VIRY.CZ

Prosím o radu a případně pomoc..
jeden den po přeinstalování notebooku mi v procesech řádí prográmky
atieclxx.exe
csrss.exe
winlogon.exe.

Počítač je jak kdyby měl chřipku a vleče se.. procesor počítá jak nikdy.

Děkuji moc za případnou pomoc a nebo třeba i radu v čem dělám při instalaci chybu, nebo jaký Antivir případně Firewall.. AMD Catalyst control center stažen ze stránek Lenovo.

díííky

P. S. Nejsem si jist, ale myslím, že se to tam objevilo po istalaci

Tady Log

Logfile of random's system information tool 1.10 (written by random/random)
Run by Defeld at 2017-01-08 11:55:06
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 208 GB (82%) free of 254 GB
Total RAM: 7132 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:14, on 8.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Defeld\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\trend micro\Defeld.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Viber] "C:\Users\Defeld\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\Windows\SysWOW64\tbaseprovisioning.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6858 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\SysWOW64\tbaseprovisioning.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\Elantech\ETDService.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Users\Defeld\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe"
"C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Elantech\ETDIntelligent.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskmgr.exe /3
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\notepad.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"C:\Users\Defeld\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS.exe
C:\Windows\tasks\AutoKMSDaily.job - C:\Windows\AutoKMS.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778

prefs.js - "browser.startup.homepage" - "http://seznam.cz/"

"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-01-06 790552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-06 664848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"=C:\Windows\RTFTrack.exe [2017-01-06 5158144]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-01-13 3315896]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-14 2776528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Viber"=C:\Users\Defeld\AppData\Local\Viber\Viber.exe [2016-04-13 69268048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-06 9080768]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-02-02 767176]

