VIRY.CZ

Ahoj,
pustil jsme se do vytvoření logu poprvé v životě, tak se mi to snad povedlo. Zlobí mi mašina, jste poslední naděje. Opravdu nevím, co s tím. Jako by se seká, laguje, ale připojením to není...
log:

ComboFix 16-09-28.01 - maxs 14.10.2016 23:15:58.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.8098.6160 [GMT 2:00]
Spuštěný z: c:\users\maxs\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.401.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET NOD32 Antivirus 9.0.401.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-14 do 2016-10-14 )))))))))))))))))))))))))))))))
.
.
2016-10-14 21:19 . 2016-10-14 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-14 20:55 . 2016-10-14 20:55 -------- d-----w- c:\program files (x86)\MSI Afterburner
2016-10-14 20:54 . 2013-01-23 06:13 9180976 ----a-w- C:\MSIAfterburnerSetup231.exe
2016-10-14 20:54 . 2012-12-18 01:46 13946234 ----a-w- C:\MSI_Kombustor_Setup_2.5.0.exe
2016-10-14 20:54 . 2016-10-14 20:54 -------- d-----w- c:\program files\WinRAR
2016-10-14 20:06 . 2016-10-14 21:01 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-14 20:05 . 2016-10-14 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-10-14 20:05 . 2016-10-14 20:05 -------- d-----w- c:\programdata\Malwarebytes
2016-10-14 20:05 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-14 20:05 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-14 20:05 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-14 19:12 . 2016-09-16 22:30 134712 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-10-14 19:12 . 2016-10-14 19:12 -------- d-----w- c:\program files (x86)\VulkanRT
2016-10-14 19:12 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-10-14 19:12 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-10-14 19:12 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1.dll
2016-10-14 19:12 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-29 22:02 . 2016-10-14 21:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-09-29 22:02 . 2016-10-14 21:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2016-09-29 20:50 . 2016-09-29 20:50 -------- d-----w- c:\users\maxs\AppData\Roaming\LavasoftStatistics
2016-09-29 20:50 . 2016-09-29 20:50 -------- d-----w- c:\program files\Lavasoft
2016-09-29 20:49 . 2016-09-29 20:49 -------- d-----w- c:\program files\Common Files\Lavasoft
2016-09-24 12:07 . 2016-09-29 19:27 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2016-09-23 11:55 . 2016-08-05 15:30 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-23 11:55 . 2016-08-05 15:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-09-18 10:03 . 2016-09-18 10:03 -------- d-----w- c:\programdata\ACD Systems
2016-09-18 10:03 . 2016-09-18 10:03 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems
2016-09-18 10:01 . 2016-09-18 10:01 -------- d-----w- c:\users\maxs\AppData\Roaming\Softlink
2016-09-18 10:01 . 2016-09-18 10:01 -------- d-----w- c:\users\maxs\AppData\Roaming\KuaiZip
2016-09-18 10:01 . 2016-09-18 10:01 -------- d-----w- c:\users\maxs\AppData\Local\UCBrowser
2016-09-18 10:01 . 2016-08-02 06:54 81792 ----a-w- c:\windows\system32\drivers\ucguard.sys
2016-09-18 10:00 . 2016-09-18 10:01 -------- d-----w- c:\program files (x86)\UCBrowser
2016-09-18 10:00 . 2016-09-29 21:01 -------- d-----w- c:\program files (x86)\sbqh
2016-09-18 09:59 . 2016-09-18 09:59 -------- d-----w- c:\users\maxs\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-12 17:24 . 2015-03-11 17:26 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-12 17:24 . 2015-03-11 17:26 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-09 15:34 . 2015-07-14 13:29 263296 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-09-30 04:24 . 2016-05-25 17:34 1842624 ----a-w- c:\windows\system32\nvspcap64.dll
2016-09-30 04:24 . 2016-05-25 17:34 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-09-30 04:24 . 2016-05-25 17:34 1444288 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-09-30 04:24 . 2016-05-25 17:34 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-09-30 04:24 . 2016-05-25 17:34 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-09-19 23:09 . 2016-08-10 15:42 1588688 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-09-17 06:11 . 2016-05-25 17:32 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2016-09-17 06:11 . 2016-05-25 17:32 104384 ----a-w- c:\windows\system32\nvaudcap64v.dll
2016-09-17 06:11 . 2016-05-25 17:32 94144 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-09-17 00:46 . 2016-05-25 17:32 3917840 ----a-w- c:\windows\system32\nvapi64.dll
2016-09-17 00:46 . 2015-03-11 16:48 3458608 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-09-17 00:46 . 2015-03-11 16:48 19854064 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-09-17 00:46 . 2015-03-11 16:48 17270984 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-09-17 00:46 . 2015-03-11 16:48 14353512 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-09-16 23:36 . 2015-08-25 17:10 144199024 -c--a-w- c:\windows\system32\MRT.exe
2016-09-16 22:57 . 2015-03-11 16:49 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-09-16 22:57 . 2015-03-11 16:49 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-09-16 22:57 . 2016-05-25 17:33 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-09-16 22:57 . 2016-05-25 17:33 546752 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-09-16 22:57 . 2015-03-11 16:49 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-09-16 22:57 . 2015-03-11 16:49 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-09-16 22:57 . 2015-03-11 16:49 1762752 ----a-w- c:\windows\system32\nvsvcr.dll
2016-09-16 22:57 . 2015-03-11 16:49 1364024 ----a-w- c:\windows\system32\nvvsvc.exe
2016-09-16 07:40 . 2015-03-11 16:49 7379415 ----a-w- c:\windows\system32\nvcoproc.bin
2016-09-09 18:25 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-26-0.dll
2016-09-09 18:25 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 18:25 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 18:24 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-26-0.exe
2016-09-02 15:30 . 2016-09-16 13:14 345600 ----a-w- c:\windows\system32\schannel.dll
2016-09-02 15:30 . 2016-09-16 13:14 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-09-02 15:16 . 2016-09-16 13:14 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-09-02 15:16 . 2016-09-16 13:14 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-09-02 15:16 . 2016-09-16 13:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-08-15 11:09 . 2012-07-17 12:37 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
"Web Companion"="c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" [2016-09-23 1732368]
"Overwolf"="c:\program files (x86)\Overwolf\OverwolfLauncher.exe" [2016-09-27 247344]
"cz.seznam.software.autoupdate"="c:\users\maxs\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\maxs\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"World of Tanks"="c:\games\World_of_Tanks\WargamingGameUpdater.exe" [2016-09-26 3134728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [x]
R2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - RTCORE64
*Deregistered* - RTCore64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
kuaizip2updatesvc REG_MULTI_SZ Kuaizip Update Checker
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
2016-09-18 10:00 1126800 ----a-w- c:\program files (x86)\UCBrowser\Application\5.6.14087.902\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-03 21:26 1266792 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-11 17:24]
.
2016-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11 14:53]
.
2016-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11 14:53]
.
2016-10-14 c:\windows\Tasks\UCBrowserUpdater.job
- c:\program files (x86)\UCBrowser\Application\update_task.exe [2016-09-18 06:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-09-30 1842624]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe" [2016-07-18 9571552]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: webcompanion.com
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 77.48.254.254 77.48.100.254
FF - ProfilePath - c:\users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\
FF - prefs.js: browser.search.selectedEngine - BingÂ®
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
------- Asociace souborů -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} - (no file)
AddRemove-{B64D8CE9-11B2-469D-A347-9A13C2BCA423}_is1 - c:\games\World_of_Tanks\unins003.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-10-14 23:20:46
ComboFix-quarantined-files.txt 2016-10-14 21:20
.
Před spuštěním: Volných bajtů: 20 818 534 400
Po spuštění: Volných bajtů: 20 535 001 088
.
- - End Of File - - 7B565730BC67468203EAD145924C151B
413FC2A0C716421B3158746D63736515

Zdravim

maxs.cz píše:pustil jsme se do vytvoření logu poprvé v životě,

A proc zrovna ComboFix?!?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy a ja ted muzu tak akorat varit z vody, jak se rika

Zkusim se na to podivat, ale pokud se to bude jeste jednou opakovat, bude pomoc odmitnuta. Uz jste na to totiz jednou upozornen byl!!!

A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty

Popiste podrobneji problem. Blbne jen internet, nebo celkove? A porad, nebo jen nekdy?

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Zdravím Márty. Moc Vám děkuji za reakci. Máte pravdu, sám jsem si svůj původní příspěvek vyhledal, úplně jsem na něj zapomněl. Nicméně tehdejší problém je se změnou poskytovatele minulostí.
HISTORIE:
Před pár týdny jsem si omylem klikl na nějakou aplikaci na odstranění škodlivého mailware, ale opak byl pravdou. Na úvodním logu Win7 mi naskakovala čínsky psaná stránka s vybízela k upgradu a dalším klikům. Pár dní jsem jí jen zavíral a nic se nedělo. Včera jsem havěť odstranil pomocí Malware Bite Anti-Malware, čínksá uvítací wevobka zmizela, ale problém to neodstranilo.
PROBLEM:
Při spuštění náročnější aplikace mi začně na příliš pracovat procesor. Jakoby začne lagovat výkon, trhá se mi hra (konkrétně WOT).. Ve sledování vytížení komponentů ve Win se mi to potvrzuje, procesor dostává kouř.
Z dosavadních zkušeností zatím nula, podobnou věc jsem nezažil. Osobně si myslím 80% nějaký software problém a 20% hadrware.

Postup dle návodu provedu v podvečer až bude čas a logy sem vložím.
Ještě jednou děkuji za pomoc.

Dobrý večer, už nějakou dobu s OTL bojuji. Po scanu mi vyhodí tuhle hlášku (viz příloha). Poté se žádný log nevytvoří.
Tento postup jsem dělal po restartu PC.

V tomto stavu se nachází OTL.

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

OTL logfile created on: 16.10.2016 10:43:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maxs\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18449)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,91 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 57,19% Memory free
15,81 Gb Paging File | 11,90 Gb Available in Paging File | 75,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 8,71 Gb Free Space | 7,79% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 205,34 Gb Free Space | 44,09% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 141,78 Gb Free Space | 96,79% Space Free | Partition Type: NTFS
Drive F: | 319,28 Gb Total Space | 59,49 Gb Free Space | 18,63% Space Free | Partition Type: NTFS
Drive G: | 702,83 Mb Total Space | 481,87 Mb Free Space | 68,56% Space Free | Partition Type: UDF
Drive I: | 331,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MAXS-BASE | User Name: maxs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016.10.15 15:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\maxs\Desktop\OTL.exe
PRC - [2016.10.12 19:24:07 | 003,450,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
PRC - [2016.09.30 06:24:23 | 000,419,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
PRC - [2016.09.30 06:24:21 | 009,188,800 | ---- | M] (Node.js) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
PRC - [2016.09.30 06:23:58 | 001,411,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
PRC - [2016.09.27 13:38:18 | 000,176,880 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\0.98.211.0\OverwolfBrowser.exe
PRC - [2016.09.27 13:38:16 | 000,562,928 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\Purplizer.exe
PRC - [2016.09.27 13:38:16 | 000,084,208 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Common Files\Overwolf\0.98.211.0\OverwolfHelper.exe
PRC - [2016.09.27 13:38:16 | 000,052,976 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2016.09.26 11:11:07 | 003,134,728 | ---- | M] (Wargaming.net) -- C:\Games\World_of_Tanks\WargamingGameUpdater.exe
PRC - [2016.09.23 14:25:38 | 002,751,760 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
PRC - [2016.09.23 14:25:37 | 001,732,368 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
PRC - [2016.09.17 00:30:50 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016.07.01 18:30:34 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016.03.10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016.03.10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016.03.10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015.11.05 02:12:06 | 000,188,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2015.05.26 13:38:58 | 000,457,384 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

