multiportserial.inf_loc
[2013/08/22 08:57:38 | 000,001,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_7875073d426d59a6\c_multiportserial.inf
[2015/01/13 18:21:45 | 000,004,224 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_7875073d426d59a6\c_multiportserial.PNF
[2013/08/22 13:40:08 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_1be60ad3a61e5531\serial.sys
[2014/10/29 03:46:05 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2014/09/24 17:38:31 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2014/09/24 17:38:22 | 000,000,232 | ---- | M] () -- \Windows\WinSxS\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_35eaebe6834354eb\c_multiportserial.inf_loc
[2013/08/22 08:57:38 | 000,001,032 | ---- | M] () -- \Windows\WinSxS\amd64_c_multiportserial.inf_31bf3856ad364e35_6.3.9600.16384_none_91b10a007e43beff\c_multiportserial.inf
[2015/01/20 14:06:58 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_b0eacafe7f4d1992\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2013/08/17 02:06:37 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.17226_cs-cz_b12d926c7f1ac114\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2015/01/20 14:07:14 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.20708_cs-cz_b1ceee03982636a5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014/09/24 17:38:31 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_3f29419cb7a1caf0\serialui.dll.mui
[2015/03/16 10:44:41 | 000,001,685 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.16384_none_e5c00198f2a1c32d\serialui.dll
[2014/10/29 04:27:06 | 000,017,920 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.17415_none_e60c9c74f2682fb5\serialui.dll
[2015/01/21 20:21:35 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_4e32729c2675dfcf\System.RunTime.Serialization.Resources.dll
[2015/01/13 17:40:41 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.3.9600.17226_cs-cz_4e753a0a26438751\System.RunTime.Serialization.Resources.dll
[2015/01/21 20:21:38 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.3.9600.20708_cs-cz_4f1695a13f4efce2\System.RunTime.Serialization.Resources.dll
[2014/09/24 17:38:22 | 000,009,728 | ---- | M] () -- \Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_b574829120336a99\serial.sys.mui
[2013/08/22 13:40:08 | 000,083,456 | ---- | M] () -- \Windows\WinSxS\amd64_msports.inf_31bf3856ad364e35_6.3.9600.16384_none_e95610bc8c554aa7\serial.sys
[2015/01/21 20:43:04 | 000,003,691 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..alization.resources_b03f5f7f11d50a3a_4.0.9600.16384_cs-cz_1da5c476c59b0e5b\System.RunTime.Serialization.resources.dll
[2014/06/05 05:33:14 | 000,113,952 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..alization.resources_b03f5f7f11d50a3a_4.0.9600.17238_cs-cz_1da069eec59ff302\System.RunTime.Serialization.resources.dll
[2015/01/21 20:43:05 | 000,003,304 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..alization.resources_b03f5f7f11d50a3a_4.0.9600.20720_cs-cz_06d276aedf4770c6\System.RunTime.Serialization.resources.dll
[2013/08/10 02:41:27 | 000,142,104 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9600.16384_none_f73c7de0bb1de286\System.Runtime.Serialization.Formatters.Soap.dll
[2013/08/10 02:41:28 | 000,029,432 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..lization.primitives_b03f5f7f11d50a3a_4.0.9600.16384_none_64635c6af076b012\System.Runtime.Serialization.Primitives.dll
[2014/09/24 17:38:44 | 000,027,920 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..ters.soap.resources_b03f5f7f11d50a3a_4.0.9600.16384_cs-cz_65f374ee29342685\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/10 02:41:27 | 000,029,392 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_031841e9b021a288\System.Runtime.Serialization.Json.dll
[2013/08/10 02:41:28 | 000,029,896 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_ea3019bcd508d7f5\System.Runtime.Serialization.Xml.dll
[2015/01/21 20:43:16 | 000,018,929 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_afcfdcce0af8e4ba\System.Runtime.Serialization.dll
[2015/01/21 20:43:19 | 000,011,811 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.17187_none_afcf9aa40af92e22\System.Runtime.Serialization.dll
[2014/07/24 05:20:21 | 001,059,536 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.17238_none_afca82460afdc961\System.Runtime.Serialization.dll
[2015/01/21 20:43:23 | 000,012,410 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.20681_none_99027a1e249ff87f\System.Runtime.Serialization.dll
[2015/01/21 20:43:26 | 000,004,122 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.20720_none_98fc8f0624a54725\System.Runtime.Serialization.dll
[2013/08/10 02:42:08 | 000,045,720 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.xml.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_1f92ce7ac9b9f399\System.Xml.Serialization.dll
[2013/08/10 02:42:08 | 000,029,848 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_0b1c65bd7b1ef04c\System.Xml.XmlSerializer.dll
[2015/01/21 20:31:36 | 000,000,531 | ---- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.16384_none_f057a9271ce694b1\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/24 00:12:50 | 000,131,072 | ---- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.17226_none_f0517be51cec2cbf\System.Runtime.Serialization.Formatters.Soap.dll
[2015/01/21 20:31:37 | 000,000,491 | ---- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.20708_none_d981a48b36959176\System.Runtime.Serialization.Formatters.Soap.dll