C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll [2010-03-24 633200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-08 11:55:07 ----D---- C:\Program Files\trend micro
2017-01-08 11:55:06 ----D---- C:\rsit
2017-01-08 10:08:50 ----D---- C:\Users\Defeld\AppData\Roaming\VS Revo Group
2017-01-08 04:42:04 ----D---- C:\Users\Defeld\AppData\Roaming\Macromedia
2017-01-08 03:32:44 ----D---- C:\Users\Defeld\AppData\Roaming\ATI
2017-01-08 03:32:44 ----D---- C:\ProgramData\ATI
2017-01-08 02:52:10 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-01-08 02:51:55 ----A---- C:\Windows\system32\drivers\mwac.sys
2017-01-08 02:51:55 ----A---- C:\Windows\system32\drivers\farflt.sys
2017-01-08 02:51:47 ----A---- C:\Windows\system32\drivers\mbam.sys
2017-01-08 02:51:38 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-01-08 02:51:19 ----A---- C:\Windows\system32\drivers\mbae64.sys
2017-01-08 02:51:11 ----D---- C:\ProgramData\Malwarebytes
2017-01-08 02:51:11 ----D---- C:\Program Files\Malwarebytes
2017-01-08 02:13:30 ----D---- C:\Program Files (x86)\AMD AVT
2017-01-08 02:12:51 ----D---- C:\ProgramData\AMD
2017-01-08 02:11:20 ----D---- C:\Program Files (x86)\AMD
2017-01-07 23:48:39 ----D---- C:\Program Files (x86)\Adobe
2017-01-07 23:47:42 ----A---- C:\Windows\IsUninst.exe
2017-01-07 22:43:03 ----D---- C:\AdwCleaner
2017-01-07 01:44:09 ----D---- C:\ProgramData\Synology
2017-01-07 01:44:07 ----D---- C:\Program Files (x86)\Synology
2017-01-06 21:53:24 ----HD---- C:\ProgramData\CanonBJ
2017-01-06 21:52:46 ----A---- C:\Windows\system32\CNMLMBL.DLL
2017-01-06 21:52:29 ----A---- C:\Windows\system32\CNHMCA6.dll
2017-01-06 21:52:29 ----A---- C:\Windows\system32\CNC_BLL.dll
2017-01-06 21:52:29 ----A---- C:\Windows\system32\CNC_BLI.dll
2017-01-06 21:52:29 ----A---- C:\Windows\system32\CNC_BLC.dll
2017-01-06 21:52:25 ----HD---- C:\ProgramData\CanonIJFAX
2017-01-06 21:52:19 ----A---- C:\Windows\system32\CNCALBL.DLL
2017-01-06 20:19:48 ----D---- C:\Users\Defeld\AppData\Roaming\WinRAR
2017-01-06 19:13:46 ----A---- C:\Windows\AutoKMS.ini
2017-01-06 18:58:42 ----D---- C:\Program Files\Common Files\DESIGNER
2017-01-06 18:58:23 ----D---- C:\Windows\PCHEALTH
2017-01-06 18:56:42 ----D---- C:\Program Files\Microsoft Analysis Services
2017-01-06 18:56:42 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2017-01-06 18:56:32 ----D---- C:\Program Files (x86)\Microsoft Office
2017-01-06 18:56:31 ----D---- C:\ProgramData\Microsoft Help
2017-01-06 18:56:31 ----D---- C:\Program Files\Microsoft Office
2017-01-06 18:56:20 ----RHD---- C:\MSOCache
2017-01-06 18:45:14 ----D---- C:\Users\Defeld\AppData\Roaming\Stardock
2017-01-06 18:44:52 ----HDC---- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2017-01-06 18:44:51 ----D---- C:\ProgramData\Stardock
2017-01-06 18:44:49 ----D---- C:\Program Files (x86)\Stardock
2017-01-06 18:13:15 ----A---- C:\Windows\SYSWOW64\detoured.dll
2017-01-06 18:13:15 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2017-01-06 18:13:15 ----A---- C:\Windows\system32\detoured.dll
2017-01-06 18:13:15 ----A---- C:\Windows\system32\atieah64.exe
2017-01-06 18:13:07 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2017-01-06 18:13:07 ----A---- C:\Windows\system32\ativvaxy_FJ_nd.dat
2017-01-06 18:13:07 ----A---- C:\Windows\system32\ativvaxy_FJ.dat
2017-01-06 18:13:07 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2017-01-06 18:04:27 ----D---- C:\Program Files\Elantech
2017-01-06 18:03:55 ----D---- C:\drivers
2017-01-06 17:19:26 ----D---- C:\Users\Defeld\AppData\Roaming\TeamViewer
2017-01-06 17:14:21 ----D---- C:\Program Files (x86)\TeamViewer
2017-01-06 16:36:53 ----D---- C:\Windows\SYSWOW64\sda
2017-01-06 15:42:37 ----D---- C:\Users\Defeld\AppData\Roaming\AMD
2017-01-06 15:42:33 ----D---- C:\Users\Defeld\AppData\Roaming\ViberPC
2017-01-06 15:38:41 ----D---- C:\Users\Defeld\AppData\Roaming\ACD Systems
2017-01-06 15:36:47 ----D---- C:\ProgramData\ACD Systems
2017-01-06 15:36:42 ----D---- C:\Program Files\Common Files\ACD Systems
2017-01-06 15:36:42 ----D---- C:\Program Files\ACD Systems
2017-01-06 15:32:07 ----D---- C:\Windows\IObit
2017-01-06 15:31:41 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2017-01-06 15:28:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-01-06 15:27:58 ----D---- C:\Windows\system32\Macromed
2017-01-06 15:27:55 ----D---- C:\Windows\SYSWOW64\Macromed
2017-01-06 15:27:43 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2017-01-06 15:27:43 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2017-01-06 15:27:43 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2017-01-06 15:27:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2017-01-06 15:27:43 ----A---- C:\Windows\system32\XAudio2_7.dll
2017-01-06 15:27:43 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2017-01-06 15:27:43 ----A---- C:\Windows\system32\xactengine3_7.dll
2017-01-06 15:27:43 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2017-01-06 15:27:42 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2017-01-06 15:27:42 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2017-01-06 15:27:42 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2017-01-06 15:27:42 ----A---- C:\Windows\system32\d3dx11_43.dll
2017-01-06 15:27:42 ----A---- C:\Windows\system32\d3dx10_43.dll
2017-01-06 15:27:42 ----A---- C:\Windows\system32\d3dcsx_43.dll
2017-01-06 15:27:41 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2017-01-06 15:27:41 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2017-01-06 15:27:41 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2017-01-06 15:27:41 ----A---- C:\Windows\system32\XAudio2_6.dll
2017-01-06 15:27:41 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2017-01-06 15:27:41 ----A---- C:\Windows\system32\D3DX9_43.dll