========== Modules (No Company Name) ==========

MOD - [2016.10.12 19:24:07 | 019,635,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
MOD - [2016.09.30 06:24:21 | 000,018,880 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016.09.30 06:23:56 | 060,817,344 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
MOD - [2016.09.29 19:20:53 | 002,801,208 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
MOD - [2016.09.29 19:20:53 | 000,516,152 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node
MOD - [2016.09.29 19:20:53 | 000,500,792 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
MOD - [2016.09.29 19:20:53 | 000,439,232 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node
MOD - [2016.09.29 19:20:53 | 000,430,648 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
MOD - [2016.09.29 19:20:53 | 000,373,696 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
MOD - [2016.09.29 19:20:53 | 000,356,288 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node
MOD - [2016.09.29 19:20:53 | 000,336,832 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
MOD - [2016.09.29 19:20:53 | 000,255,936 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
MOD - [2016.09.29 19:20:53 | 000,244,672 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
MOD - [2016.09.27 13:35:46 | 000,373,657 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\plugins\libmsn.dll
MOD - [2016.09.27 13:35:46 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\sasl2\saslDIGESTMD5.dll
MOD - [2016.09.27 13:35:46 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\sasl2\saslPLAIN.dll
MOD - [2016.09.27 13:35:46 | 000,027,811 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\plugins\ssl-nss.dll
MOD - [2016.09.27 13:35:46 | 000,022,832 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\plugins\libyahoo.dll
MOD - [2016.09.27 13:35:46 | 000,021,337 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\plugins\libxmpp.dll
MOD - [2016.09.27 13:35:46 | 000,012,004 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\plugins\ssl.dll
MOD - [2016.09.27 13:35:44 | 001,274,655 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\libxml2-2.dll
MOD - [2016.09.27 13:35:44 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\sqlite3.dll
MOD - [2016.09.27 13:35:44 | 000,415,553 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\libjabber.dll
MOD - [2016.09.27 13:35:44 | 000,228,908 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\libymsg.dll
MOD - [2016.09.27 13:35:44 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\libsasl.dll
MOD - [2016.09.27 13:35:44 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\zlib1.dll
MOD - [2016.09.27 13:35:44 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\Purplizer\libssp-0.dll
MOD - [2016.09.27 13:35:14 | 045,069,312 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\libcef.dll
MOD - [2016.09.27 13:35:10 | 001,643,008 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\libGLESv2.dll
MOD - [2016.09.27 13:35:10 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.98.211.0\libEGL.dll
MOD - [2016.09.23 14:25:37 | 000,292,112 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
MOD - [2016.09.23 14:25:37 | 000,121,104 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
MOD - [2016.09.23 14:25:37 | 000,120,080 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
MOD - [2016.09.23 14:25:37 | 000,050,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
MOD - [2016.09.23 14:25:37 | 000,050,448 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
MOD - [2016.09.23 14:25:37 | 000,036,112 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
MOD - [2016.09.23 14:25:37 | 000,022,288 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
MOD - [2016.09.23 14:25:37 | 000,010,000 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
MOD - [2016.08.14 11:01:14 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5c885adf77509e70142d793794ab4d18\UIAutomationProvider.ni.dll
MOD - [2016.08.14 11:01:08 | 000,392,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\701f54e7bc607797edd49d7676ee14fc\System.Xml.Linq.ni.dll
MOD - [2016.08.14 11:01:04 | 013,584,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\26a1806cb232407c1061ae6f3de69b4b\System.Web.ni.dll
MOD - [2016.08.14 11:00:32 | 000,237,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\ff2db8092147f54cf6f3010eb6b448b3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2016.08.14 11:00:23 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\9d31b48943076bc5ce7f2783edf818b6\PresentationFramework-SystemCore.ni.dll
MOD - [2016.08.14 11:00:23 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\c6733bb51510f9480f58e171d17a0ff9\PresentationFramework-SystemXml.ni.dll
MOD - [2016.08.14 11:00:23 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\9f3df91d75e4593af54178bb1c81c6a4\PresentationFramework-SystemData.ni.dll
MOD - [2016.08.14 11:00:23 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\ceb11b81d316acdd3ee051473fffcb39\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2016.08.14 01:31:40 | 018,753,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3f07138dd3aa069ac9d088e069f387a7\PresentationFramework.ni.dll
MOD - [2016.08.14 01:31:34 | 011,014,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\fa099d56d401b67346ff1d7f323e8df1\PresentationCore.ni.dll
MOD - [2016.08.14 01:31:33 | 007,386,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a24bd877cd76cad750ca1b4d0b657709\System.Data.ni.dll
MOD - [2016.08.14 01:31:32 | 012,897,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\583f985a923ddcc0738b3d08e042d5e2\System.Windows.Forms.ni.dll
MOD - [2016.08.14 01:31:31 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\cc64ac50df5079445ce3f3d9cbd1a537\System.Core.ni.dll
MOD - [2016.08.14 01:31:30 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e7869dedf7c400ab82521f83ee09d366\System.Configuration.ni.dll
MOD - [2016.08.14 01:31:29 | 003,907,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b0f767e500cd20328c4107c95438872\WindowsBase.ni.dll
MOD - [2016.08.14 01:31:29 | 001,873,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\699190366a5c34ef0c39bcd1fcb5ed84\System.Xaml.ni.dll
MOD - [2016.08.14 01:31:28 | 000,458,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\6810327f9be3b5488233937452b98219\PresentationFramework.Aero.ni.dll
MOD - [2016.07.15 19:13:29 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\846191dee892c0d389059e9ab3b9eb81\System.WorkflowServices.ni.dll
MOD - [2016.07.15 18:47:25 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7c3f68070d42a920d39f141995a828e8\System.Web.Services.ni.dll
MOD - [2016.07.15 18:47:23 | 011,923,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\699e49c0c28ae602caf56e744368b126\System.Web.ni.dll
MOD - [2016.07.15 18:47:19 | 006,657,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d30d022750e5857930d426c663a5c769\System.Data.ni.dll
MOD - [2016.07.15 18:47:16 | 014,344,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94ae4e1eb683acb3eba1e8b4290c7d0e\PresentationFramework.ni.dll
MOD - [2016.05.24 15:05:35 | 002,975,744 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2016.05.12 19:39:09 | 002,803,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\9e2ef61f3205064e8dd89b89c84fc1aa\System.Runtime.Serialization.ni.dll
MOD - [2016.05.12 19:38:12 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\880d24cdcd5816a457cda1a04e8d687d\System.ServiceModel.Web.ni.dll
MOD - [2016.05.12 19:38:09 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f0ff869354778427c9cd1565ec367e53\System.Xml.Linq.ni.dll
MOD - [2016.05.12 19:37:50 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c8340415e9b8e16131fb6db9fa3a0786\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2016.05.12 19:37:30 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\017700b4ae8431dd45f88fa38324b228\System.Core.ni.dll
MOD - [2016.05.12 19:37:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
MOD - [2016.05.12 19:37:07 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1bb2bfe18616d650bd652b0fb7455e84\System.IdentityModel.ni.dll
MOD - [2016.05.12 19:37:06 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbdc13bae7068a248da6dfb5cd96f69\System.Runtime.Serialization.ni.dll
MOD - [2016.05.12 19:37:05 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1d70f0cb319b4d459a7d837f5fa508b9\SMDiagnostics.ni.dll
MOD - [2016.05.12 19:37:04 | 017,477,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\9330d4d18babd39389b00184a5b915f8\System.ServiceModel.ni.dll
MOD - [2016.05.12 18:42:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d715f0706e56d7a65af0fe35bf565013\PresentationFramework.Aero.ni.dll
MOD - [2016.05.12 18:42:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
MOD - [2016.05.12 18:42:10 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
MOD - [2016.05.12 18:42:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d4bbafe419e4431c81a64bba3e6bdca1\System.EnterpriseServices.ni.dll
MOD - [2016.05.12 18:42:09 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a954c94bbb596ac943bb9ff6096e256c\System.Transactions.ni.dll
MOD - [2016.05.12 18:41:56 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
MOD - [2016.05.12 18:41:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
MOD - [2016.05.12 18:41:50 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016.05.12 18:41:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
MOD - [2016.05.12 18:41:47 | 012,260,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5582ea5a2f2d3c2e0ad6f50cf49efec8\PresentationCore.ni.dll
MOD - [2016.05.12 18:41:41 | 003,352,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b307bd80b0707bfa6ea87eb69a8e15eb\WindowsBase.ni.dll
MOD - [2016.05.12 18:41:40 | 007,996,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2016.05.12 00:45:41 | 007,787,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68b023e4ca0c078c48e6834c324ed86f\System.Xml.ni.dll
MOD - [2016.05.12 00:45:39 | 001,639,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9332dc973032df65d7cd10f450790e01\System.Drawing.ni.dll
MOD - [2016.05.12 00:45:39 | 001,169,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\f84f1253cd4166edba69c2fe5320d862\System.Management.ni.dll
MOD - [2016.05.12 00:45:39 | 000,218,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2601b3e598ad2d2b9e732b9a86fd3098\System.ServiceProcess.ni.dll
MOD - [2016.05.12 00:45:38 | 010,070,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\7006c51c12a329ca333484758266f07f\System.ni.dll
MOD - [2015.08.26 18:14:16 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2015.05.26 13:38:58 | 000,457,384 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2015.05.26 13:38:34 | 000,862,888 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2015.05.26 13:37:42 | 000,078,504 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\4452libfoxloader.dll
MOD - [2015.03.12 01:13:44 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\232495ea0368dada2d208c51f0e5349c\UIAutomationTypes.ni.dll
MOD - [2015.03.11 19:11:09 | 000,146,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll
MOD - [2015.03.11 18:47:05 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013.07.08 14:43:52 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 18:54:40 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll

========== Services (SafeList) ==========

SRV:64bit: - [2016.10.09 17:34:47 | 002,780,160 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV:64bit: - [2016.09.30 06:24:25 | 000,455,616 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerNetworkService)
SRV:64bit: - [2016.09.30 06:24:25 | 000,455,616 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerLocalSystem)
SRV:64bit: - [2016.09.30 06:24:20 | 001,163,712 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe -- (NVIDIA Wireless Controller Service)
SRV:64bit: - [2016.09.01 02:11:19 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016.07.18 20:22:36 | 000,732,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2015.06.18 14:57:18 | 001,268,568 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016.10.12 19:24:07 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016.09.27 13:38:16 | 001,310,960 | ---- | M] (Overwolf LTD) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdater)
SRV - [2016.09.23 14:25:38 | 002,751,760 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe -- (LavasoftTcpService)
SRV - [2016.09.23 14:25:37 | 000,017,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe -- (WCAssistantService)
SRV - [2016.09.17 00:30:50 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016.07.01 18:30:34 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.03.10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016.03.10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015.11.05 02:12:06 | 000,188,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2015.01.02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.04.12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.02.17 13:18:06 | 000,137,336 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2016.10.16 10:22:03 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016.10.09 17:34:47 | 000,263,296 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2016.09.30 06:24:05 | 000,027,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016.09.20 01:09:05 | 000,223,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016.09.17 08:11:43 | 000,046,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016.08.02 08:54:30 | 000,081,792 | ---- | M] (Huorong Borui (Beijing) Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ucguard.sys -- (UCGuard)
DRV:64bit: - [2016.06.28 17:30:20 | 000,197,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2016.06.28 17:30:20 | 000,181,416 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2016.04.28 17:20:32 | 000,485,512 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2016.03.10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016.03.10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015.12.15 00:24:25 | 000,130,880 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2015.09.23 01:36:40 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2015.08.22 09:41:01 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015.06.11 19:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013.04.26 12:24:58 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013.04.26 12:24:56 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013.04.26 12:24:56 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.12.27 19:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.search.selectedEngine: "BingÂ®"
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015.03.11 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maxs\AppData\Roaming\Mozilla\Extensions
[2016.08.16 19:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\extensions
[2016.08.16 19:41:20 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2016.02.01 20:18:41 | 000,013,023 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\searchplugins\bing-lavasoft.xml
[2016.07.01 18:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\maxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\maxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\maxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\maxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\maxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.14_0\
CHR - Extension: No name found = C:\Users\maxs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_0\