[2015/01/21 20:55:56 | 000,000,643 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.16384_none_9fc99c9c7c4c05c7\System.Runtime.Serialization.dll
[2015/01/21 20:55:59 | 000,000,425 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17226_none_9fc36f5a7c519dd5\System.Runtime.Serialization.dll
[2014/07/09 03:45:34 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17231_none_9fc4e18c7c503707\System.Runtime.Serialization.dll
[2015/01/21 20:56:01 | 000,000,440 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20708_none_88f3980095fb028c\System.Runtime.Serialization.dll
[2015/01/21 20:56:04 | 000,000,619 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20717_none_88f4af1295fa0242\System.Runtime.Serialization.dll
[2015/01/21 20:56:07 | 000,000,643 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_daa0a966d0440060\System.Runtime.Serialization.dll
[2015/01/21 20:56:10 | 000,000,425 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_da9a7c24d049986e\System.Runtime.Serialization.dll
[2014/07/09 03:45:33 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_da9bee56d04831a0\System.Runtime.Serialization.dll
[2015/01/21 20:56:12 | 000,000,440 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_c3caa4cae9f2fd25\System.Runtime.Serialization.dll
[2015/01/21 20:56:15 | 000,000,619 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_c3cbbbdce9f1fcdb\System.Runtime.Serialization.dll
[2014/09/24 17:36:46 | 000,000,276 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf-languagepack_31bf3856ad364e35_6.3.9600.16384_cs-cz_c3036df581d2c4e4.manifest
[2014/09/24 17:37:05 | 000,000,249 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_35eaebe6834354eb.manifest
[2013/08/22 17:20:14 | 000,000,210 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf_31bf3856ad364e35_6.3.9600.16384_none_91b10a007e43beff.manifest
[2013/08/22 15:25:34 | 000,000,297 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.3.9600.16384_none_0273ed2980a1f589.manifest
[2013/08/22 17:22:11 | 000,001,512 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-serial-classextension_31bf3856ad364e35_6.3.9600.16384_none_26d3123b2d2a9360.manifest
[2013/08/22 17:22:07 | 000,000,110 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.3.9600.16384_none_1d7b32f2da6cfe0c.manifest
[2013/08/22 17:24:27 | 000,000,402 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_031841e9b021a288.manifest
[2013/08/22 17:24:29 | 000,000,401 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_ea3019bcd508d7f5.manifest
[2013/08/22 17:24:24 | 000,000,420 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_afcfdcce0af8e4ba.manifest
[2015/01/20 14:16:51 | 000,000,521 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.17187_none_afcf9aa40af92e22.manifest
[2015/01/15 12:29:23 | 000,000,420 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.17238_none_afca82460afdc961.manifest
[2015/01/20 14:16:51 | 000,000,515 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.20681_none_99027a1e249ff87f.manifest
[2015/01/15 12:29:23 | 000,000,413 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9600.20720_none_98fc8f0624a54725.manifest
[2013/08/22 17:24:28 | 000,000,397 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.xml.serialization_b03f5f7f11d50a3a_4.0.9600.16384_none_1f92ce7ac9b9f399.manifest
[2013/08/22 17:24:27 | 000,000,403 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_0b1c65bd7b1ef04c.manifest
[2013/08/22 17:24:13 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.16384_none_9fc99c9c7c4c05c7.manifest
[2015/01/15 12:38:21 | 000,000,404 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17226_none_9fc36f5a7c519dd5.manifest
[2015/01/15 12:33:20 | 000,000,404 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.17231_none_9fc4e18c7c503707.manifest
[2015/01/15 12:38:21 | 000,000,407 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20708_none_88f3980095fb028c.manifest
[2015/01/15 12:33:20 | 000,000,406 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.3.9600.20717_none_88f4af1295fa0242.manifest
[2013/08/22 17:24:13 | 000,000,416 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_daa0a966d0440060.manifest
[2015/01/15 12:38:21 | 000,000,413 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_da9a7c24d049986e.manifest
[2015/01/15 12:33:20 | 000,000,412 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_da9bee56d04831a0.manifest
[2015/01/15 12:38:21 | 000,000,415 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_c3caa4cae9f2fd25.manifest
[2015/01/15 12:33:20 | 000,000,414 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_c3cbbbdce9f1fcdb.manifest
[2013/08/22 17:24:29 | 000,000,418 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_61eedd30ec040245.manifest
[2013/08/22 17:24:24 | 000,000,430 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9600.16384_none_dde82ee214ba2d3d.manifest
[2013/08/22 17:24:13 | 000,000,400 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.16384_none_ed2ffed67c428df1.manifest
[2015/01/15 12:38:21 | 000,000,399 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17226_none_ed29d1947c4825ff.manifest
[2015/01/15 12:33:20 | 000,000,401 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17231_none_ed2b43c67c46bf31.manifest
[2015/01/15 12:38:21 | 000,000,399 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20708_none_d659fa3a95f18ab6.manifest
[2015/01/15 12:33:20 | 000,000,401 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20717_none_d65b114c95f08a6c.manifest