2017-01-06 15:27:40 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2017-01-06 15:27:40 ----A---- C:\Windows\system32\xactengine3_6.dll
2017-01-06 15:27:39 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2017-01-06 15:27:39 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2017-01-06 15:27:38 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2017-01-06 15:27:38 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2017-01-06 15:27:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2017-01-06 15:27:38 ----A---- C:\Windows\system32\XAudio2_5.dll
2017-01-06 15:27:38 ----A---- C:\Windows\system32\xactengine3_5.dll
2017-01-06 15:27:38 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2017-01-06 15:27:37 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2017-01-06 15:27:37 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2017-01-06 15:27:37 ----A---- C:\Windows\system32\d3dx11_42.dll
2017-01-06 15:27:37 ----A---- C:\Windows\system32\d3dcsx_42.dll
2017-01-06 15:27:36 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2017-01-06 15:27:36 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2017-01-06 15:27:36 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2017-01-06 15:27:36 ----A---- C:\Windows\system32\D3DX9_42.dll
2017-01-06 15:27:36 ----A---- C:\Windows\system32\d3dx10_42.dll
2017-01-06 15:27:36 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2017-01-06 15:27:35 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2017-01-06 15:27:35 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2017-01-06 15:27:35 ----A---- C:\Windows\system32\D3DX9_41.dll
2017-01-06 15:27:35 ----A---- C:\Windows\system32\d3dx10_41.dll
2017-01-06 15:27:34 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2017-01-06 15:27:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2017-01-06 15:27:34 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2017-01-06 15:27:34 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2017-01-06 15:27:34 ----A---- C:\Windows\system32\XAudio2_4.dll
2017-01-06 15:27:34 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2017-01-06 15:27:34 ----A---- C:\Windows\system32\xactengine3_4.dll
2017-01-06 15:27:34 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2017-01-06 15:27:33 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2017-01-06 15:27:33 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2017-01-06 15:27:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2017-01-06 15:27:33 ----A---- C:\Windows\system32\D3DX9_40.dll
2017-01-06 15:27:33 ----A---- C:\Windows\system32\d3dx10_40.dll
2017-01-06 15:27:33 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2017-01-06 15:27:32 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2017-01-06 15:27:32 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2017-01-06 15:27:32 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2017-01-06 15:27:32 ----A---- C:\Windows\system32\XAudio2_3.dll
2017-01-06 15:27:32 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2017-01-06 15:27:32 ----A---- C:\Windows\system32\xactengine3_3.dll
2017-01-06 15:27:31 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2017-01-06 15:27:31 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2017-01-06 15:27:31 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2017-01-06 15:27:31 ----A---- C:\Windows\system32\XAudio2_2.dll
2017-01-06 15:27:31 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2017-01-06 15:27:31 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2017-01-06 15:27:30 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2017-01-06 15:27:30 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2017-01-06 15:27:30 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2017-01-06 15:27:30 ----A---- C:\Windows\system32\xactengine3_2.dll
2017-01-06 15:27:30 ----A---- C:\Windows\system32\d3dx10_39.dll
2017-01-06 15:27:30 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2017-01-06 15:27:29 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2017-01-06 15:27:29 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2017-01-06 15:27:29 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2017-01-06 15:27:29 ----A---- C:\Windows\system32\XAudio2_1.dll
2017-01-06 15:27:29 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2017-01-06 15:27:29 ----A---- C:\Windows\system32\D3DX9_39.dll
2017-01-06 15:27:28 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2017-01-06 15:27:28 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2017-01-06 15:27:28 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2017-01-06 15:27:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2017-01-06 15:27:28 ----A---- C:\Windows\system32\xactengine3_1.dll
2017-01-06 15:27:28 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2017-01-06 15:27:28 ----A---- C:\Windows\system32\d3dx10_38.dll
2017-01-06 15:27:28 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2017-01-06 15:27:27 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2017-01-06 15:27:27 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2017-01-06 15:27:27 ----A---- C:\Windows\system32\XAudio2_0.dll
2017-01-06 15:27:27 ----A---- C:\Windows\system32\D3DX9_38.dll
2017-01-06 15:27:26 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2017-01-06 15:27:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2017-01-06 15:27:26 ----A---- C:\Windows\system32\xactengine3_0.dll
2017-01-06 15:27:26 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2017-01-06 15:27:25 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2017-01-06 15:27:25 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2017-01-06 15:27:25 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2017-01-06 15:27:25 ----A---- C:\Windows\system32\D3DX9_37.dll