O1 HOSTS File: ([2016.10.14 23:19:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [GrooveMonitor] E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000..\Run: [cz.seznam.software.autoupdate] C:\Users\maxs\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000..\Run: [cz.seznam.software.szndesktop] C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000..\Run: [DAEMON Tools Lite Automount] C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
O4 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
O4 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000..\Run: [World of Tanks] C:\Games\World_of_Tanks\WargamingGameUpdater.exe (Wargaming.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\LavasoftTcpService64.dll (Lavasoft Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\LavasoftTcpService64.dll (Lavasoft Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\LavasoftTcpService64.dll (Lavasoft Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\LavasoftTcpService64.dll (Lavasoft Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\LavasoftTcpService64.dll (Lavasoft Limited)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: eset.com ([help] http in Trusted sites)
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\S-1-5-21-928536241-3897680482-1510202409-1000\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.48.254.254 77.48.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB45916C-D383-4367-9A7A-DA5683436E3C}: DhcpNameServer = 77.48.254.254 77.48.100.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2016.09.29 22:40:07 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.01.09 11:26:10 | 000,000,175 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:64bit: VIDC.RTV1 - rtvcvfw64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mjpx - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2016.10.15 15:43:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\maxs\Desktop\OTL.exe
[2016.10.15 09:32:38 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2016.10.14 23:20:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2016.10.14 23:20:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2016.10.14 23:15:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2016.10.14 23:15:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2016.10.14 23:15:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2016.10.14 23:06:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016.10.14 23:06:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2016.10.14 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2016.10.14 22:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2016.10.14 22:54:44 | 013,946,234 | ---- | C] (MSI Co., LTD ) -- C:\MSI_Kombustor_Setup_2.5.0.exe
[2016.10.14 22:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2016.10.14 22:06:10 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.10.14 22:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016.10.14 22:05:49 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.10.14 22:05:49 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.10.14 22:05:49 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.10.14 22:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016.10.14 22:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.10.14 21:12:16 | 000,134,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2016.10.14 21:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[2016.10.14 21:10:51 | 034,809,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016.10.14 21:10:51 | 028,214,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016.10.14 21:10:51 | 017,464,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016.10.14 21:10:51 | 010,868,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.10.14 21:10:51 | 010,746,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016.10.14 21:10:51 | 010,287,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016.10.14 21:10:51 | 009,090,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016.10.14 21:10:51 | 008,877,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.10.14 21:10:51 | 008,684,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016.10.14 21:10:51 | 003,595,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016.10.14 21:10:51 | 003,161,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016.10.14 21:10:51 | 001,922,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6437290.dll
[2016.10.14 21:10:51 | 001,585,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6437290.dll
[2016.10.14 21:10:51 | 001,020,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016.10.14 21:10:51 | 000,956,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016.10.14 21:10:51 | 000,943,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016.10.14 21:10:51 | 000,895,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016.10.14 21:10:51 | 000,688,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.10.14 21:10:51 | 000,578,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.10.14 21:10:51 | 000,521,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2016.10.14 21:10:51 | 000,493,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016.10.14 21:10:51 | 000,437,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2016.10.14 21:10:51 | 000,435,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2016.10.14 21:10:51 | 000,409,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016.10.14 21:10:51 | 000,388,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2016.10.14 21:10:51 | 000,223,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016.10.14 21:10:51 | 000,179,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016.10.14 21:10:51 | 000,157,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016.10.14 21:10:51 | 000,153,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016.10.14 21:10:51 | 000,131,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016.10.14 21:10:51 | 000,054,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016.09.30 00:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2016.09.30 00:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2016.09.29 22:50:47 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Roaming\LavasoftStatistics
[2016.09.29 22:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2016.09.29 22:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2016.09.20 18:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2016.09.20 18:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2016.09.19 17:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2016.09.18 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\maxs\Documents\ACDSee Photo Editor
[2016.09.18 12:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2016.09.18 12:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2016.09.18 12:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems
[2016.09.18 12:01:19 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Roaming\Softlink
[2016.09.18 12:01:19 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Roaming\KuaiZip
[2016.09.18 12:01:06 | 000,081,792 | ---- | C] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\ucguard.sys
[2016.09.18 12:01:06 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Local\UCBrowser
[2016.09.18 12:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UCBrowser
[2016.09.18 12:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sbqh
[2016.09.18 11:59:26 | 000,000,000 | ---D | C] -- C:\Users\maxs\AppData\Local\ESET
[2016.09.16 15:14:35 | 000,724,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016.09.16 15:14:35 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016.09.16 15:14:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016.09.16 15:14:35 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016.09.16 15:14:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016.09.16 15:14:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016.09.16 15:14:35 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016.09.16 15:14:35 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016.09.16 15:14:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016.09.16 15:14:35 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016.09.16 15:14:35 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016.09.16 15:14:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016.09.16 15:14:34 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016.09.16 15:14:34 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016.09.16 15:14:34 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016.09.16 15:14:34 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016.09.16 15:14:34 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016.09.16 15:14:34 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016.09.16 15:14:34 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016.09.16 15:14:34 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016.09.16 15:14:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016.09.16 15:14:34 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016.09.16 15:14:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016.09.16 15:14:33 | 002,131,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016.09.16 15:14:33 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016.09.16 15:14:33 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016.09.16 15:14:33 | 000,576,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016.09.16 15:14:33 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016.09.16 15:14:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016.09.16 15:14:32 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016.09.16 15:14:32 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016.09.16 15:14:32 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016.09.16 15:14:32 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016.09.16 15:14:32 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016.09.16 15:14:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016.09.16 15:14:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016.09.16 15:14:32 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016.09.16 15:14:31 | 006,047,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016.09.16 15:14:31 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016.09.16 15:14:31 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016.09.16 15:14:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016.09.16 15:14:31 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016.09.16 15:14:31 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016.09.16 15:14:13 | 005,548,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016.09.16 15:14:12 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016.09.16 15:14:12 | 003,944,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016.09.16 15:14:12 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016.09.16 15:14:12 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016.09.16 15:14:12 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016.09.16 15:14:12 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016.09.16 15:14:12 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016.09.16 15:14:12 | 000,706,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016.09.16 15:14:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016.09.16 15:14:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016.09.16 15:14:12 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016.09.16 15:14:12 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016.09.16 15:14:12 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016.09.16 15:14:12 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016.09.16 15:14:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016.09.16 15:14:12 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016.09.16 15:14:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016.09.16 15:14:12 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016.09.16 15:14:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016.09.16 15:14:12 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016.09.16 15:14:12 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016.09.16 15:14:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016.09.16 15:14:12 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016.09.16 15:14:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016.09.16 15:14:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016.09.16 15:14:12 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016.09.16 15:14:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016.09.16 15:14:12 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016.09.16 15:14:12 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016.09.16 15:14:12 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016.09.16 15:14:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016.09.16 15:14:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016.09.16 15:14:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016.09.16 15:14:12 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016.09.16 15:14:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016.09.16 15:14:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016.09.16 15:14:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016.09.16 15:14:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016.09.16 15:14:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016.09.16 15:14:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016.09.16 15:14:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016.09.16 15:14:12 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016.09.16 15:14:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016.09.16 15:14:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016.09.16 15:14:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016.09.16 15:14:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016.09.16 15:14:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016.09.16 15:14:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016.09.16 15:14:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016.09.16 15:14:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016.09.16 15:14:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016.09.16 15:14:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016.09.16 15:14:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016.09.16 15:14:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016.09.16 15:14:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016.09.16 15:14:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016.09.16 15:14:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016.09.16 15:14:10 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2016.09.16 15:14:10 | 000,877,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

========== Files - Modified Within 30 Days ==========

[2016.10.16 10:46:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016.10.16 10:38:02 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\UCBrowserUpdater.job
[2016.10.16 10:27:39 | 001,582,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.10.16 10:27:39 | 000,668,160 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016.10.16 10:27:39 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.10.16 10:27:39 | 000,140,806 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016.10.16 10:27:39 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.10.16 10:26:51 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.10.16 10:26:51 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.10.16 10:25:39 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.10.16 10:24:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.10.16 10:22:03 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.10.16 10:21:47 | 000,002,331 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2016.10.16 10:21:31 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.10.16 10:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.10.16 10:21:23 | 2073,346,047 | -HS- | M] () -- C:\hiberfil.sys
[2016.10.15 20:06:52 | 000,140,773 | ---- | M] () -- C:\Users\maxs\Desktop\otl error2.jpg
[2016.10.15 20:00:04 | 000,017,626 | ---- | M] () -- C:\Users\maxs\Desktop\otl error.jpg
[2016.10.15 15:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\maxs\Desktop\OTL.exe
[2016.10.15 09:32:38 | 000,000,772 | ---- | M] () -- C:\Users\maxs\Desktop\World of Tanks.lnk
[2016.10.14 23:19:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016.10.14 23:14:06 | 000,007,628 | ---- | M] () -- C:\Users\maxs\AppData\Local\Resmon.ResmonCfg
[2016.10.14 22:55:07 | 000,001,089 | ---- | M] () -- C:\Users\maxs\Desktop\MSI Afterburner.lnk
[2016.10.14 22:05:52 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016.10.14 21:06:56 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2016.10.12 19:24:07 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.10.12 19:24:07 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.10.09 17:34:47 | 000,263,296 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys
[2016.10.03 23:27:56 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.09.30 19:21:53 | 000,581,941 | ---- | M] () -- C:\Users\maxs\Desktop\tata na rybach.png
[2016.09.30 06:24:34 | 001,842,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016.09.30 06:24:34 | 001,755,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016.09.30 06:24:34 | 001,444,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016.09.30 06:24:33 | 001,317,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016.09.30 06:24:33 | 000,120,256 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2016.09.29 22:40:07 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2016.09.29 21:27:26 | 000,001,951 | ---- | M] () -- C:\Windows\NvContainerRecovery.bat
[2016.09.20 01:09:05 | 001,588,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2016.09.20 01:09:05 | 000,223,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2016.09.20 01:09:05 | 000,054,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2016.09.18 12:03:37 | 000,002,709 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Editor 2008.lnk
[2016.09.18 11:34:35 | 000,434,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.09.17 08:11:43 | 000,104,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016.09.17 08:11:43 | 000,046,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2016.09.17 08:11:42 | 000,094,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016.09.17 02:46:09 | 040,070,200 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.09.17 02:46:09 | 035,180,992 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.09.17 02:46:09 | 034,809,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016.09.17 02:46:09 | 028,214,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016.09.17 02:46:09 | 019,854,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2016.09.17 02:46:09 | 017,464,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2016.09.17 02:46:09 | 017,270,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2016.09.17 02:46:09 | 014,353,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016.09.17 02:46:09 | 010,868,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.09.17 02:46:09 | 010,746,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016.09.17 02:46:09 | 010,287,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016.09.17 02:46:09 | 009,090,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016.09.17 02:46:09 | 008,877,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.09.17 02:46:09 | 008,684,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016.09.17 02:46:09 | 003,917,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016.09.17 02:46:09 | 003,595,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016.09.17 02:46:09 | 003,458,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016.09.17 02:46:09 | 003,161,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016.09.17 02:46:09 | 001,922,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6437290.dll
[2016.09.17 02:46:09 | 001,585,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6437290.dll
[2016.09.17 02:46:09 | 001,020,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2016.09.17 02:46:09 | 000,956,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2016.09.17 02:46:09 | 000,943,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2016.09.17 02:46:09 | 000,895,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2016.09.17 02:46:09 | 000,688,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.09.17 02:46:09 | 000,578,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.09.17 02:46:09 | 000,521,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2016.09.17 02:46:09 | 000,493,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2016.09.17 02:46:09 | 000,437,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2016.09.17 02:46:09 | 000,435,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2016.09.17 02:46:09 | 000,409,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2016.09.17 02:46:09 | 000,388,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2016.09.17 02:46:09 | 000,179,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2016.09.17 02:46:09 | 000,157,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2016.09.17 02:46:09 | 000,153,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2016.09.17 02:46:09 | 000,131,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2016.09.17 02:46:09 | 000,039,730 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016.09.17 02:46:09 | 000,000,669 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016.09.17 02:46:09 | 000,000,669 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.09.17 00:57:43 | 006,385,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016.09.17 00:57:43 | 002,475,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016.09.17 00:57:41 | 001,762,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016.09.17 00:57:41 | 000,546,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2016.09.17 00:57:41 | 000,392,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016.09.17 00:57:41 | 000,083,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2016.09.17 00:57:41 | 000,069,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016.09.17 00:30:52 | 000,134,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe

========== Files Created - No Company Name ==========

[2016.10.15 20:06:52 | 000,140,773 | ---- | C] () -- C:\Users\maxs\Desktop\otl error2.jpg
[2016.10.15 20:00:04 | 000,017,626 | ---- | C] () -- C:\Users\maxs\Desktop\otl error.jpg
[2016.10.15 18:54:24 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016.10.15 09:32:38 | 000,000,772 | ---- | C] () -- C:\Users\maxs\Desktop\World of Tanks.lnk
[2016.10.14 23:15:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2016.10.14 23:15:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2016.10.14 23:15:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2016.10.14 23:15:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2016.10.14 23:15:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2016.10.14 23:14:06 | 000,007,628 | ---- | C] () -- C:\Users\maxs\AppData\Local\Resmon.ResmonCfg
[2016.10.14 22:55:07 | 000,001,089 | ---- | C] () -- C:\Users\maxs\Desktop\MSI Afterburner.lnk
[2016.10.14 22:54:44 | 009,180,976 | ---- | C] () -- C:\MSIAfterburnerSetup231.exe
[2016.10.14 22:05:52 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016.10.14 21:12:11 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.10.14 21:12:11 | 000,261,920 | ---- | C] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.10.14 21:12:11 | 000,125,216 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.10.14 21:12:11 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.10.14 21:10:51 | 040,070,200 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.10.14 21:10:51 | 035,180,992 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.10.14 21:10:51 | 000,000,669 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016.10.14 21:10:51 | 000,000,669 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.09.30 19:21:53 | 000,581,941 | ---- | C] () -- C:\Users\maxs\Desktop\tata na rybach.png
[2016.09.29 22:50:46 | 000,002,331 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2016.09.29 22:40:07 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2016.09.24 14:07:36 | 000,001,415 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2016.09.24 14:07:31 | 000,001,951 | ---- | C] () -- C:\Windows\NvContainerRecovery.bat
[2016.09.18 12:03:37 | 000,002,709 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Photo Editor 2008.lnk
[2016.09.18 12:01:29 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\UCBrowserUpdater.job
[2016.09.09 20:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-26-0.dll
[2016.09.09 20:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016.08.15 13:26:45 | 000,003,584 | ---- | C] () -- C:\Users\maxs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.08.22 16:30:31 | 000,002,856 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2015.07.06 18:23:35 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2015.03.12 01:27:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015.03.12 01:27:27 | 000,045,347 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2015.03.11 18:46:31 | 001,557,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.08.06 20:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.08.06 19:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016.08.15 13:05:54 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\3668
[2016.09.18 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\ACD Systems
[2015.07.06 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\BANDISOFT
[2015.08.22 16:32:43 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\DAEMON Tools Lite
[2016.09.18 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\KuaiZip
[2015.07.06 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\MAGIX
[2015.11.03 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\OBS
[2015.07.06 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Opera Software
[2016.06.04 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Project Kryptonite
[2016.06.07 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\ProMod
[2015.08.22 16:30:06 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\RHEng
[2016.10.16 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Seznam.cz
[2016.09.18 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Softlink
[2016.10.15 20:37:00 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\TS3Client
[2016.05.27 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\ts3overlay
[2015.03.11 20:18:06 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Wargaming.net
[2015.03.11 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\WinZip

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,626 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015.03.11 19:26:22 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.03.12 01:30:07 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.03.12 01:30:07 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2016.09.18 12:01:29 | 000,000,454 | ---- | C] () -- C:\Windows\Tasks\UCBrowserUpdater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2016.03.10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\erdnt\cache64\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2015.08.25 19:45:18 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2015.08.25 19:45:18 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\erdnt\cache64\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2016.03.10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[37 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2013.01.23 08:13:13 | 009,180,976 | ---- | M] () -- C:\MSIAfterburnerSetup231.exe
[2012.12.18 03:46:42 | 013,946,234 | ---- | M] (MSI Co., LTD ) -- C:\MSI_Kombustor_Setup_2.5.0.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2016.08.15 13:05:54 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\3668
[2016.09.18 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\ACD Systems
[2015.03.11 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Adobe
[2015.07.06 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\BANDISOFT
[2015.08.22 16:32:43 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\DAEMON Tools Lite
[2016.02.08 19:53:22 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\FastStone
[2015.03.12 01:25:39 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Identities
[2016.09.18 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\KuaiZip
[2016.09.29 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Lavasoft
[2016.09.29 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\LavasoftStatistics
[2015.03.11 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Macromedia
[2015.07.06 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\MAGIX
[2010.11.21 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Media Center Programs
[2015.03.16 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Media Player Classic
[2016.03.15 21:30:37 | 000,000,000 | --SD | M] -- C:\Users\maxs\AppData\Roaming\Microsoft
[2015.03.11 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Mozilla
[2016.07.12 14:29:15 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\NVIDIA
[2015.11.03 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\OBS
[2015.07.06 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Opera Software
[2016.06.04 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Project Kryptonite
[2016.06.07 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\ProMod
[2015.08.22 16:30:06 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\RHEng
[2016.10.16 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Seznam.cz
[2016.02.25 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Skype
[2016.09.18 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Softlink
[2016.10.15 20:37:00 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\TS3Client
[2016.05.27 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\ts3overlay
[2015.03.11 20:18:06 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\Wargaming.net
[2015.05.05 18:24:31 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\WinRAR
[2015.03.11 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\maxs\AppData\Roaming\WinZip

< %APPDATA%\*.exe /s >
[2015.08.22 16:30:55 | 000,102,400 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\CertUtils\certutil.exe
[2015.11.03 21:48:48 | 000,257,872 | ---- | M] (obsproject.com) -- C:\Users\maxs\AppData\Roaming\OBS\updates\updater.exe
[2015.08.22 16:30:08 | 000,307,448 | ---- | M] (Lavasoft) -- C:\Users\maxs\AppData\Roaming\RHEng\2DDB37128AF54C909CE3BEC2EA3F4E36\WcInstaller.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2015.05.26 13:36:54 | 000,073,896 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2015.05.26 13:38:58 | 000,457,384 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2015.05.26 13:38:44 | 000,103,080 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2016.06.26 18:33:28 | 000,051,712 | ---- | M] () -- C:\Users\maxs\AppData\Roaming\Seznam.cz\bin\x64loader.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2016.10.16 10:24:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016.10.16 10:21:31 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016.10.16 10:25:39 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2016.10.16 10:38:02 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\UCBrowserUpdater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >
[2013.01.23 08:13:13 | 009,180,976 | ---- | M] () -- C:\MSIAfterburnerSetup231.exe
[2012.12.18 03:46:42 | 013,946,234 | ---- | M] (MSI Co., LTD ) -- C:\MSI_Kombustor_Setup_2.5.0.exe

< >

< *crack* /s >

< *keygen* /s >
[2016.09.18 11:59:07 | 000,000,707 | ---- | M] () -- \Users\maxs\AppData\Roaming\Microsoft\Windows\Recent\Acdsee_Photo_Editor_2008_5_0_keygen_by_TSRh.lnk
[2016.09.18 11:59:06 | 004,800,283 | ---- | M] () -- \Users\maxs\Downloads\Acdsee_Photo_Editor_2008_5_0_keygen_by_TSRh.zip
[2016.09.18 11:59:40 | 001,611,944 | ---- | M] () -- \Users\maxs\Downloads\keygen