[2014/09/24 17:37:56 | 000,000,448 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.16384_cs-cz_25789e4d6d93f144.manifest
[2015/01/24 00:15:27 | 000,000,558 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.17187_cs-cz_25785c236d943aac.manifest
[2015/01/15 12:29:17 | 000,000,449 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.17238_cs-cz_257343c56d98d5eb.manifest
[2015/01/24 00:15:27 | 000,000,556 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.20681_cs-cz_0eab3b9d873b0509.manifest
[2015/01/15 12:29:15 | 000,000,445 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.20720_cs-cz_0ea55085874053af.manifest
[2014/09/24 17:37:54 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.16384_cs-cz_7adb458f8b8eae0b.manifest
[2015/01/15 12:38:20 | 000,000,406 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17226_cs-cz_7ad5184d8b944619.manifest
[2015/01/15 12:33:19 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17231_cs-cz_7ad68a7f8b92df4b.manifest
[2015/01/15 12:38:20 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20708_cs-cz_640540f3a53daad0.manifest
[2015/01/15 12:33:19 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20717_cs-cz_64065805a53caa86.manifest
[2013/08/22 17:24:24 | 000,000,419 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_0d0d9cf22bac10f4.manifest
[2013/08/22 17:24:27 | 000,000,471 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.16384_none_c8108d2e85eed25d.manifest
[2015/01/20 14:16:48 | 000,000,570 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.17187_none_c8104b0485ef1bc5.manifest
[2015/01/15 12:29:22 | 000,000,471 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.17238_none_c80b32a685f3b704.manifest
[2015/01/20 14:16:48 | 000,000,566 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.20681_none_b1432a7e9f95e622.manifest
[2015/01/15 12:29:22 | 000,000,465 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.20720_none_b13d3f669f9b34c8.manifest
[2013/08/22 17:24:13 | 000,000,422 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.16384_none_1d733470a3e98f24.manifest
[2015/01/15 12:38:21 | 000,000,421 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17226_none_1d6d072ea3ef2732.manifest
[2015/01/15 12:33:20 | 000,000,422 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17231_none_1d6e7960a3edc064.manifest
[2015/01/15 12:38:21 | 000,000,421 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20708_none_069d2fd4bd988be9.manifest
[2015/01/15 12:33:20 | 000,000,423 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20717_none_069e46e6bd978b9f.manifest
[2013/08/22 17:24:28 | 000,000,447 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.serialization_b77a5c561934e089_4.0.9600.16384_none_5aaf0d34c0033202.manifest
[2013/08/22 17:24:24 | 000,000,420 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_3cc4c9f9340d8755.manifest
[2013/08/22 17:24:56 | 000,000,411 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_224de03de4c02966.manifest
[2015/01/15 12:38:20 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_2247b2fbe4c5c174.manifest
[2015/01/15 12:33:19 | 000,000,412 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_2249252de4c45aa6.manifest
[2015/01/15 12:38:20 | 000,000,408 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_0b77dba1fe6f262b.manifest
[2015/01/15 12:33:19 | 000,000,411 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_0b78f2b3fe6e25e1.manifest
[2013/08/10 02:55:16 | 000,142,104 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9600.16384_none_0dbd81c1c9e100df\System.Runtime.Serialization.Formatters.Soap.dll
[2015/01/21 21:07:51 | 000,000,531 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.16384_none_63202903e7dbbda6\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/24 00:12:42 | 000,131,072 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.17226_none_6319fbc1e7e155b4\System.Runtime.Serialization.Formatters.Soap.dll
[2015/01/21 21:07:52 | 000,000,491 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.3.9600.20708_none_4c4a2468018aba6b\System.Runtime.Serialization.Formatters.Soap.dll
[2014/09/24 17:38:46 | 000,027,920 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.9600.16384_cs-cz_c6e6982dc37909d8\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2015/01/21 21:07:53 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.3.9600.16384_cs-cz_1c493f6fe173c69f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/17 02:06:37 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.3.9600.17226_cs-cz_1c43122de1795ead\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2015/01/21 21:07:53 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.3.9600.20708_cs-cz_05733ad3fb22c364\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/10 02:55:16 | 000,029,392 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9600.16384_none_61eedd30ec040245\System.Runtime.Serialization.Json.dll
[2013/08/10 02:55:16 | 000,029,432 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9600.16384_none_dde82ee214ba2d3d\System.Runtime.Serialization.Primitives.dll
[2015/01/21 21:07:57 | 000,000,663 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.16384_none_ed2ffed67c428df1\System.Runtime.Serialization.dll
[2015/01/21 21:08:00 | 000,000,436 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17226_none_ed29d1947c4825ff\System.Runtime.Serialization.dll
[2014/07/09 03:45:07 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.17231_none_ed2b43c67c46bf31\System.Runtime.Serialization.dll