2017-01-06 15:27:25 ----A---- C:\Windows\system32\d3dx10_37.dll
2017-01-06 15:27:25 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2017-01-06 15:27:24 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2017-01-06 15:27:24 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2017-01-06 15:27:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2017-01-06 15:27:24 ----A---- C:\Windows\system32\xactengine2_10.dll
2017-01-06 15:27:24 ----A---- C:\Windows\system32\d3dx10_36.dll
2017-01-06 15:27:24 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2017-01-06 15:27:23 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2017-01-06 15:27:23 ----A---- C:\Windows\system32\d3dx9_36.dll
2017-01-06 15:27:22 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2017-01-06 15:27:22 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2017-01-06 15:27:22 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2017-01-06 15:27:22 ----A---- C:\Windows\system32\xactengine2_9.dll
2017-01-06 15:27:22 ----A---- C:\Windows\system32\d3dx10_35.dll
2017-01-06 15:27:22 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2017-01-06 15:27:21 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2017-01-06 15:27:21 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2017-01-06 15:27:21 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2017-01-06 15:27:21 ----A---- C:\Windows\system32\xactengine2_8.dll
2017-01-06 15:27:21 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2017-01-06 15:27:21 ----A---- C:\Windows\system32\d3dx9_35.dll
2017-01-06 15:27:20 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2017-01-06 15:27:20 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2017-01-06 15:27:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2017-01-06 15:27:20 ----A---- C:\Windows\system32\d3dx9_34.dll
2017-01-06 15:27:20 ----A---- C:\Windows\system32\d3dx10_34.dll
2017-01-06 15:27:20 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2017-01-06 15:27:19 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2017-01-06 15:27:19 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2017-01-06 15:27:19 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2017-01-06 15:27:19 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2017-01-06 15:27:19 ----A---- C:\Windows\system32\xinput1_3.dll
2017-01-06 15:27:19 ----A---- C:\Windows\system32\xactengine2_7.dll
2017-01-06 15:27:19 ----A---- C:\Windows\system32\d3dx10_33.dll
2017-01-06 15:27:19 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2017-01-06 15:27:18 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2017-01-06 15:27:18 ----A---- C:\Windows\system32\d3dx9_33.dll
2017-01-06 15:27:17 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2017-01-06 15:27:17 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2017-01-06 15:27:17 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2017-01-06 15:27:17 ----A---- C:\Windows\system32\xactengine2_6.dll
2017-01-06 15:27:17 ----A---- C:\Windows\system32\xactengine2_5.dll
2017-01-06 15:27:17 ----A---- C:\Windows\system32\d3dx10.dll
2017-01-06 15:27:16 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2017-01-06 15:27:16 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2017-01-06 15:27:16 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2017-01-06 15:27:16 ----A---- C:\Windows\system32\xactengine2_4.dll
2017-01-06 15:27:16 ----A---- C:\Windows\system32\x3daudio1_1.dll
2017-01-06 15:27:16 ----A---- C:\Windows\system32\d3dx9_32.dll
2017-01-06 15:27:15 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2017-01-06 15:27:15 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2017-01-06 15:27:15 ----A---- C:\Windows\system32\xactengine2_3.dll
2017-01-06 15:27:15 ----A---- C:\Windows\system32\d3dx9_31.dll
2017-01-06 15:27:14 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2017-01-06 15:27:14 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2017-01-06 15:27:14 ----A---- C:\Windows\system32\xinput1_2.dll
2017-01-06 15:27:14 ----A---- C:\Windows\system32\xactengine2_2.dll
2017-01-06 15:27:13 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2017-01-06 15:27:13 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2017-01-06 15:27:13 ----A---- C:\Windows\system32\xinput1_1.dll
2017-01-06 15:27:13 ----A---- C:\Windows\system32\xactengine2_1.dll
2017-01-06 15:27:10 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2017-01-06 15:27:10 ----A---- C:\Windows\system32\d3dx9_30.dll
2017-01-06 15:27:09 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2017-01-06 15:27:09 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2017-01-06 15:27:09 ----A---- C:\Windows\system32\xactengine2_0.dll
2017-01-06 15:27:09 ----A---- C:\Windows\system32\x3daudio1_0.dll
2017-01-06 15:27:08 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2017-01-06 15:27:08 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2017-01-06 15:27:08 ----A---- C:\Windows\system32\d3dx9_29.dll
2017-01-06 15:27:08 ----A---- C:\Windows\system32\d3dx9_28.dll
2017-01-06 15:27:07 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2017-01-06 15:27:07 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2017-01-06 15:27:07 ----A---- C:\Windows\system32\d3dx9_27.dll
2017-01-06 15:27:07 ----A---- C:\Windows\system32\d3dx9_26.dll
2017-01-06 15:27:06 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2017-01-06 15:27:06 ----A---- C:\Windows\system32\d3dx9_25.dll
2017-01-06 15:27:05 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2017-01-06 15:27:05 ----A---- C:\Windows\system32\d3dx9_24.dll
2017-01-06 15:25:38 ----D---- C:\ProgramData\Package Cache