< *AntiWPA* /s >

< *loader* /s >
[2016.05.18 18:36:41 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks\PhysXLoader.dll
[2016.09.28 13:51:30 | 000,012,641 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\app_loader\loader.pyc
[2016.05.18 18:36:41 | 000,001,518 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\eulaversionloader.pyc
[2016.05.18 18:36:41 | 000,002,209 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2016.05.18 18:36:41 | 000,007,943 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2016.05.18 18:36:41 | 000,004,152 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2016.05.18 18:36:41 | 000,002,753 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2016.09.28 13:51:30 | 000,001,738 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2016.09.28 13:51:30 | 000,006,310 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2016.05.18 18:36:41 | 000,011,861 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\shared\remotedatadownloader.pyc
[2016.05.18 18:36:41 | 000,003,419 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\helpers\rssdownloader.pyc
[2016.09.28 13:51:30 | 000,012,344 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\tutorial\loader.pyc
[2016.05.18 18:36:41 | 000,011,336 | ---- | M] () -- \Games\World_of_Tanks\res_bw\scripts\common\lib\unittest\loader.pyc
[2016.05.18 18:36:41 | 000,049,402 | ---- | M] () -- \Games\World_of_Tanks\res_bw\scripts\common\lib\unittest\test\test_loader.pyc
[2016.09.28 13:51:30 | 000,019,136 | ---- | M] () -- \Games\World_of_Tanks\system\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.02.05 23:01:44 | 001,176,208 | ---- | M] () -- \NVIDIA\DisplayDriver\347.52\Win8_WinVista_Win7_64\International\GFExperience\ExtensionLoader.dll
[2016.05.20 09:01:55 | 000,298,900 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\Display.Driver\nvfatbinaryloader32.dl_
[2016.05.20 09:01:55 | 000,341,173 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\Display.Driver\nvfatbinaryloader64.dl_
[2016.05.02 07:44:09 | 001,189,944 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\GFExperience\ExtensionLoader.dll
[2016.05.02 07:59:34 | 000,924,728 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\NVI2\NVDownloader.dll
[2016.05.21 23:10:31 | 000,057,592 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\PhysX\files\Common\PhysXLoader.dll
[2016.05.21 23:10:31 | 000,065,784 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\PhysX\files\Common\PhysXLoader64.dll
[2016.05.21 23:10:31 | 000,073,976 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\PhysX\files\Common\PhysXUpdateLoader.dll
[2016.05.21 23:10:31 | 000,090,872 | ---- | M] () -- \NVIDIA\DisplayDriver\368.22\Win8_WinVista_Win7_64\International\PhysX\files\Common\PhysXUpdateLoader64.dll
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2016.09.17 04:09:49 | 000,009,012 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NvNode\downloader.js
[2016.09.29 19:20:53 | 002,801,208 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
[2016.05.21 23:10:31 | 000,057,592 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2016.05.21 23:10:31 | 000,065,784 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2016.05.21 23:10:31 | 000,073,976 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2016.05.21 23:10:31 | 000,090,872 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2016.09.15 16:49:00 | 000,001,657 | ---- | M] () -- \Program Files (x86)\Overwolf\0.98.16.0\Licenses\TextureLoader.txt
[2016.09.23 13:58:57 | 000,003,770 | ---- | M] () -- \Program Files (x86)\Overwolf\0.98.16.0\Store\98.1.0\files\scripts\non-ng\StringsLoader.js
[2016.09.27 13:35:30 | 000,001,657 | ---- | M] () -- \Program Files (x86)\Overwolf\0.98.211.0\Licenses\TextureLoader.txt
[2016.10.02 12:55:24 | 000,003,893 | ---- | M] () -- \Program Files (x86)\Overwolf\0.98.211.0\Store\98.2.2\files\scripts\non-ng\StringsLoader.js
[2014.09.17 01:05:28 | 000,257,536 | ---- | M] () -- \Program Files (x86)\Project Kryptonite\data\OverlayLoader_win32.exe
[2014.09.17 01:05:02 | 000,304,640 | ---- | M] () -- \Program Files (x86)\Project Kryptonite\data\OverlayLoader_win64.exe
[2015.12.11 17:11:44 | 000,031,516 | ---- | M] () -- \Program Files (x86)\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
[2016.08.02 08:54:30 | 000,278,928 | ---- | M] () -- \Program Files (x86)\UCBrowser\Application\5.6.14087.902\stats_uploader.exe
[2016.05.18 12:22:50 | 000,012,128 | ---- | M] () -- \Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.12.945.9202\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.05.18 12:22:50 | 000,012,128 | ---- | M] () -- \Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.07.11 04:13:48 | 000,309,096 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2049E13C-046B-4F11-BCC2-4AFEA6308AA3}\nvfatbinaryloader32.dl_
[2016.07.11 04:13:48 | 000,354,414 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2049E13C-046B-4F11-BCC2-4AFEA6308AA3}\nvfatbinaryloader64.dl_
[2016.09.17 02:46:09 | 000,305,013 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7428A6DC-52EE-4D4F-AF8A-8BA035F9D4AE}\nvfatbinaryloader32.dl_
[2016.09.17 02:46:09 | 000,349,686 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7428A6DC-52EE-4D4F-AF8A-8BA035F9D4AE}\nvfatbinaryloader64.dl_
[2016.05.20 09:01:55 | 000,298,900 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{8AAEF8AA-6D48-47FF-8225-0DE9A99132E5}\nvfatbinaryloader32.dl_
[2016.05.20 09:01:55 | 000,341,173 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{8AAEF8AA-6D48-47FF-8225-0DE9A99132E5}\nvfatbinaryloader64.dl_
[2016.05.21 23:10:31 | 000,057,592 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{9E2D39A1-5BE1-4F32-BAF8-B4F94C8520E5}\files\Common\PhysXLoader.dll
[2016.05.21 23:10:31 | 000,065,784 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{9E2D39A1-5BE1-4F32-BAF8-B4F94C8520E5}\files\Common\PhysXLoader64.dll
[2016.05.21 23:10:31 | 000,073,976 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{9E2D39A1-5BE1-4F32-BAF8-B4F94C8520E5}\files\Common\PhysXUpdateLoader.dll
[2016.05.21 23:10:31 | 000,090,872 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{9E2D39A1-5BE1-4F32-BAF8-B4F94C8520E5}\files\Common\PhysXUpdateLoader64.dll
[2016.02.04 01:38:59 | 000,069,120 | ---- | M] () -- \Program Files\WinRAR\Ace32Loader.exe
[2016.09.17 04:09:49 | 000,009,012 | ---- | M] () -- \ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\downloader.js
[2016.09.29 19:20:53 | 002,801,208 | ---- | M] () -- \ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\Downloader.node
[2016.09.17 06:37:20 | 000,009,012 | ---- | M] () -- \ProgramData\NVIDIA Corporation\GeForce Experience\Update\nodejs\downloader.js
[2016.09.17 06:40:20 | 002,799,552 | ---- | M] () -- \ProgramData\NVIDIA Corporation\GeForce Experience\Update\nodejs\Downloader.node
[2016.09.30 20:27:23 | 000,001,948 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Quarantine\Win32.Downloader.gen-0000.zip
[2016.10.14 21:04:15 | 000,001,379 | ---- | M] () -- \ProgramData\Spybot - Search & Destroy\Quarantine\Win32.Downloader.gen-0001.zip
[2016.09.17 04:09:49 | 000,009,012 | ---- | M] () -- \Users\All Users\NVIDIA Corporation\Downloader\latest\nodejs\downloader.js
[2016.09.29 19:20:53 | 002,801,208 | ---- | M] () -- \Users\All Users\NVIDIA Corporation\Downloader\latest\nodejs\Downloader.node
[2016.09.17 06:37:20 | 000,009,012 | ---- | M] () -- \Users\All Users\NVIDIA Corporation\GeForce Experience\Update\nodejs\downloader.js
[2016.09.17 06:40:20 | 002,799,552 | ---- | M] () -- \Users\All Users\NVIDIA Corporation\GeForce Experience\Update\nodejs\Downloader.node
[2016.09.30 20:27:23 | 000,001,948 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Quarantine\Win32.Downloader.gen-0000.zip
[2016.10.14 21:04:15 | 000,001,379 | ---- | M] () -- \Users\All Users\Spybot - Search & Destroy\Quarantine\Win32.Downloader.gen-0001.zip
[2016.05.31 17:31:10 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\2.11.15\images\bg\preloader-image.jpg
[2016.06.16 16:41:10 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\2.11.17\images\bg\preloader-image.jpg
[2016.06.16 15:41:10 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\2.11.18\images\bg\preloader-image.jpg
[2016.06.21 15:18:28 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\3.12.0\images\bg\preloader-image.jpg
[2016.06.30 17:09:26 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\3.13.0\images\bg\preloader-image.jpg
[2016.07.04 13:51:04 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\5.6.0\images\bg\preloader-image.jpg
[2016.07.26 12:33:02 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\6.5.0\images\bg\preloader-image.jpg
[2016.08.04 15:37:44 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\6.9.9\images\bg\preloader-image.jpg
[2016.08.29 16:19:10 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\7.2.0\images\bg\preloader-image.jpg
[2016.09.05 10:53:20 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\7.3.4\images\bg\preloader-image.jpg
[2016.09.25 15:16:30 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\8.10.0\images\bg\preloader-image.jpg
[2016.10.11 11:24:50 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\8.18.0\images\bg\preloader-image.jpg
[2016.09.15 16:44:38 | 000,068,372 | ---- | M] () -- \Users\maxs\AppData\Local\Overwolf\Extensions\nafihghfcpikebhfhdhljejkcifgbdahdhngepfb\8.2.0\images\bg\preloader-image.jpg
[2015.01.09 16:41:44 | 000,072,638 | ---- | M] () -- \Users\maxs\AppData\Local\Skype\Apps\login\images\loader.gif
[2015.01.09 16:41:44 | 000,003,032 | ---- | M] () -- \Users\maxs\AppData\Local\Skype\Apps\login\images\loader.png
[2015.01.09 16:41:44 | 000,006,012 | ---- | M] () -- \Users\maxs\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015.01.09 16:41:44 | 000,021,956 | ---- | M] () -- \Users\maxs\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015.01.09 16:41:44 | 000,009,772 | ---- | M] () -- \Users\maxs\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2016.06.05 04:13:30 | 000,029,367 | ---- | M] () -- \Users\maxs\AppData\Roaming\Project Kryptonite\Logs\OVERLAYLOADER_WIN32.EXE.log
[2016.06.05 04:13:33 | 000,000,834 | ---- | M] () -- \Users\maxs\AppData\Roaming\Project Kryptonite\Logs\OVERLAYLOADER_WIN64.EXE.log
[2015.05.26 13:35:36 | 000,079,872 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\bin\4452libfoxloader-x64.dll
[2015.05.26 13:37:42 | 000,078,504 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\bin\4452libfoxloader.dll
[2016.06.26 18:33:28 | 000,051,712 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\bin\x64loader.exe
[2016.08.15 13:09:54 | 000,000,164 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2015.12.11 17:11:44 | 000,031,516 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
[2015.01.06 16:17:14 | 000,000,665 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_2_5.install.bat
[2015.01.06 16:17:14 | 000,000,117 | ---- | M] () -- \Users\maxs\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_2_5.uninstall.bat
[2016.06.04 22:26:30 | 000,019,478 | ---- | M] () -- \Users\maxs\AppData\Roaming\ts3overlay\logs\OVERLAYLOADER_WIN32.EXE.log
[2015.08.22 16:35:35 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2016.09.02 17:16:23 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2016.09.17 02:46:09 | 000,578,056 | ---- | M] () -- \Windows\System32\nvfatbinaryLoader.dll
[2016.09.17 02:46:09 | 000,578,056 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_4f863c08b33db8f2\nvfatbinaryLoader32.dll
[2016.09.17 02:46:09 | 000,688,784 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_4f863c08b33db8f2\nvfatbinaryLoader64.dll
[2016.05.20 09:01:55 | 000,565,392 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_6c63afed90026dd1\nvfatbinaryLoader32.dll
[2016.05.20 09:01:55 | 000,669,952 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_6c63afed90026dd1\nvfatbinaryLoader64.dll
[2016.07.11 04:13:48 | 000,583,736 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_e3f19df82ed48f61\nvfatbinaryLoader32.dll
[2016.07.11 04:13:48 | 000,694,672 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_e3f19df82ed48f61\nvfatbinaryLoader64.dll
[2016.09.02 17:16:23 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2016.09.17 02:46:09 | 000,578,056 | ---- | M] () -- \Windows\SysWOW64\nvfatbinaryLoader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:09 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:45:59 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 05:06:41 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 20:00:47 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_68c146139280aa45\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.09.29 05:01:16 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19018_none_68dbbf7f926c2458\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.10.20 02:53:47 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19045_none_68b84edd92872c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.12.30 20:54:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19110_none_68d3bf15927356c7\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.16 20:54:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19131_none_68bf1f879282a800\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 08:12:24 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_68c320af927f0d5c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.02.11 20:41:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19160_none_689daf79929be27c\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:08 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:45:59 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 05:11:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_69588bcaab93ad65\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 20:05:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.04 20:03:46 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23153_none_69351b28abaeb533\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.09.28 20:06:01 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23223_none_69558cd2ab965e87\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.10.01 19:57:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23226_none_69588db0ab93aa8c\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.10.20 03:01:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23250_none_69321c30abb16655\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.12.30 21:06:14 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23313_none_69605ea4ab8e3fbd\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.17 02:28:14 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23334_none_694bbf16ab9d90f6\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 08:17:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_694fc03eab99f652\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.02.10 20:48:13 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23349_none_6945f09caba12b9a\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.03.18 00:50:10 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_6908defaabd005ee\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.04.09 08:57:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23418_none_696561fcab89bb97\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.02 17:30:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23539_none_6950c454ab9909f7\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.17 02:43:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_cs-cz_91e143082cd290d0.manifest
[2016.09.17 02:43:23 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_cs-cz_91e143082cd290d0_winload.efi.mui_35ee487d
[2016.09.17 02:43:23 | 000,034,536 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_cs-cz_91e143082cd290d0_winload.exe.mui_3bc5b827
[2016.09.17 02:43:23 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_cs-cz_91e143082cd290d0_winresume.efi.mui_f412814e
[2016.09.17 02:43:23 | 000,030,440 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_cs-cz_91e143082cd290d0_winresume.exe.mui_ff8b5358
[2016.09.17 02:43:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e.manifest
[2016.09.17 02:43:23 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e_winload.efi.mui_35ee487d
[2016.09.17 02:43:23 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e_winload.exe.mui_3bc5b827
[2016.09.17 02:43:23 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e_winresume.efi.mui_f412814e
[2016.09.17 02:43:23 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e_winresume.exe.mui_ff8b5358
[2016.09.17 02:43:27 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703.manifest
[2016.09.17 02:43:27 | 000,706,280 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703_winload.efi_75834aa0
[2016.09.17 02:43:27 | 000,634,432 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703_winload.exe_75835076
[2016.09.17 02:43:27 | 000,631,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703_winresume.efi_85cd069f
[2016.09.17 02:43:28 | 000,546,656 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.13 20:18:36 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 09:05:43 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2015.02.03 06:49:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015.02.03 05:35:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71.manifest
[2015.08.04 21:25:36 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18950_cs-cz_9139241113cd1cfb.manifest
[2015.08.04 20:00:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18950_en-us_d48f6f6cfac77959.manifest
[2015.10.01 21:47:40 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015.10.01 20:06:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015.01.13 00:17:25 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_91e42f042cd18522.manifest
[2015.01.13 00:17:17 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_en-us_d53a7a6013cbe180.manifest
[2015.01.16 08:36:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2015.01.16 08:36:33 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_d53c7af413ca142e.manifest
[2015.02.03 07:30:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2015.02.03 05:54:55 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_d52bdc8e13d5cac3.manifest
[2015.07.15 07:49:58 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_cs-cz_91e90a7e2ccd343e.manifest
[2015.07.15 05:32:59 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_d53f55da13c7909c.manifest
[2015.07.15 22:47:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_cs-cz_91de3a922cd5502f.manifest
[2015.07.15 20:15:00 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_d53485ee13cfac8d.manifest
[2015.08.04 21:24:43 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23153_cs-cz_91c599dc2ce83c0c.manifest
[2015.08.04 20:13:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23153_en-us_d51be53813e2986a.manifest
[2015.09.29 00:00:52 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_cs-cz_91e60b862ccfe560.manifest
[2015.09.28 20:18:04 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_en-us_d53c56e213ca41be.manifest
[2015.10.01 21:13:38 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_cs-cz_91e90c642ccd3165.manifest
[2015.10.01 20:08:53 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_en-us_d53f57c013c78dc3.manifest
[2015.10.20 04:31:26 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_cs-cz_91c29ae42ceaed2e.manifest
[2015.10.20 03:13:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_en-us_d518e64013e5498c.manifest
[2015.12.30 22:44:48 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23313_cs-cz_91f0dd582cc7c696.manifest
[2015.12.30 21:17:40 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23313_en-us_d54728b413c222f4.manifest
[2016.01.17 04:04:48 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23334_cs-cz_91dc3dca2cd717cf.manifest
[2016.01.17 02:37:42 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23334_en-us_d532892613d1742d.manifest
[2016.01.22 10:02:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_cs-cz_91e03ef22cd37d2b.manifest