[2015/01/21 21:08:03 | 000,000,452 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20708_none_d659fa3a95f18ab6\System.Runtime.Serialization.dll
[2015/01/21 21:08:06 | 000,000,632 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.3.9600.20717_none_d65b114c95f08a6c\System.Runtime.Serialization.dll
[2015/01/21 21:08:07 | 000,003,691 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.16384_cs-cz_25789e4d6d93f144\System.RunTime.Serialization.resources.dll
[2015/01/25 12:25:03 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.17187_cs-cz_25785c236d943aac\System.RunTime.Serialization.resources.dll
[2014/06/05 05:33:14 | 000,113,952 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.17238_cs-cz_257343c56d98d5eb\System.RunTime.Serialization.resources.dll
[2015/01/25 12:25:04 | 000,003,304 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.20681_cs-cz_0eab3b9d873b0509\System.RunTime.Serialization.resources.dll
[2015/01/25 12:25:05 | 000,003,304 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9600.20720_cs-cz_0ea55085874053af\System.RunTime.Serialization.resources.dll
[2015/01/21 21:08:09 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.16384_cs-cz_7adb458f8b8eae0b\System.RunTime.Serialization.Resources.dll
[2015/01/21 21:08:10 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17226_cs-cz_7ad5184d8b944619\System.RunTime.Serialization.Resources.dll
[2015/01/13 17:40:40 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.17231_cs-cz_7ad68a7f8b92df4b\System.RunTime.Serialization.Resources.dll
[2015/01/21 21:08:10 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20708_cs-cz_640540f3a53daad0\System.RunTime.Serialization.Resources.dll
[2015/01/21 21:08:11 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.3.9600.20717_cs-cz_64065805a53caa86\System.RunTime.Serialization.Resources.dll
[2013/08/10 02:55:16 | 000,029,896 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9600.16384_none_0d0d9cf22bac10f4\System.Runtime.Serialization.Xml.dll
[2015/01/21 21:08:15 | 000,018,929 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.16384_none_c8108d2e85eed25d\System.Runtime.Serialization.dll
[2015/01/21 21:08:19 | 000,011,811 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.17187_none_c8104b0485ef1bc5\System.Runtime.Serialization.dll
[2014/07/24 05:20:32 | 001,059,536 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.17238_none_c80b32a685f3b704\System.Runtime.Serialization.dll
[2015/01/21 21:08:22 | 000,012,410 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.20681_none_b1432a7e9f95e622\System.Runtime.Serialization.dll
[2015/01/21 21:08:26 | 000,004,122 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9600.20720_none_b13d3f669f9b34c8\System.Runtime.Serialization.dll
[2015/01/21 21:08:29 | 000,000,663 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.16384_none_1d733470a3e98f24\System.Runtime.Serialization.dll
[2015/01/21 21:08:32 | 000,000,436 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17226_none_1d6d072ea3ef2732\System.Runtime.Serialization.dll
[2014/07/09 03:45:06 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.17231_none_1d6e7960a3edc064\System.Runtime.Serialization.dll
[2015/01/21 21:08:35 | 000,000,452 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20708_none_069d2fd4bd988be9\System.Runtime.Serialization.dll
[2015/01/21 21:08:38 | 000,000,632 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.3.9600.20717_none_069e46e6bd978b9f\System.Runtime.Serialization.dll
[2013/08/10 02:55:49 | 000,045,720 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.serialization_b77a5c561934e089_4.0.9600.16384_none_5aaf0d34c0033202\System.Xml.Serialization.dll
[2013/08/10 02:55:49 | 000,029,848 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9600.16384_none_3cc4c9f9340d8755\System.Xml.XmlSerializer.dll
[2015/01/21 21:52:19 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_54cc2f7ac6efa85c\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/17 02:06:37 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.17226_cs-cz_550ef6e8c6bd4fde\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2015/01/21 21:52:31 | 000,000,012 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.3.9600.20708_cs-cz_55b0527fdfc8c56f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/09/24 17:38:31 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_e30aa618ff4459ba\serialui.dll.mui
[2015/03/16 12:23:39 | 000,001,912 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.16384_none_89a166153a4451f7\serialui.dll
[2014/10/29 03:46:05 | 000,015,360 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.3.9600.17415_none_89ee00f13a0abe7f\serialui.dll
[2015/01/21 22:17:21 | 000,000,663 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.16384_none_224de03de4c02966\System.Runtime.Serialization.dll
[2015/01/21 22:17:24 | 000,000,436 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17226_none_2247b2fbe4c5c174\System.Runtime.Serialization.dll
[2014/07/09 03:45:06 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.17231_none_2249252de4c45aa6\System.Runtime.Serialization.dll
[2015/01/21 22:17:27 | 000,000,452 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20708_none_0b77dba1fe6f262b\System.Runtime.Serialization.dll
[2015/01/21 22:17:30 | 000,000,632 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.3.9600.20717_none_0b78f2b3fe6e25e1\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