2017-01-06 15:22:44 ----A---- C:\Windows\system32\RtNicProp64.dll
2017-01-06 15:22:44 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2017-01-06 15:22:20 ----A---- C:\Windows\SYSWOW64\RsCRIcon.dll
2017-01-06 15:22:20 ----A---- C:\Windows\system32\RtCRX64.dll
2017-01-06 15:22:20 ----A---- C:\Windows\system32\drivers\RtsUer.sys
2017-01-06 15:22:20 ----A---- C:\Windows\RtCRU64.exe
2017-01-06 15:21:51 ----A---- C:\Windows\system32\drivers\rtsuvc.sys
2017-01-06 15:21:50 ----A---- C:\Windows\SYSWOW64\RtCamP.dll
2017-01-06 15:21:50 ----A---- C:\Windows\SYSWOW64\RsDecode.dll
2017-01-06 15:21:50 ----A---- C:\Windows\system32\RtCamP64.dll
2017-01-06 15:21:50 ----A---- C:\Windows\system32\RtCamO64.dll
2017-01-06 15:21:50 ----A---- C:\Windows\RTFTrack.exe
2017-01-06 15:21:23 ----A---- C:\Windows\system32\drivers\athrx.sys
2017-01-06 15:20:51 ----D---- C:\Program Files\Common Files\Atheros
2017-01-06 15:20:05 ----A---- C:\Windows\system32\drivers\btfilter.sys
2017-01-06 15:20:05 ----A---- C:\Windows\system32\BtContextMenu.dll
2017-01-06 15:20:05 ----A---- C:\Windows\system32\btcoinst.dll
2017-01-06 15:19:40 ----D---- C:\ProgramData\Conexant
2017-01-06 15:19:39 ----D---- C:\Program Files\CONEXANT
2017-01-06 15:19:30 ----A---- C:\Windows\system32\UCI64A52.DLL
2017-01-06 15:19:30 ----A---- C:\Windows\system32\FMAPO64.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\EEP64A.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\EEL64A.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\EEG64A.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\EED64A.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\EEA64A.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\drivers\Mixer.ini
2017-01-06 15:19:30 ----A---- C:\Windows\system32\drivers\CHDRT64.sys
2017-01-06 15:19:30 ----A---- C:\Windows\system32\CxPageMaster64.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\CX64BP07.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\CX64AP86.dll
2017-01-06 15:19:30 ----A---- C:\Windows\system32\CSpkExt64.dll
2017-01-06 14:57:23 ----D---- C:\Program Files\Mozilla Firefox
2017-01-06 14:39:23 ----D---- C:\Users\Defeld\AppData\Roaming\Thunderbird
2017-01-06 14:38:36 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2017-01-06 14:33:19 ----D---- C:\Program Files\WinRAR
2017-01-06 14:22:31 ----D---- C:\Users\Defeld\AppData\Roaming\Mozilla
2017-01-06 14:22:17 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-06 14:17:14 ----D---- C:\Users\Defeld\AppData\Roaming\AVAST Software
2017-01-06 14:16:51 ----D---- C:\Program Files\Common Files\AV
2017-01-06 14:16:44 ----A---- C:\Windows\system32\drivers\aswvmm.sys
2017-01-06 14:16:44 ----A---- C:\Windows\system32\drivers\aswStm.sys
2017-01-06 14:16:43 ----A---- C:\Windows\system32\drivers\aswsp.sys
2017-01-06 14:16:43 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2017-01-06 14:16:43 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2017-01-06 14:16:43 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2017-01-06 14:16:43 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2017-01-06 14:16:43 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2017-01-06 14:16:38 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-01-06 14:16:38 ----A---- C:\Windows\system32\aswBoot.exe
2017-01-06 14:16:37 ----A---- C:\Windows\system32\ucrtbase.dll
2017-01-06 14:16:32 ----A---- C:\Windows\avastSS.scr
2017-01-06 14:15:10 ----D---- C:\Program Files\AVAST Software
2017-01-06 14:14:31 ----D---- C:\ProgramData\AVAST Software
2017-01-06 14:12:53 ----D---- C:\ProgramData\VS Revo Group
2017-01-06 14:12:52 ----A---- C:\Windows\system32\drivers\revoflt.sys
2017-01-06 14:12:51 ----D---- C:\Program Files\VS Revo Group
2017-01-06 13:33:59 ----D---- C:\Windows\tbaseregistry
2017-01-06 13:33:59 ----A---- C:\Windows\SYSWOW64\IEShims.dll
2017-01-06 13:28:50 ----D---- C:\ProgramData\ProductData
2017-01-06 13:28:22 ----D---- C:\Users\Defeld\AppData\Roaming\IObit
2017-01-06 13:28:22 ----D---- C:\ProgramData\IObit
2017-01-06 13:28:22 ----A---- C:\Windows\SYSWOW64\drivers\HWiNFO64A.SYS
2017-01-06 13:28:18 ----D---- C:\Program Files (x86)\IObit
2017-01-06 13:22:56 ----D---- C:\Users\Defeld\AppData\Roaming\Adobe
2017-01-06 13:22:45 ----D---- C:\Users\Defeld\AppData\Roaming\Identities
2017-01-06 13:08:33 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-01-06 13:06:46 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-01-06 13:06:45 ----D---- C:\Windows\Migration
2017-01-06 13:06:25 ----SHD---- C:\Windows\Installer
2017-01-06 13:04:05 ----D---- C:\Program Files\Common Files\ATI Technologies
2017-01-06 13:03:46 ----D---- C:\Program Files\AMD
2017-01-06 13:02:36 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-01-06 13:02:36 ----A---- C:\Windows\system32\poqexec.exe
2017-01-06 13:02:32 ----DC---- C:\Windows\system32\DRVSTORE
2017-01-06 13:01:38 ----SD---- C:\Users\Defeld\AppData\Roaming\Microsoft
2017-01-06 13:01:38 ----D---- C:\Users\Defeld\AppData\Roaming\Media Center Programs
2017-01-06 13:01:28 ----SHD---- C:\Recovery
2017-01-06 13:01:28 ----SHD---- C:\ProgramData\Šablony
2017-01-06 13:01:28 ----SHD---- C:\ProgramData\Plocha
2017-01-06 13:01:28 ----SHD---- C:\ProgramData\Oblíbené položky
2017-01-06 13:01:28 ----SHD---- C:\ProgramData\Nabídka Start
2017-01-06 13:01:28 ----SHD---- C:\ProgramData\Dokumenty
2017-01-06 13:01:28 ----SHD---- C:\ProgramData\Data aplikací
2017-01-06 12:53:33 ----D---- C:\Windows\SoftwareDistribution
2017-01-06 12:51:24 ----D---- C:\Windows\Prefetch
2017-01-06 12:50:31 ----ASH---- C:\pagefile.sys
2017-01-06 12:50:31 ----ASH---- C:\hiberfil.sys
2017-01-06 12:39:54 ----SHD---- C:\System Volume Information
2017-01-06 12:39:22 ----D---- C:\Windows\Panther