[2016.01.22 08:29:17 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_d5368a4e13cdd989.manifest
[2016.02.10 22:49:07 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23349_cs-cz_91d66f502cdab273.manifest
[2016.02.10 20:59:02 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23349_en-us_d52cbaac13d50ed1.manifest
[2016.03.18 02:10:31 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_cs-cz_91995dae2d098cc7.manifest
[2016.03.18 01:00:47 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_en-us_d4efa90a1403e925.manifest
[2016.04.09 10:12:19 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_cs-cz_91f5e0b02cc34270.manifest
[2016.04.09 09:03:48 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_d54c2c0c13bd9ece.manifest
[2016.09.02 18:34:19 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_cs-cz_91e143082cd290d0.manifest
[2016.09.02 17:37:24 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e.manifest
[2010.11.21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015.02.03 05:51:30 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2015.08.04 20:26:21 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18950_none_b91d6f99836a832e.manifest
[2015.10.01 20:31:17 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2015.01.12 05:50:53 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_b9c87a8c9c6eeb55.manifest
[2015.01.16 08:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015.02.03 06:17:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2015.07.15 05:48:43 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71.manifest
[2015.07.15 20:39:45 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_b9c2861a9c72b662.manifest
[2015.08.04 20:43:58 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23153_none_b9a9e5649c85a23f.manifest
[2015.09.28 22:29:36 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23223_none_b9ca570e9c6d4b93.manifest
[2015.10.01 20:34:58 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23226_none_b9cd57ec9c6a9798.manifest
[2015.10.20 03:39:39 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23250_none_b9a6e66c9c885361.manifest
[2015.12.30 21:45:21 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23313_none_b9d528e09c652cc9.manifest
[2016.01.17 02:57:33 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23334_none_b9c089529c747e02.manifest
[2016.01.22 08:51:12 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e.manifest
[2016.02.10 21:26:17 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23349_none_b9babad89c7818a6.manifest
[2016.03.18 01:29:22 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_b97da9369ca6f2fa.manifest
[2016.04.09 09:28:05 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3.manifest
[2016.09.02 17:55:50 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:09 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:45:59 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 04:47:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_0cad7a7bda1b1d1e\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 19:44:18 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_0ca2aa8fda23390f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.09.29 04:49:51 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19018_none_0cbd23fbda0eb322\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.10.20 02:35:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19045_none_0c99b359da29baf0\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.12.30 20:37:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19110_none_0cb52391da15e591\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.16 20:34:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19131_none_0ca08403da2536ca\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 07:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.02.11 20:30:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19160_none_0c7f13f5da3e7146\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:09 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:43:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.25 19:45:59 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 04:51:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_0d39f046f3363c2f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 19:40:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_0d2f205af33e5820\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.08.04 19:43:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23153_none_0d167fa4f35143fd\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.09.28 22:07:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23223_none_0d36f14ef338ed51\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.10.20 02:37:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23250_none_0d1380acf353f51f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.12.30 20:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23313_none_0d41c320f330ce87\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.17 02:09:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23334_none_0d2d2392f3401fc0\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 07:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.02.10 20:24:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23349_none_0d275518f343ba64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.03.18 00:24:26 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_0cea4376f37294b8\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.04.09 08:54:42 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23418_none_0d46c678f32c4a61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.02 17:16:23 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23539_none_0d3228d0f33b98c1\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2016.05.18 18:36:41 | 000,005,999 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\shared\gui_items\serializers.pyc
[2016.07.11 17:05:28 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.50709.0\System.Runtime.Serialization.dll
[2016.09.17 01:38:35 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.50709.0\System.Runtime.Serialization.ni.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2016.07.11 20:20:30 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.50709.0\System.Runtime.Serialization.dll
[2016.09.17 01:38:51 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.50709.0\System.Runtime.Serialization.ni.dll
[2014.07.11 00:24:01 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2016.08.18 13:22:38 | 000,002,719 | ---- | M] () -- \Users\maxs\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.5_0\images\icon_serial.png
[2016.08.18 13:22:38 | 000,002,004 | ---- | M] () -- \Users\maxs\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.5_0\images\icon_serial_grey.png
[2016.10.12 10:33:48 | 000,002,719 | ---- | M] () -- \Users\maxs\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.6_0\images\icon_serial.png
[2016.10.12 10:33:48 | 000,002,004 | ---- | M] () -- \Users\maxs\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.6_0\images\icon_serial_grey.png
[2013.07.08 14:43:52 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.06.24 01:43:20 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.07.08 14:44:55 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2016.05.12 19:37:06 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbdc13bae7068a248da6dfb5cd96f69\System.Runtime.Serialization.ni.dll
[2016.05.12 18:41:57 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c0340703d3054ede6a49516700f16d17\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2016.05.12 19:31:12 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\358f30485d7f7637b1c9bddaaaf9c8a9\System.Runtime.Serialization.ni.dll
[2016.05.12 18:39:51 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\79f7632d4707dfce4521e37e1ebe003e\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2016.02.12 19:48:43 | 000,306,176 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\b99998a01b9bf8a7540c9f78846a1016\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2016.02.12 19:48:43 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\b99998a01b9bf8a7540c9f78846a1016\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2016.05.12 19:39:09 | 002,803,200 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\9e2ef61f3205064e8dd89b89c84fc1aa\System.Runtime.Serialization.ni.dll
[2016.05.12 19:39:09 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\9e2ef61f3205064e8dd89b89c84fc1aa\System.Runtime.Serialization.ni.dll.aux
[2015.03.12 01:13:43 | 000,025,600 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll
[2015.03.12 01:13:43 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll.aux
[2016.02.12 19:45:14 | 000,366,080 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f8f8bb37522b00c0dc245d1aeb2ae8fe\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2016.02.12 19:45:14 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f8f8bb37522b00c0dc245d1aeb2ae8fe\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2016.05.12 19:35:23 | 003,529,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\442bdd3448ee02791e1a33b14c44ea40\System.Runtime.Serialization.ni.dll
[2016.05.12 19:35:23 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\442bdd3448ee02791e1a33b14c44ea40\System.Runtime.Serialization.ni.dll.aux
[2015.03.11 19:10:19 | 000,027,648 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\85b2d15d965e64489744325c53d91db0\System.Xml.Serialization.ni.dll
[2015.03.11 19:10:19 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\85b2d15d965e64489744325c53d91db0\System.Xml.Serialization.ni.dll.aux
[2014.04.12 01:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.amd64
[2014.04.12 01:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.x86
[2014.04.12 01:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll_gac_x86
[2014.04.12 01:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.12 00:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2014.04.12 00:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2014.04.12 00:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.04.12 00:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2014.04.12 00:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014.06.24 01:43:20 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.07.11 00:24:11 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2014.04.12 01:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.12 00:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014.04.12 00:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014.04.12 00:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014.04.12 00:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2014.04.12 00:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2014.06.24 01:43:09 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014.07.11 00:24:02 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2014.04.12 01:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.12 00:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014.04.12 00:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014.04.12 00:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014.04.12 00:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2014.04.12 00:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.13 19:38:14 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010.11.21 09:06:15 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.13 19:38:14 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2010.11.21 09:06:15 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_1e468964c1feb99a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_1ec35795db263fce\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.13 19:58:44 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2010.11.21 09:06:20 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_bb8e310269277fd7\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_bc0cffc7824d38b9\System.RunTime.Serialization.Resources.dll
[2009.07.13 20:07:20 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2010.11.21 09:06:21 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:09 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_a9a7e561157d82e9\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:05 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2014.03.09 23:48:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff\System.Runtime.Serialization.dll
[2014.07.11 00:24:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5\System.Runtime.Serialization.dll
[2014.03.17 16:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad\System.Runtime.Serialization.dll
[2014.07.08 01:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704\System.Runtime.Serialization.dll
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2014.03.09 23:48:50 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98\System.Runtime.Serialization.dll
[2014.07.11 00:24:01 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e\System.Runtime.Serialization.dll
[2014.03.17 16:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846\System.Runtime.Serialization.dll
[2014.07.08 01:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d\System.Runtime.Serialization.dll
[2015.08.25 19:15:57 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2015.08.25 19:15:57 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2015.03.11 18:45:48 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2010.11.21 09:06:44 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2015.03.11 18:45:48 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2010.11.21 09:06:45 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 05:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2014.07.02 08:30:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff.manifest
[2014.07.14 04:24:48 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5.manifest
[2014.07.02 08:30:44 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad.manifest
[2014.07.14 04:13:57 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704.manifest
[2010.11.21 05:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2014.07.02 08:31:00 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98.manifest
[2014.07.14 04:24:58 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e.manifest
[2014.07.02 08:30:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846.manifest
[2014.07.14 04:14:06 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d.manifest
[2010.11.21 05:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2014.07.02 07:57:49 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29.manifest
[2014.07.14 04:04:09 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf.manifest
[2014.07.02 08:07:46 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7.manifest
[2014.07.14 04:04:27 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e.manifest
[2009.07.13 20:17:48 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2010.11.21 09:05:51 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2014.07.02 09:46:46 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43.manifest
[2014.07.02 08:12:55 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_en-us_8f47fbdfbfd0e755.manifest
[2014.07.14 06:02:27 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9.manifest
[2014.07.14 04:07:18 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_en-us_8f4912f1bfcfe70b.manifest
[2014.07.02 10:08:13 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1.manifest
[2014.07.02 08:12:12 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_en-us_787b5545d9776103.manifest
[2014.07.14 06:06:58 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48.manifest
[2014.07.14 03:56:59 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_en-us_787c558fd9767a5a.manifest
[2010.11.21 05:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2014.07.02 08:00:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c.manifest
[2014.07.14 04:06:40 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12.manifest
[2014.07.02 08:10:04 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a.manifest
[2014.07.14 04:06:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061.manifest
[2010.11.21 05:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2014.07.02 07:58:58 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e.manifest
[2014.07.14 04:05:25 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754.manifest
[2014.07.02 08:08:55 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c.manifest
[2014.07.14 04:05:41 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_1c70653de072abde\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:36 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_05a3bea3fa19258c\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 15:10:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.07.08 14:43:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7601.18523_cs-cz_d5997ba9da0ab4d7\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2014.03.09 23:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29\System.Runtime.Serialization.dll
[2014.07.11 00:24:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf\System.Runtime.Serialization.dll
[2014.03.17 16:38:28 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7\System.Runtime.Serialization.dll
[2014.07.08 01:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e\System.Runtime.Serialization.dll
[2009.06.08 11:39:36 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2013.07.08 14:44:55 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43\System.RunTime.Serialization.Resources.dll
[2013.07.08 14:44:55 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9\System.RunTime.Serialization.Resources.dll
[2013.07.09 08:34:25 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1\System.RunTime.Serialization.Resources.dll
[2013.07.09 08:34:25 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2014.03.09 23:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c\System.Runtime.Serialization.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12\System.Runtime.Serialization.dll
[2014.03.17 16:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a\System.Runtime.Serialization.dll
[2014.07.08 01:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061\System.Runtime.Serialization.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_289b33b6f65f7b95\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_291801e80f8701c9\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.13 19:38:14 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2010.11.21 09:06:15 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_5f6f957eb0ca0ea1\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_5fee6443c9efc783\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2014.03.09 23:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e\System.Runtime.Serialization.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754\System.Runtime.Serialization.dll
[2014.03.17 16:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c\System.Runtime.Serialization.dll
[2014.07.08 01:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Files - Unicode (All) ==========
[2016.09.19 17:47:39 | 000,001,537 | ---- | M] ()(C:\Users\maxs\Application Data\Microsoft\Internet Explorer\Quick Launch\UC???.lnk) -- C:\Users\maxs\Application Data\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
[2016.09.18 12:01:18 | 000,001,560 | ---- | C] ()(C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???.lnk) -- C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
[2016.09.18 12:01:18 | 000,000,000 | ---D | C](C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???) -- C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
[2016.09.18 12:01:06 | 000,001,537 | ---- | C] ()(C:\Users\maxs\Application Data\Microsoft\Internet Explorer\Quick Launch\UC???.lnk) -- C:\Users\maxs\Application Data\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk

< End of report >

OTL Extras logfile created on: 16.10.2016 10:43:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maxs\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18449)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,91 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 57,19% Memory free
15,81 Gb Paging File | 11,90 Gb Available in Paging File | 75,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 8,71 Gb Free Space | 7,79% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 205,34 Gb Free Space | 44,09% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 141,78 Gb Free Space | 96,79% Space Free | Partition Type: NTFS
Drive F: | 319,28 Gb Total Space | 59,49 Gb Free Space | 18,63% Space Free | Partition Type: NTFS
Drive G: | 702,83 Mb Total Space | 481,87 Mb Free Space | 68,56% Space Free | Partition Type: UDF
Drive I: | 331,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MAXS-BASE | User Name: maxs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136FE2F6-9C07-47CD-BCC6-5241E1FD0673}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{17B05C32-B1C4-4CAC-ABFF-CFF656A1BDF2}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1DF2B4B4-AA71-4FEE-BF09-D435EC73CBE2}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{510583A9-ABF4-4F9D-9D41-3A2D85323718}" = lport=6004 | protocol=17 | dir=in | app=e:\program files (x86)\microsoft office\office12\outlook.exe |
"{D570C7FE-04E6-45AB-B6CF-B41739B8499E}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe |
"{E1430886-3D95-479B-BA6E-787AA9D8E76D}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{E3FF64EF-CF7A-42BD-938A-8FA3C4FBD416}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe |
"{F4A0E548-AC68-4AEB-B2D8-0280241C76D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F56A3D11-E242-483E-B4BE-A8F7228E4BFC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\ucbrowser\application\ucbrowser.exe |
"{FA976A1F-7FA0-4070-A6D1-20AFF22EBD28}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D669327-D7F7-464C-B669-7636D55DFDBC}" = dir=out | app=c:\games\world_of_tanks\worldoftanks.exe |
"{0F696B18-497D-482E-8038-0060C208E620}" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft office\office12\groove.exe |
"{105FC9F5-F4F3-4CEB-B5E2-C23A2345C3BA}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{11728C1F-7047-407C-85BF-84A3324B7DD6}" = protocol=17 | dir=in | app=c:\program files (x86)\simplitec\simplifast\powersuite.exe |
"{1C65E31C-26EE-49BA-8073-B097F362249A}" = dir=in | app=c:\program files (x86)\project kryptonite\projectkryptonite.exe |
"{2626F823-AB01-42DD-9F16-A746770B9C1A}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{2BBD8AE2-549B-4A8A-93F0-EE10B1FFCFA3}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{2C66FCB6-0161-468A-B4AB-386C98C22A1A}" = protocol=17 | dir=out | app=c:\program files (x86)\simplitec\simplifast\serviceprovider.exe |
"{3015310F-313D-4708-A7E5-816FFDA99609}" = dir=out | app=c:\games\world_of_tanks\wotlauncher.exe |
"{391A2D19-645E-425F-B4E3-881D33B7B8C0}" = dir=in | app=c:\program files (x86)\project kryptonite\data\overlayloader_win32.exe |
"{3985110B-AD4D-4A7D-BE31-5ADCF68E028D}" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft office\office12\onenote.exe |
"{3CC08C37-3F8C-4CF1-AD81-F9EBD8617210}" = dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{43C33CA0-B2D0-4716-8DEC-8291A92AE9F0}" = dir=in | app=c:\program files (x86)\ucbrowser\application\downloader\download\minithunderplatform.exe |
"{468257B0-E168-45E3-923F-56518049FF0D}" = protocol=17 | dir=out | app=c:\program files (x86)\simplitec\simplifast\serviceprovider.exe |
"{50821F69-4FCB-4A8B-BBD5-2FE595FADBDD}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{7B2A54C1-CF79-4549-BA6C-6124B9D7C46B}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{7FE3D962-9EFC-496A-8D6A-649B73162CB8}" = dir=in | app=c:\program files (x86)\project kryptonite\data\browser\offscreen_browser.exe |
"{8BEB0017-63E2-4959-B8A3-086EDF0CE633}" = protocol=17 | dir=in | app=c:\program files (x86)\simplitec\simplifast\serviceprovider.exe |
"{8C4C9473-0229-4B4A-9354-958A341974B8}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{91DBFFAA-DD3D-4191-A2E8-7CA18EB162F2}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{9490B68C-51FC-426C-9484-E638CC8A84AB}" = dir=in | app=c:\program files (x86)\project kryptonite\data\overlayloader_win64.exe |
"{A36B239F-6394-4F5D-9F69-1E9DD1B19730}" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft office\office12\onenote.exe |
"{A46097CB-86EF-4C63-8ACD-CBC3B8EAD7BD}" = protocol=6 | dir=out | app=c:\program files (x86)\simplitec\simplifast\serviceprovider.exe |
"{B4186E8D-83DE-4537-8EF1-29542441CD23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC5F1C10-14FF-461A-8BDF-E38FCEC026EF}" = protocol=6 | dir=in | app=c:\program files (x86)\simplitec\simplifast\powersuite.exe |
"{BC76DEC0-3F6E-4AF8-B76D-37900B418CC8}" = dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"{BE3F5083-2513-4774-8797-D73DD9170AAB}" = protocol=17 | dir=out | app=c:\program files (x86)\simplitec\simplifast\serviceprovider.exe |
"{C77F586B-5128-4C53-AE5B-E3F683A31FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\simplitec\simplifast\serviceprovider.exe |
"{C7CEF0CE-9C42-49D7-BE15-EE937D761036}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{CD30DC0F-BC14-4787-ABB9-7A3E8E6DCF9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E3E6A323-CD16-4A2E-82B4-C569F6EDC85C}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{E5DD8001-4FBA-45EA-9B26-2E07E01ED7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{EE59C169-DCD0-4EF8-9061-D759E29E085B}" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{6B3877F9-82D3-4420-A7FB-7758E92437B7}C:\games\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world of tanks\worldoftanks.exe |
"TCP Query User{87178514-57AF-46F0-8F17-118B337556DB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C14FD86-A9CB-476E-A957-F0BB542F9EBD}C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe |
"TCP Query User{DD21EA06-71A5-45D0-8DE9-8D16DAA104A9}C:\games\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world of tanks\wotlauncher.exe |
"UDP Query User{5EB0C864-6D8A-4CDF-A55F-ACF097468987}C:\games\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world of tanks\worldoftanks.exe |
"UDP Query User{AE202DAD-57B4-4F5D-B684-FE0705D6436B}C:\games\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world of tanks\wotlauncher.exe |
"UDP Query User{DD7FA933-1BCB-4B1E-BE36-2D19B4B1CD59}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{F3BFB388-3CE8-4F09-B206-3414EEC8DDF0}C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B0CF4A-564C-4549-913E-AE3EDA16971A}" = AdAwareInstaller
"{20334FA5-6CD5-48FC-B5F9-D34D75E07845}" = AntimalwareEngine
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{36036827-FA38-4A74-8333-26BC4EEC9308}" = AdAwareUpdater
"{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater" = Ad-Aware Antivirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 372.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 372.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 372.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 3.0.7.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 369.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 2.13.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA Wireless Controller Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.34.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService" = NVIDIA NetworkService Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.UserElevated" = NVIDIA Elevated User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NvNodejs
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NvTelemetry
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.13.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.41
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}" = WinZip 19.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F92DA023-338E-4C8A-A6C6-8F36DB179AE4}" = ESET NOD32 Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0
"WinRAR archiver" = WinRAR 5.31 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15BFD731-A10E-43E9-9D18-0F682BC0480F}" = Photo Common
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.2
"{2C0DDC2F-29FF-4FCC-8B3A-A935287D078C}_is1" = Project Kryptonite version 1.0.7
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{3D2CF65C-B544-4308-B996-700D3E5F6C4C}" = Movie Maker
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8989DBC1-E87B-448F-9147-57EEEC5A24A5}" = Overwolf.Setup.VC100CRTx86.Dist
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_OMUI.cs-cz_{13E6D9FD-5FE8-43A6-9874-515A50909DEF}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_OMUI.cs-cz_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.cs-cz_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.cs-cz_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_OMUI.cs-cz_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_OMUI.cs-cz_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_OMUI.cs-cz_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A470EA9-FF86-4C0E-992C-572BF2B9D6FF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6142247-58B1-40C7-B8E0-965C1A8026A5}" = ACDSee Photo Editor 2008
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{abe3a039-699f-4239-82f9-1a061ec1d8db}" = Web Companion
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B64D8CE9-11B2-469D-A347-9A13C2BCA423}_is1" = webiums modpack 0.9.15.1 v9.15.1.00
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E100E2B5-F2EF-4955-AB7A-C3F2125A3BCD}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F37D360D-9308-4BB1-8515-DC6B637B9486}" = Fotogalerie
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"ACDSee Free" = ACDSee Free
"Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Afterburner" = MSI Afterburner 2.3.1
"AIDA64 Extreme_is1" = AIDA64 Extreme v5.00
"Aslains_WoT_Modpack_Installer_is1" = Aslain's WoT Modpack verze 9.16.02
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Doom 3 BFG Edition_is1" = Doom 3 BFG Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Photo Resizer" = FastStone Photo Resizer 3.5
"FormatFactory" = FormatFactory 3.6.0.0
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.1.1043
"Mozilla Firefox 47.0.1 (x86 cs)" = Mozilla Firefox 47.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"Open Broadcaster Software" = Open Broadcaster Software
"Overwolf" = Overwolf
"Razer Comms" = Razer Comms
"Viscomsoft Free GIF Effect Maker for Window_is1" = Viscomsoft Free GIF Effect Maker
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.21 (32-bit)
"ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1" = Aslain's XVM WoT Modpack verze 9.15.26

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1" = World of Tanks
"SeznamInstall" = Seznam Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.10.2016 15:06:08 | Computer Name = maxs-base | Source = PerfNet | ID = 2004
Description =

Error - 14.10.2016 15:06:08 | Computer Name = maxs-base | Source = WinMgmt | ID = 10
Description =

Error - 14.10.2016 16:12:42 | Computer Name = maxs-base | Source = WinMgmt | ID = 10
Description =

Error - 14.10.2016 16:40:14 | Computer Name = maxs-base | Source = PerfNet | ID = 2004
Description =

Error - 14.10.2016 16:40:15 | Computer Name = maxs-base | Source = WinMgmt | ID = 10
Description =

Error - 14.10.2016 16:52:43 | Computer Name = maxs-base | Source = MsiInstaller | ID = 1013
Description =

Error - 15.10.2016 3:29:23 | Computer Name = maxs-base | Source = WinMgmt | ID = 10
Description =

Error - 15.10.2016 13:39:36 | Computer Name = maxs-base | Source = WinMgmt | ID = 10
Description =

Error - 16.10.2016 4:21:30 | Computer Name = maxs-base | Source = PerfNet | ID = 2004
Description =

Error - 16.10.2016 4:21:45 | Computer Name = maxs-base | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10.10.2016 13:08:51 | Computer Name = maxs-base | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 12.10.2016 13:36:14 | Computer Name = maxs-base | Source = Tcpip | ID = 4199
Description = Systém zjistil konflikt IP adresy 0.0.0.0 se systémem, jehož síťová
hardwarová adresa je EC-0E-C4-5D-1F-DB. Síťové operace v systému mohou být přerušeny.