A tady je ten druhý:

OTL Extras logfile created on: 13. 7. 2015 18:55:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sweety\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

1,89 Gb Total Physical Memory | 0,45 Gb Available Physical Memory | 24,12% Memory free
4,14 Gb Paging File | 1,94 Gb Available in Paging File | 46,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 66,71 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
Drive D: | 157,85 Gb Total Space | 157,54 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: sweety | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ASP\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ASP\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21151D47-6013-416C-AA20-610DA4D5AC86}" = rport=139 | protocol=6 | dir=out | app=system |
"{2EBE9A44-AACA-4200-8146-A361B675BC85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31DB19BA-0B1A-47E1-BBFA-DDB1129483CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33FA2EB3-159D-4171-A3E0-F0B5CCC1AD8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{538A7FF4-D054-4E87-A5CC-2E6B99EE8F5C}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E0B0C5E-D123-43BE-99BD-4DC59F937E2A}" = lport=138 | protocol=17 | dir=in | app=system |
"{951C66B4-36F9-405C-A93D-6ACDD6067794}" = rport=445 | protocol=6 | dir=out | app=system |
"{A07F2CE0-6AED-4A48-B578-CDC90399EC0C}" = lport=445 | protocol=6 | dir=in | app=system |
"{A0D3F7C7-8B54-40F0-B7EA-E5146EB79D7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{AEA9810D-275F-4BAA-9CDB-FDE94F013F57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C2CA2689-5339-4FC0-A393-A3CD4CB3A73E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB84D5E9-4724-4E1C-9E39-8868D4E48DC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D46082BD-1186-41B1-9C38-5FFCE1A09CC2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FFE183D2-E120-46F9-828B-C94FFC00E1B6}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F60D06D-6FC9-45FF-A482-6D579E933552}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{14BF5B5C-233F-48A0-B4F6-C596172492DE}" = dir=out | name=sonicwall mobile connect |
"{158A128F-F1F8-427B-B990-4350D04B12EE}" = dir=in | app=c:\iqiyi video\lstyle\qyplayer.exe |
"{160FB779-F48B-497D-ACAF-B913550A5764}" = dir=in | app=c:\users\sweety\appdata\roaming\iqiyi video\lstyle\gpupdate.exe |
"{169C9D3C-9603-4BFA-852A-ECC5A66F7AB6}" = dir=in | app=c:\iqiyi video\lstyle\qyclient.exe |
"{1AF17A41-4035-4D11-AADF-1C21721B2A68}" = dir=out | name=@{microsoft.bingweather_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{239C4788-25CE-4F20-A862-84982AFD9F29}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{294335EB-B173-4B34-AF65-696B7C9B33EC}" = dir=in | name=f5 vpn |
"{2EC052B3-2C3E-449D-BA71-5E9EA4449FBA}" = dir=out | name=skype |
"{2EF9742D-C827-4FB6-B1BD-D4F716085038}" = dir=in | app=c:\iqiyi video\lstyle\qywebplayer.exe |
"{3D92E4C7-665E-4F26-AFB6-BE858BC04990}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{41E3E9F6-9B45-4830-AF6F-C494EF2BE516}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{439756F6-DCA2-4FF9-AB4F-E65BD7A02CC3}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{457CCA5E-BCE7-4B39-BC57-4FD43E34B50F}" = dir=in | name=microsoft solitaire collection |
"{46BC1FEF-81ED-4B60-BBE7-976DDBDF0B65}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{49C7EC66-2E0A-44D6-A635-BA2E8C0D732D}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{4CA7672E-A082-4CC1-9CAE-7883C3F95084}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4CE3947D-E2B6-4EE1-8E57-DB24961C16A1}" = dir=in | app=c:\iqiyi video\geeplayer\geeplayer.exe |
"{4FA0F5C6-42AA-4EF2-9D9D-FF4F81D00BCC}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{51FE0B7B-9519-4A8A-9E04-51AD306BF296}" = dir=in | app=c:\iqiyi video\lstyle\qyclient.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{586614DA-0FD5-47DC-A32F-476811C42325}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{59F81380-DC9F-4928-84DA-9D2C10D17177}" = dir=out | name=check point vpn |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{618DC846-6605-4EC4-A2AC-79383A494840}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{633C7DD7-83A4-4B4D-ACBC-96D36808C4C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{6B124FE2-D26E-4F68-8B85-DE647F3A42B1}" = dir=in | name=skype |
"{6BDA933E-0B8A-4345-BD6B-0B6877706F25}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{6E6955C0-4691-423A-959B-D3E254E6D83A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{712C93DD-4B66-443F-94BA-598C3C782893}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{76B8ADCE-339C-44C8-899A-1A9CDBE045E8}" = dir=in | app=c:\iqiyi video\common\qykernel.exe |
"{76F97FC3-6B78-43E8-8ED3-ADA1CB2E7FB3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{7819E61D-7079-4977-9A37-D7A6371EB33A}" = dir=in | app=c:\iqiyi video\geeplayer\geeplayer\geeplayer.exe |
"{78C3E01D-DF5B-401D-B7C4-72C1F6036FB9}" = dir=out | name=microsoft solitaire collection |