======List of files/folders modified in the last 1 month======

2017-01-08 11:55:07 ----RD---- C:\Program Files
2017-01-08 11:41:09 ----D---- C:\Windows\system32\config
2017-01-08 11:40:39 ----D---- C:\Windows\system32\Tasks
2017-01-08 11:27:34 ----D---- C:\Windows\system32\wdi
2017-01-08 11:24:57 ----D---- C:\Windows\Temp
2017-01-08 11:05:00 ----D---- C:\Windows\system32\drivers
2017-01-08 10:17:16 ----D---- C:\Windows
2017-01-08 10:00:34 ----D---- C:\Windows\Microsoft.NET
2017-01-08 05:59:43 ----D---- C:\Windows\Tasks
2017-01-08 03:32:44 ----HD---- C:\ProgramData
2017-01-08 03:22:56 ----D---- C:\Windows\System32
2017-01-08 03:22:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-08 03:22:55 ----D---- C:\Windows\inf
2017-01-08 02:15:16 ----D---- C:\Windows\SysWOW64
2017-01-08 02:14:48 ----D---- C:\Windows\system32\catroot
2017-01-08 02:13:45 ----D---- C:\Windows\system32\DriverStore
2017-01-08 02:13:30 ----RD---- C:\Program Files (x86)
2017-01-08 02:13:30 ----D---- C:\Program Files (x86)\Common Files
2017-01-08 02:11:14 ----D---- C:\Windows\system32\catroot2
2017-01-06 22:57:04 ----SD---- C:\ProgramData\Microsoft
2017-01-06 19:51:52 ----D---- C:\Windows\Logs
2017-01-06 18:59:37 ----RSD---- C:\Windows\assembly
2017-01-06 18:59:36 ----D---- C:\Windows\winsxs
2017-01-06 18:58:47 ----RSD---- C:\Windows\Fonts
2017-01-06 18:58:42 ----D---- C:\Program Files\Common Files
2017-01-06 18:58:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-01-06 18:56:50 ----D---- C:\Windows\ShellNew
2017-01-06 17:13:25 ----D---- C:\Windows\system32\LogFiles
2017-01-06 15:22:44 ----A---- C:\Windows\system32\RTNUninst64.dll
2017-01-06 13:28:22 ----D---- C:\Windows\SYSWOW64\drivers
2017-01-06 13:22:43 ----SHD---- C:\$Recycle.Bin
2017-01-06 13:07:58 ----D---- C:\Windows\twain_32
2017-01-06 13:07:51 ----D---- C:\Windows\system32\CodeIntegrity
2017-01-06 13:06:48 ----D---- C:\Windows\SYSWOW64\en-US
2017-01-06 13:06:48 ----D---- C:\Windows\system32\en-US
2017-01-06 13:02:03 ----D---- C:\Windows\system32\restore
2017-01-06 13:01:38 ----RD---- C:\Users
2017-01-06 13:01:28 ----D---- C:\Windows\system32\Recovery
2017-01-06 13:01:28 ----D---- C:\Program Files\Windows NT
2017-01-06 13:00:37 ----D---- C:\Windows\rescache
2017-01-06 13:00:22 ----D---- C:\Windows\debug
2017-01-06 12:54:51 ----D---- C:\Windows\system32\drivers\UMDF
2017-01-06 12:54:30 ----D---- C:\Windows\system32\sysprep
2017-01-06 12:51:19 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2014-09-24 83656]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2014-09-24 43720]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2014-10-28 62152]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2017-01-06 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2017-01-06 293352]
R0 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-01-08 250816]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2014-06-08 213848]
R1 amdpsp;AMD PSP 1.0 Service; C:\Windows\system32\DRIVERS\amdpsp.sys [2014-02-24 233672]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-01-06 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-01-06 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-01-06 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-01-06 513632]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2014-06-08 516096]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2016-12-14 77416]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-01-06 26528]
R1 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2017-01-08 176064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-06-08 60416]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-01-06 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-01-06 163416]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2015-01-21 108256]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-02-02 18977792]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-02-02 591872]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2015-01-21 229088]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2017-01-06 4172536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-12-21 94720]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2017-01-06 609992]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-06-08 80384]
R3 busenum;Synology Virtual USB Hub; C:\Windows\system32\DRIVERS\busenum.sys [2012-08-03 55776]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2017-01-06 1700568]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2015-01-13 443064]
R3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-01-08 102856]
R3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-01-08 43968]
R3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-01-08 81696]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2017-01-06 1037832]
R3 RTSUER;Realtek USB Card Reader - UER; C:\Windows\system32\Drivers\RtsUer.sys [2017-01-06 418784]
R3 rtsuvc;EasyCamera; C:\Windows\system32\DRIVERS\rtsuvc.sys [2017-01-06 3127552]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S2 APXACC;AppEx Networks Accelerator LWF; C:\Windows\system32\DRIVERS\appexDrv.sys []
S3 amdkmcsp;AMD Kernel Mode CSP Service; C:\Windows\system32\DRIVERS\amdkmcsp.sys [2014-02-24 81096]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2017-01-06 37656]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2014-06-08 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-06-08 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2014-02-27 331992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2014-06-08 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2014-06-08 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2014-06-08 29696]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-06-08 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-02-02 246272]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-06 197128]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2014-06-08 27136]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-01-13 102072]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-14 4317648]
R2 tbaseprovisioning;tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [2014-02-24 51712]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-04-09 5261584]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2014-06-08 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-08 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-06 198088]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2014-06-08 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2014-06-08 27136]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-02-02 344064]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 UsbClientService;UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2016-03-18 248840]