Error - 13.10.2016 10:31:11 | Computer Name = maxs-base | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 14.10.2016 16:12:03 | Computer Name = maxs-base | Source = DCOM | ID = 10010
Description =

Error - 14.10.2016 16:12:37 | Computer Name = maxs-base | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další
údaje: Hodnota chyby: 2147942402

Error - 14.10.2016 16:40:05 | Computer Name = maxs-base | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort2.

Error - 14.10.2016 17:17:21 | Computer Name = maxs-base | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 14.10.2016 17:19:17 | Computer Name = maxs-base | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 14.10.2016 17:19:37 | Computer Name = maxs-base | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 15.10.2016 3:43:39 | Computer Name = maxs-base | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

< End of report >

Tak se to povedlo. První log rozdělen do dvou zpráv, druhý (extras) se vešel do jedné zprávy.

Budu očekávat další instrukce

Mate tam nejak moc bezpecnostnich programu. Nechte jen Nod, zbytek odinstalujte.

Jak je na tom legalita systemu? Ultimate neni zrovna bezna domaci verze

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte novou kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

maxs.cz píše:Včera jsem havěť odstranil pomocí Malware Bite Anti-Malware

Rad bych videl log z toho testu. Zkuste ho najit, docela by to pomohlo.

Podařilo se mi nalést logy z dvou včerejších scanů (ten první je betesporu zajímavější) a jednoho "protection logu". Vkládám je sem chronologicky pod sebe, odděluji je "-------------"

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14.10.2016
Čas skenování: 22:07
Protokol: malware bytes včera 1.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.14.09
Databáze rootkitů: v2016.09.26.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: maxs

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 301836
Uplynulý čas: 3 min, 17 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 1
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll, Smazat při restartu, [c55c5d3c2a701b1bcf7aa45b7c88a957],

Klíče registru: 41
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3D}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B836}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.DragDropMenu.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.DragDropMenu, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.DragDropMenu, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.DragDropMenu, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.DragDropMenu.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.DragDropMenu.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3F}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.ContextMenuExt.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.ContextMenuExt, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.ContextMenuExt, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.ContextMenuExt, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.ContextMenuExt.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.ContextMenuExt.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.KzShlobj.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.KzShlobj, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.KzShlobj, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.KzShlobj, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.KzShlobj.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.KzShlobj.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67F}, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.KYDropHandler.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell2.KYDropHandler, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.KYDropHandler, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.KYDropHandler, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QZipShell2.KYDropHandler.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\QZipShell2.KYDropHandler.1, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KuaiZipDrive2, Do karantény, [fb264851d0ca61d59eae39c6a3612ad6],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{353C9B05-92D7-494F-A8B0-3C37B7DC6CF3}, Smazat při restartu, [59c8fc9daaf09a9c63ee59a6b74d639d],
PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KuaiZip_Update, Do karantény, [b170d7c2960424126ee932cd956fa55b],
PUP.Optional.Kuaizip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Kuaizip Update Checker, Do karantény, [ae73d0c9d0caab8b9baa7b84d72df010],
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Do karantény, [23fe2178d4c65cdae18451b60df80bf5],
PUP.Optional.Conduit, HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Do karantény, [5fc2d1c859411f1784fbe6b6cb38bc44],
PUP.Optional.YahooVNM, HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Do karantény, [aa7763368911ae8801cf398309fa31cf],

Hodnoty registru: 5
PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{353C9B05-92D7-494F-A8B0-3C37B7DC6CF3}|Path, \KuaiZip_Update, Smazat při restartu, [59c8fc9daaf09a9c63ee59a6b74d639d]
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|ImagePath, system32\DRIVERS\EsgScanner.sys, Do karantény, [23fe2178d4c65cdae18451b60df80bf5]
PUP.Optional.Conduit, HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag ... earchTerms}, Do karantény, [5fc2d1c859411f1784fbe6b6cb38bc44]
PUP.Optional.YahooVNM, HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, https://search.yahoo.com/search?fr=vmn& ... earchTerms}, Do karantény, [aa7763368911ae8801cf398309fa31cf]
Backdoor.Bot, HKU\S-1-5-21-928536241-3897680482-1510202409-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost0, "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe, Do karantény, [e33e69307e1c65d1ac5b689a7a898b75]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 9
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86, Smazat při restartu, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\lang, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\sfx, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip, Smazat při restartu, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\data, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language\en, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64, Smazat při restartu, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\lang, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],

Soubory: 47
HackTool.Agent, C:\Users\maxs\Desktop\Windows 7 Activation.exe, Do karantény, [829f7c1dd3c758de5ff740e2ed141de3],
PUP.Optional.Bundler, C:\Users\maxs\Downloads\format-factory-lista-centrumcz.exe, Do karantény, [bf62dabf188273c37a0c1940d22f2ed2],
PUP.Optional.SpyHunter, C:\Users\maxs\Downloads\SpyHunter-Installer.exe, Do karantény, [e33e079257436acc8c0558af897c26da],
PUP.Optional.InstallCore, C:\Users\maxs\Downloads\winzip19-lan.exe, Do karantény, [2bf65b3e742682b407abca739b6635cb],
PUP.Optional.InstallCore, C:\Users\maxs\Downloads\Malavida_Download_Manager.exe, Do karantény, [7ca5c0d99cfe53e3e8e3e5467988de22],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\KuaiZip.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\7z.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\DuiLib.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\finderlib.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll, Smazat při restartu, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\KZFormat.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\KZModule.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\KZReport.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\KZTui.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\Mount.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\MountCore.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\Uninst.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\Update.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\UpdateChecker.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\lang\en_lang.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X86\sfx\kzsetup_en.sfx, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\7zNew.dat, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\KzNew.dat, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\readme.txt, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\SLDefault.xml, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\ZipNew.dat, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\data\slimdata.dat, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language\en\kuaizip.xml, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language\en\KZipShell.xml, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language\en\kzmount2.xml, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language\en\kztui.xml, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\language\en\uninst.xml, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\7z.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\KuaiZipDrive.sys, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\KZFormat.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll, Smazat při restartu, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\KZModule.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\KZMount2.exe, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\Mount.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\MountCore.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Program Files (x86)\KuaiZip\X64\lang\en_lang.dll, Do karantény, [c55c5d3c2a701b1bcf7aa45b7c88a957],
PUP.Optional.Kuaizip, C:\Windows\System32\drivers\KuaiZipDrive2.sys, Do karantény, [fb264851d0ca61d59eae39c6a3612ad6],
PUP.Optional.Kuaizip, C:\Users\maxs\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk, Do karantény, [eb3622774753d363b9959a653ec68a76],
PUP.Optional.Kuaizip, C:\Windows\System32\Tasks\KuaiZip_Update, Do karantény, [64bd4356e5b5fd3922398d72828208f8],
PUP.Optional.SpyHunter, C:\Windows\System32\drivers\EsgScanner.sys, Do karantény, [23fe2178d4c65cdae18451b60df80bf5],
Backdoor.Bot, C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe, Do karantény, [e33e69307e1c65d1ac5b689a7a898b75],
PUP.Optional.Conduit, C:\Users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "http://www.bing.com/?pc=COSP&ptag=D0822 ... =CT3331997");), Nahrazeno,[79a86e2b524806306e3bdeba0ef6f709]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14.10.2016
Čas skenování: 22:40
Protokol: malware bytes včera 2.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.14.09
Databáze rootkitů: v2016.09.26.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: maxs

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 304432
Uplynulý čas: 3 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.Conduit, C:\Users\maxs\AppData\Roaming\Mozilla\Firefox\Profiles\66cntm0j.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "http://www.bing.com/?pc=COSP&ptag=D0822 ... =CT3331997");), Nahrazeno,[28f966330b8ff145aefb395f74909868]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

---------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malware Protection, Starting,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malware Protection, Started,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Starting,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Started,
Update, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Manual, Remediation Database, 2016.2.12.1, 2016.9.21.1,
Update, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Manual, Rootkit Database, 2016.2.8.1, 2016.9.26.2,
Update, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Manual, IP Database, 2016.2.8.1, 2016.10.12.1,
Update, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Manual, Domain Database, 2016.2.16.8, 2016.10.13.7,
Update, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Manual, Malware Database, 2016.2.16.6, 2016.10.14.9,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Refresh, Starting,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Stopping,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Stopped,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Refresh, Success,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Starting,
Protection, 14.10.2016 22:06, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Started,
Scan, 14.10.2016 22:11, SYSTEM, MAXS-BASE, Manual, Začátek: 14.10.2016 22:07, Doba trvání: 3 min 17 sekund, Sken hrozeb, Dokončeno, Detekce malwaru 3, Detekce jiných hrozeb 100,
Protection, 14.10.2016 22:12, SYSTEM, MAXS-BASE, Protection, Malware Protection, Starting,
Protection, 14.10.2016 22:12, SYSTEM, MAXS-BASE, Protection, Malware Protection, Started,
Protection, 14.10.2016 22:12, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Starting,
Protection, 14.10.2016 22:12, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Started,
Protection, 14.10.2016 22:40, SYSTEM, MAXS-BASE, Protection, Malware Protection, Starting,
Protection, 14.10.2016 22:40, SYSTEM, MAXS-BASE, Protection, Malware Protection, Started,
Protection, 14.10.2016 22:40, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Starting,
Protection, 14.10.2016 22:40, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Started,
Scan, 14.10.2016 22:44, SYSTEM, MAXS-BASE, Manual, Začátek: 14.10.2016 22:40, Doba trvání: 3 min 13 sekund, Sken hrozeb, Dokončeno, Detekce malwaru 0, Detekce jiných hrozeb 1,
Update, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Scheduler, Malware Database, 2016.10.14.9, 2016.10.14.10,
Protection, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Protection, Refresh, Starting,
Protection, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Stopping,
Protection, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Stopped,
Protection, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Protection, Refresh, Success,
Protection, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Starting,
Protection, 14.10.2016 23:01, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Started,
Protection, 14.10.2016 23:14, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Stopping,
Protection, 14.10.2016 23:14, SYSTEM, MAXS-BASE, Protection, Malicious Website Protection, Stopped,
Protection, 14.10.2016 23:14, SYSTEM, MAXS-BASE, Protection, Malware Protection, Stopping,
Protection, 14.10.2016 23:14, SYSTEM, MAXS-BASE, Protection, Malware Protection, Stopped,

(end)

-------------------------------------------------------------------------------------------------
Odinstaloval jsem lava antivirus, restartnu PC a postupuji dále dle Vašeho návodu.

Ještě přiložím screenshot ze "Sledování prostředků", které nabízí sám Windows. Odtud usuzuji, že je problém s procestorem. Na screenu je vyznačena část, po kterou bylo přepnuto do World of Tanks a před ní je doba ve Windows (mozzila). Možná to spolu nějak souvisí, možná je to informace k prdu :/

Márty, AdwCleaner, který jsem si stáhl dle návodu, mi sice projede SCAN, ale když dám ten druhý krok, zamrzne (program přestane odpovídat) a ani po dlouhé době se nerozjede. Končí to tvrdým resetem PC. 2x po sobě naprosto stejně. Všechny programy byly zavřeny. Našlo to cca 360 hrozeb. Zkusím to ještě jednou a přiložím screenshoot.

Tohle je poslední, co vidím. Následně po kliku na CLEAN program přestane odpovídat.

VIRY.CZ

zoufalec prosí o pomoc - asi procak? - výpis logu

zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu

Re: zoufalec prosí o pomoc - asi procak? - výpis logu