"{7A198E61-B6DD-420F-A000-B4DDF878911E}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7EA0FC0C-275C-4614-B47B-8B3430223775}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{7EE04C5A-4FC3-4C47-B22D-8E906E1F73CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81A7EEB3-3282-441F-B2BD-2A79D8C29B59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84922BCD-C73B-4018-A98A-CE6B764BEBCE}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{87E53636-061C-4AA2-81BF-68CAE2F24F24}" = dir=in | app=c:\iqiyi video\lstyle\qywebplayer.exe |
"{8CE83FCC-E134-4DA2-8164-BE72C01E494C}" = dir=out | name=@{microsoft.bingfinance_3.0.4.323_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{8E821C34-A0C3-45D1-A07A-E9A973AA0E37}" = dir=in | app=c:\iqiyi video\common\qykernel.exe |
"{94B1017C-EB62-4AF5-B22A-9DF487ECFC1C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{95C66F71-DCD2-4671-A568-802DE6211B68}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9812C4A0-35F0-46F6-BA16-6423E0949547}" = dir=out | name=f5 vpn |
"{98E23827-9ABB-4B4E-AFF1-6DC1643943CA}" = dir=in | app=c:\iqiyi video\geeplayer\geeplayer\geeplayer.exe |
"{99F8D70C-0D12-4B00-9EA6-8076F947D196}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{9A0F07A4-4F6A-409F-A0FF-6E72F4BAF7A1}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9EF296FF-9AC1-4910-A857-2FDCCBF203BE}" = dir=out | name=@{microsoft.bingsports_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{9F8FD251-98C4-412E-9767-FB7C13B529FA}" = dir=in | app=c:\iqiyi video\lstyle\qyplayer.exe |
"{A014FABA-C706-4AB3-AB42-BB01621DC580}" = dir=in | app=c:\iqiyi video\lstyle\qywebplayer.exe |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |
"{A0DB02C9-66C8-401E-9113-DB347F612C74}" = dir=in | name=taptiles |
"{A2773BA6-4B98-4D5F-B231-1B374163F08A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A572E8EE-F6BE-4A37-9CC5-B18F505F352C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{A785B6E3-68E0-4A28-89D6-14F7FD6DBE4F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{AAA504FB-7714-4499-A052-D24F8D964BC6}" = dir=out | name=windows_ie_ac_001 |
"{AE780D90-4790-4798-90DE-12E4B02909DD}" = dir=out | name=fresh paint |
"{B0DA28EA-3585-4B22-9653-8F34951C3E9B}" = dir=in | app=c:\iqiyi video\common\qykernel.exe |
"{B5DDDCF1-BA51-48D5-B599-6ACAB9D34560}" = dir=out | name=wordament |
"{B71584DE-D831-4FBB-9EEE-AA89EC8A14F2}" = dir=out | name=windows_ie_ac_001 |
"{B973CFD3-7F55-4331-B8B0-49452F0162EB}" = dir=in | name=onenote |
"{BCD09F73-56E5-4309-AC8C-7F2CF66711CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{BD6F2817-C77D-489A-A289-74DB60F65A4E}" = dir=in | app=c:\iqiyi video\lstyle\qyclient.exe |
"{C17B68A9-EB43-461B-B946-7D0C1872AC71}" = dir=in | app=c:\users\sweety\appdata\roaming\iqiyi video\lstyle\qyupdate.exe |
"{C36F6F1D-20C9-4823-9331-5E56E9EB43CF}" = dir=out | name=juniper networks junos pulse |
"{C51FAC49-AFFC-4D3D-8647-A4BBCB9592F8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{C5422935-B459-44C8-91CC-C702D3FA13FD}" = dir=in | name=check point vpn |
"{C9E28273-D5E8-4291-93E2-C53A493EFECF}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CA324B64-14F3-4752-9771-8307784A5E32}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{CB6AEF5E-C1C2-4D5F-8149-E146A7B88CC5}" = dir=out | name=onenote |
"{CF3BF66F-8C5E-42A2-9E92-59FC2ED94814}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D2C0B17D-CA66-4F57-A94C-F94B54274E1F}" = dir=in | name=juniper networks junos pulse |
"{D2DBD95A-2FDA-4AB4-80BA-6182CE18B1B8}" = dir=in | app=c:\users\sweety\appdata\roaming\iqiyi video\lstyle\qyupdate.exe |
"{D36A543D-2E6F-499D-AE45-74301118F2DE}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D8AC7CBF-C9B6-4843-BFFB-54B945EF7C73}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB990DC6-7287-41B0-B1ED-FB44EADA7EAA}" = dir=out | name=adera |
"{DF5432CE-422A-4018-B9E8-06F2B49B7203}" = dir=in | name=sonicwall mobile connect |
"{E2E53EC7-5AF9-4746-BADA-6889B3236B4C}" = dir=in | app=c:\iqiyi video\lstyle\qyplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9DDAD8B-F5F2-48DD-8729-DD9D6D99D9EE}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{EAE48337-EA8C-45BC-B8DD-A6513F87CE55}" = dir=out | name=taptiles |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EFAF007C-0EFF-4DE6-B803-2780DDBA2D88}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4D49F8B-6D5A-4E7F-AEFD-B76A027EB96B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F90A6F02-C98B-47FD-AA23-D0EAAF24D5AD}" = dir=in | app=c:\users\sweety\appdata\roaming\iqiyi video\lstyle\qyupdate.exe |
"{FCF1FC90-BE1C-43B5-B32B-7186D2C4D91D}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{FF1E99CE-3DA4-45B6-8EA6-5307D31824D7}" = dir=out | name=@{microsoft.bingnews_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{FF42A286-D6FE-4C72-88B0-8CEEDFE24535}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{0666F0E3-2F9A-468E-BB7F-4FACBB08E9CC}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{D4FD021E-3506-47F5-A58F-17748A82B5CA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{024E3A79-2C4B-44EF-AFC1-AF0CB4069161}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{4A8E16D1-8161-4FBD-B2CB-5C722CC960E2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