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Moc děkuji za reakci..
původně byl v notebooku windows 10 s licencí a a moji žádost mi nainstalovali Windows 7. Už bych se těžko předělával na nové windows.

Díky

OK. Udělejte tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

Ještě to prohledává.. rosím Tvás, kde pak najdu logy, ve slozce s programem?

Tak uz to mam hotove.. a prikladam logy.

Extras

OTL Extras logfile created on: 8.1.2017 15:31:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\__ INSTALL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

6,97 Gb Total Physical Memory | 3,36 Gb Available Physical Memory | 48,22% Memory free
13,93 Gb Paging File | 8,84 Gb Available in Paging File | 63,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 202,13 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 666,18 Gb Free Space | 97,45% Space Free | Partition Type: NTFS

Computer Name: DEFELD-PC | User Name: Defeld | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2279825905-639020350-948219934-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 8.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeQVPro8.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 8.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeQVPro8.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009E0567-5B45-45E5-AC5C-EB60A93E05CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08F7314A-5A6C-44DE-8AD0-4B4BF8854CD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14E32FF7-1DFE-47F1-88F4-86D1D9D69DE0}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B06909F-3F75-4DC6-A8CB-8EC22B53CE67}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B815B13-1164-4E83-9339-9F99CCEDD245}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2ECBD2EB-8921-4F0C-8301-FAFD1BF58404}" = rport=138 | protocol=17 | dir=out | app=system |
"{2EEDA86F-D4BF-4D97-BDD7-CC403D8E007A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3E3908BD-0E84-42F0-B55E-01918F72856A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43875A73-9CC5-4FAF-887C-5D061B7BBEB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{457680DA-BA27-4064-87AF-7FD61B505006}" = rport=445 | protocol=6 | dir=out | app=system |
"{55864930-A296-4A61-826E-168E3BE8EB9B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B43B922-1B79-4202-92E2-D38B0C403580}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7F1C61F-AAAD-4E44-814A-8BAFBE980F2C}" = lport=137 | protocol=17 | dir=in | app=system |
"{B53D8A44-6BF7-4284-A1D6-89628B5BDDB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B56BCD1F-955D-40C8-861E-3793CAF172B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B652D1B2-01B3-47FC-882D-BDFFA8D63465}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD95B43D-FA23-47CC-99AF-FC17D1FE035E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C0E2471F-8137-4AF2-B390-3C23CF11BA66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA55F7F9-3C65-4407-80D7-04557FAA9B02}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC3D94A2-B774-4ACB-8805-0EFF1D87AD56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E35858D4-1E19-4722-8882-49429762CC54}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E9664F0C-7450-45C1-A99D-8234B4CB9A9D}" = rport=139 | protocol=6 | dir=out | app=system |
"{FAC739B8-A533-44EF-9107-58A6A4F988AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16C3F47F-3A34-4636-8ED5-7ABD1B4CC48F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19BA7B08-D7D6-40FE-BDCC-FAA3A8D99C1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1DE56C4F-AB56-4B5E-BFDB-8BFE974D7A73}" = protocol=6 | dir=out | app=system |
"{322C53B2-C161-4829-AB5E-9FE7DF1C0633}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34B5A7DC-C805-4391-AB42-9CD1AE2AE275}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{359FCE6F-4D04-4874-AF04-47483713CA52}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{3E29D247-03D0-41AB-A77E-C78AFDF135B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{450806E4-E304-40DD-AF21-689EAA5766AA}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.1.0\dbdownloader.exe |
"{527257DD-54B4-45A2-913A-ED22E7243620}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.1.0\driverbooster.exe |
"{54A8EB21-721E-433B-B629-5CBE94E64C46}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B3EFFDA-8002-4621-9865-6FE60A562CC9}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.1.0\driverbooster.exe |
"{617896D5-AEEF-4278-8365-6971694B3AAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66883034-FA52-49AE-A0D6-30176A3DF375}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DA4EF98-427B-45C8-AF45-2D69B276F5FD}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.1.0\autoupdate.exe |
"{740B8812-919F-4EA9-B824-1315E6AB3A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F43093D-56B7-4658-A884-54B083AF532F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{81814031-6D01-4A7E-9BEC-048E9541BF9D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{83C8CB9A-90D4-475D-A1E9-BF15C539E931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85600755-7DF6-4730-92D7-F5BD5EF2F97B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{861E78B0-816F-4301-AC01-BA480DB13BE5}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.1.0\dbdownloader.exe |
"{8FF2DC0C-6EAB-4370-8B9F-BA503B0B076F}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.1.0\autoupdate.exe |
"{981B5C5C-F81D-4B94-AFB4-7F1DC17A335B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F1D561E-6BD8-49CD-B91A-9B97E411E584}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{A66C07D9-D5CA-41CC-9187-79CEC1B37930}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D01DA28E-D438-4CD4-8234-0FBF655BCD44}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2F29F05-4F31-46AF-9C9B-55F14147FA3C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBBBC3A1-2E5C-4255-8A20-EA2A42BF9149}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC6908A7-7409-4720-B538-04853B1CBEF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5CFBB17-7C17-4879-957F-7DE3A41EC757}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F79A1276-37E4-415F-A187-D748691DC42F}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{FB381347-179E-4C1D-B3C0-B627D686DCC5}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FD11A4C0-834B-41F1-B61C-ED58271B6C8A}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{FF7812C3-92BA-411C-B129-673F60AF88F8}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{C9956AE4-48EB-4984-A839-C037F293FCA7}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{D09C3D60-4BDC-488B-9CF6-8CE30B842A62}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{2C637DB1-3E0A-4089-8366-C6C0B01E5C2B}" = AMD Steady Video Plug-In
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.0.5.1299
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{427CFA90-777D-0FA2-E6D7-701120FE240B}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.6
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{CE559F1B-16E3-76C9-6EAE-79A522497C51}" = ccc-utility64
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D6BF0E6A-FBD5-5F3E-44C4-69A01392B4D6}" = AMD Catalyst Install Manager
"{DD04BE9D-3F34-A2FD-AEB0-7C65931B6618}" = AMD Accelerated Video Transcoding
"{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}" = ACDSee Pro 8 (64-bit)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Mozilla Firefox 50.1.0 (x64 cs)" = Mozilla Firefox 50.1.0 (x64 cs)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 5.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD200A-0F39-AE1A-4B75-5E582EF75F3A}" = CCC Help Chinese Standard
"{04185170-0583-9164-E25C-4106076AA76D}" = CCC Help Dutch
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0724A83D-2486-BC2B-D213-116E0BAF0744}" = Catalyst Control Center InstallProxy
"{0AF407E4-6666-1442-ECAF-8BDD5EEC1D8B}" = AMD Catalyst Control Center
"{1D464EFF-EC8B-F225-2F74-F74143200DDF}" = OEM Application Profile
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{25D17903-F963-4279-340B-15D6EBEB4093}" = CCC Help French
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{31A73F4F-73A1-71FC-CAFD-8AA3903B207A}" = CCC Help Russian
"{333F8280-471A-D38D-BB02-86B8213B41C3}" = CCC Help Italian
"{3C9D8C09-CD5F-34D6-E4BE-4719C23DC985}" = CCC Help English
"{3FE0F2B6-AB88-4E9D-6A26-D7330F23CE48}" = CCC Help Danish
"{5095D2F1-3C9B-969C-C1BC-68DB8071A52A}" = CCC Help Norwegian
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5DDB303C-9B38-DFAC-7842-89D1AC08E41D}" = CCC Help Japanese
"{63043E08-C6B8-3EEE-4799-B81A21A4337A}" = CCC Help Turkish
"{702AA42E-9457-A83C-A5B3-D0FE5020AAA9}" = CCC Help Finnish
"{894636F7-BDFC-DB6B-0148-EC8A9B8A5410}" = CCC Help Polish
"{89CB5AC8-36FD-711C-3185-BD9A0AC57B28}" = Catalyst Control Center - Branding
"{8E07406F-D686-9D67-40F0-7EEEFB610E20}" = Catalyst Control Center Localization All
"{982374F2-F2E1-61DD-D0B0-5C9DCF4FA956}" = CCC Help Korean
"{98C0358B-61F3-FF61-5079-25B89F65C0A8}" = CCC Help Thai
"{9E9F03D4-C832-DC1E-7052-BD3E2FA959D4}" = CCC Help Swedish
"{A807EF21-E405-30D9-C07D-3550D1A93CFC}" = CCC Help German
"{B436D53A-F04F-E0F0-7539-9128F0672AFA}" = CCC Help Hungarian
"{B7560B31-4679-C06A-4E2E-5F9D852BBD1D}" = CCC Help Greek
"{BE5FF216-E561-37BC-AD58-B95511D36A47}" = CCC Help Spanish
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
"{D55A0960-1D45-9C99-5F95-62D3800891F4}" = CCC Help Chinese Traditional
"{D65DDA75-2C0A-46BA-807D-127BD5638490}" = Viber
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E24965A6-06D5-5BE4-4C03-0200D652DC6F}" = CCC Help Portuguese
"{E9525164-442F-8C49-3F17-76E5E4146931}" = CCC Help Czech
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe Flash Player ActiveX" = Adobe Flash Player 24 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 24 NPAPI
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avast" = Avast Free Antivirus
"Driver Booster_is1" = Driver Booster 4.1
"Mozilla Thunderbird 45.3.0 (x86 cs)" = Mozilla Thunderbird 45.3.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ObjectDock Plus 2" = ObjectDock Plus 2
"SafeZone 1.51.2220.62" = SafeZone Stable 1.51.2220.62
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 9" = TeamViewer 9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2279825905-639020350-948219934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{acc83058-83b0-41e2-b372-266672a1af16}" = Viber

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7.1.2017 18:35:58 | Computer Name = Defeld-PC | Source = WinMgmt | ID = 10
Description =

Error - 7.1.2017 21:16:49 | Computer Name = Defeld-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.1.2017 0:58:18 | Computer Name = Defeld-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.1.2017 1:00:47 | Computer Name = Defeld-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 50.1.0.6186, časové
razítko: 0x584a06a2 Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.22436, časové
razítko: 0x521eb03f Kód výjimky: 0xc00000fd Posun chyby: 0x0000000000052820 ID chybujícího
procesu: 0xa58 Čas spuštění chybující aplikace: 0x01d2696bdc172191 Cesta k chybující
aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu:
C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 6a7c5369-d55f-11e6-bdd3-3052cb7a1a90

Error - 8.1.2017 5:02:44 | Computer Name = Defeld-PC | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 50.1.0.6186 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
1330 Čas spuštění: 01d26981e03c2806 Čas ukončení: 201 Cesta k aplikaci: C:\Program
Files\Mozilla Firefox\firefox.exe ID hlášení: 1b25dd91-d581-11e6-bdd3-3052cb7a1a90