A poslední část, to bylo teda dlouhý

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5" = Balíček ovladače systému Windows - ASUS (ATP) Mouse (01/10/2013 1.0.0.170)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"O365ProPlusRetail - cs-cz" = Microsoft Office 365 ProPlus - cs-cz

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3727C0FE-4357-492C-85EE-E78BC31BF831}" = Alcor Micro USB Card Reader
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0405-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-0804-1033-1959-001824144531}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.11) - Czech
"{ADEBB98C-DCD0-4369-BC4A-71B342CF55B2}" = HT Fireman CD/DVD Burner
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C560D6E7-E40A-435D-8B71-62CBCF1701B2}" = OpenOffice 4.1.1
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1" = Advanced-System Protector
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Avast" = Avast Free Antivirus
"Comodo Dragon" = Comodo Dragon
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"FormatFactory" = FormatFactory 3.5.0.0
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Mozilla Firefox 38.0.5 (x86 cs)" = Mozilla Firefox 38.0.5 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Play System (Patching)" = Network Play System (Patching)
"Opera 30.0.1835.88" = Opera Stable 30.0.1835.88
"The Sims" = The Sims
"Windows 8 Start menu_is1" = Windows 8 Start menu 2.1
"WinRAR archiver" = WinRAR 5.21 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10. 6. 2015 10:47:41 | Computer Name = pc | Source = Application Error | ID = 1000
Description = Název chybující aplikace: StartMenu.exe, verze: 2.2.0.0, časové razítko:
0x54d890fd Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17415, časové
razítko: 0x54504ade Kód výjimky: 0xc000041d Posun chyby: 0x00014598 ID chybujícího
procesu: 0x10e8 Čas spuštění chybující aplikace: 0x01d0a365c29507b5 Cesta k chybující
aplikaci: C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe Cesta k chybujícímu
modulu: C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: a4873b58-0f7f-11e5-bedd-dc85de2a3c25
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 11. 6. 2015 4:37:13 | Computer Name = pc | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12. 6. 2015 4:47:20 | Computer Name = pc | Source = Application Hang | ID = 1002
Description = Program BtTray.exe verze 8.0.0.206 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
528 Čas spuštění: 01d0a4c7849986bd Čas ukončení: 232 Cesta k aplikaci: C:\Program
Files (x86)\Bluetooth Suite\BtTray.exe ID hlášení: 94aed3cf-10df-11e5-bedf-dc85de2a3c25

Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 12. 6. 2015 9:49:16 | Computer Name = pc | Source = Application Error | ID = 1000
Description = Název chybující aplikace: svchost.exe_DiagTrack, verze: 6.3.9600.17415,
časové razítko: 0x54504177 Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.17736,
časové razítko: 0x550f4336 Kód výjimky: 0xc000000d Posun chyby: 0x0000000000101e60
ID
chybujícího procesu: 0x6b8 Čas spuštění chybující aplikace: 0x01d0a4c7374d8620 Cesta
k chybující aplikaci: C:\WINDOWS\System32\svchost.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\ntdll.dll ID zprávy: d03b7e4e-1109-11e5-bedf-dc85de2a3c25 Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 12. 6. 2015 15:51:52 | Computer Name = pc | Source = Application Error | ID = 1000
Description = Název chybující aplikace: SystemSettings.exe, verze: 6.3.9600.17489,
časové razítko: 0x5465bbd5 Název chybujícího modulu: Windows.UI.Xaml.dll, verze:
6.3.9600.17415, časové razítko: 0x54504b1a Kód výjimky: 0xc000027b Posun chyby: 0x00000000006d663b
ID
chybujícího procesu: 0x1490 Čas spuštění chybující aplikace: 0x01d0a5490ddb7aeb Cesta
k chybující aplikaci: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Cesta
k chybujícímu modulu: C:\Windows\System32\Windows.UI.Xaml.dll ID zprávy: 785ca8c4-113c-11e5-bee0-dc85de2a3c25
Úplný
název chybujícího balíčku: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
ID
aplikace související s chybujícím balíčkem: microsoft.windows.immersivecontrolpanel

Error - 14. 6. 2015 14:09:24 | Computer Name = pc | Source = Application Error | ID = 1000
Description = Název chybující aplikace: svchost.exe_DiagTrack, verze: 6.3.9600.17415,
časové razítko: 0x54504177 Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.17736,
časové razítko: 0x550f4336 Kód výjimky: 0xc000000d Posun chyby: 0x0000000000101e60
ID
chybujícího procesu: 0x674 Čas spuštění chybující aplikace: 0x01d0a6caa2697fdb Cesta
k chybující aplikaci: C:\WINDOWS\System32\svchost.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\ntdll.dll ID zprávy: 7ca51eb5-12c0-11e5-bee3-dc85de2a3c25 Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 15. 6. 2015 5:05:38 | Computer Name = pc | Source = Application Error | ID = 1000
Description = Název chybující aplikace: StartMenu.exe, verze: 2.2.0.0, časové razítko:
0x54d890fd Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17415, časové
razítko: 0x54504ade Kód výjimky: 0x0eedfade Posun chyby: 0x00014598 ID chybujícího
procesu: 0x1090 Čas spuštění chybující aplikace: 0x01d0a738d0bf5783 Cesta k chybující
aplikaci: C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe Cesta k chybujícímu
modulu: C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: b06a1649-133d-11e5-bee4-dc85de2a3c25
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 15. 6. 2015 5:05:43 | Computer Name = pc | Source = Application Error | ID = 1000
Description = Název chybující aplikace: StartMenu.exe, verze: 2.2.0.0, časové razítko:
0x54d890fd Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17415, časové
razítko: 0x54504ade Kód výjimky: 0xc000041d Posun chyby: 0x00014598 ID chybujícího
procesu: 0x1090 Čas spuštění chybující aplikace: 0x01d0a738d0bf5783 Cesta k chybující
aplikaci: C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe Cesta k chybujícímu
modulu: C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: b3132b05-133d-11e5-bee4-dc85de2a3c25
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 19. 6. 2015 7:43:53 | Computer Name = pc | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 20. 6. 2015 2:17:41 | Computer Name = pc | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 6. 7. 2015 8:34:29 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 6. 7. 2015 13:38:54 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 6. 7. 2015 13:39:24 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 6. 7. 2015 15:55:33 | Computer Name = pc | Source = Application Popup | ID = 1060
Description =

Error - 6. 7. 2015 15:55:33 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description = Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
%%1275

Error - 6. 7. 2015 15:55:33 | Computer Name = pc | Source = Application Popup | ID = 1060
Description =

Error - 6. 7. 2015 15:55:33 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description = Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
%%1275

Error - 6. 7. 2015 15:55:34 | Computer Name = pc | Source = Application Popup | ID = 1060
Description =

Error - 6. 7. 2015 15:55:34 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description = Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
%%1275

Error - 7. 7. 2015 13:22:56 | Computer Name = pc | Source = Service Control Manager | ID = 7030
Description = Služba ESET Service je označena jako interaktivní služba. Avšak systém
je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude
fungovat správně.


< End of report >

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands) Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.