Error - 8.1.2017 5:11:29 | Computer Name = Defeld-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.1.2017 5:18:59 | Computer Name = Defeld-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.1.2017 6:04:08 | Computer Name = Defeld-PC | Source = VSS | ID = 8194
Description =

Error - 8.1.2017 6:25:56 | Computer Name = Defeld-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.1.2017 8:29:37 | Computer Name = Defeld-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 7.1.2017 18:09:56 | Computer Name = Defeld-PC | Source = Service Control Manager | ID = 7000
Description = Služba TeamViewer 9 neuspěla při spuštění v důsledku následující chyby:
%%1053

Error - 7.1.2017 18:33:35 | Computer Name = Defeld-PC | Source = DCOM | ID = 10010
Description =

Error - 7.1.2017 18:47:01 | Computer Name = Defeld-PC | Source = DCOM | ID = 10010
Description =

Error - 7.1.2017 21:16:39 | Computer Name = Defeld-PC | Source = DCOM | ID = 10010
Description =

Error - 8.1.2017 0:56:40 | Computer Name = Defeld-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (5:39:14, ?8.?1.?2017) bylo neočekávané.

Error - 8.1.2017 0:58:42 | Computer Name = Defeld-PC | Source = Service Control Manager | ID = 7022
Description = Služba TeamViewer 9 přestala během spouštění reagovat.

Error - 8.1.2017 5:09:03 | Computer Name = Defeld-PC | Source = DCOM | ID = 10010
Description =

Error - 8.1.2017 5:16:37 | Computer Name = Defeld-PC | Source = DCOM | ID = 10010
Description =

Error - 8.1.2017 6:21:24 | Computer Name = Defeld-PC | Source = DCOM | ID = 10010
Description =

Error - 8.1.2017 6:24:18 | Computer Name = Defeld-PC | Source = Service Control Manager | ID = 7000
Description = Služba AppEx Networks Accelerator LWF neuspěla při spuštění v důsledku
následující chyby: %%2

< End of report >

A tady druh\ log.. dekuji moc

OTL logfile created on: 8.1.2017 15:31:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\__ INSTALL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

6,97 Gb Total Physical Memory | 3,36 Gb Available Physical Memory | 48,22% Memory free
13,93 Gb Paging File | 8,84 Gb Available in Paging File | 63,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 202,13 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 666,18 Gb Free Space | 97,45% Space Free | Partition Type: NTFS

Computer Name: DEFELD-PC | User Name: Defeld | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2017.01.08 15:28:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\__ INSTALL\OTL.exe
PRC - [2017.01.06 14:17:07 | 009,080,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2017.01.06 14:16:31 | 000,197,128 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016.12.14 13:15:26 | 002,776,528 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2016.08.25 19:27:19 | 000,491,464 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2016.04.13 16:54:22 | 069,268,048 | ---- | M] (Viber Media S.Ã r.l.) -- C:\Users\Defeld\AppData\Local\Viber\Viber.exe
PRC - [2015.04.09 07:46:59 | 005,261,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2015.04.09 07:46:58 | 014,453,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2015.04.09 07:13:37 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014.02.24 15:30:12 | 000,051,712 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWOW64\tbaseprovisioning.exe
PRC - [2010.10.12 15:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

========== Modules (No Company Name) ==========

MOD - [2017.01.06 18:46:15 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
MOD - [2017.01.06 14:16:34 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2017.01.06 14:16:31 | 000,482,928 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2017.01.06 14:16:31 | 000,169,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2016.04.13 16:54:08 | 000,695,888 | ---- | M] () -- C:\Users\Defeld\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2016.04.13 16:53:44 | 000,398,928 | ---- | M] () -- C:\Users\Defeld\AppData\Local\Viber\imageformats\qsvg.dll
MOD - [2016.04.13 16:52:52 | 000,095,312 | ---- | M] () -- C:\Users\Defeld\AppData\Local\Viber\qfacebook.dll
MOD - [2016.04.13 16:52:52 | 000,042,064 | ---- | M] () -- C:\Users\Defeld\AppData\Local\Viber\qrencode.dll
MOD - [2010.10.06 22:55:44 | 000,091,544 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Calendar\Calendar.dll
MOD - [2010.10.01 02:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
MOD - [2010.03.09 22:58:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
MOD - [2010.03.09 22:58:24 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Clock\Clock.dll

========== Services (SafeList) ==========

SRV:64bit: - [2017.01.06 14:16:31 | 000,197,128 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2016.12.14 13:13:42 | 004,317,648 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2015.02.02 11:52:08 | 000,246,272 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015.02.02 00:03:40 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2015.01.13 18:09:46 | 000,102,072 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2014.06.08 10:55:53 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.06.08 10:41:19 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2014.06.08 10:17:19 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017.01.06 14:57:36 | 000,198,088 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.03.18 06:41:14 | 000,248,840 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2015.04.09 07:46:59 | 005,261,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.02.24 15:30:12 | 000,051,712 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\tbaseprovisioning.exe -- (tbaseprovisioning)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2017.01.08 12:41:11 | 000,081,696 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2017.01.08 11:26:19 | 000,102,856 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2017.01.08 11:26:00 | 000,043,968 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2017.01.08 11:25:34 | 000,250,816 | ---- | M] (Malwarebytes) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017.01.08 02:52:10 | 000,176,064 | ---- | M] (Malwarebytes) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2017.01.06 15:31:33 | 000,037,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2017.01.06 15:22:44 | 001,037,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2017.01.06 15:22:20 | 000,418,784 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2017.01.06 15:21:51 | 003,127,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2017.01.06 15:21:23 | 004,172,536 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2017.01.06 15:20:05 | 000,609,992 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2017.01.06 15:19:30 | 001,700,568 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2017.01.06 14:16:59 | 000,293,352 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2017.01.06 14:16:58 | 000,969,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2017.01.06 14:16:58 | 000,513,632 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2017.01.06 14:16:35 | 000,163,416 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2017.01.06 14:16:35 | 000,108,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2017.01.06 14:16:35 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2017.01.06 14:16:35 | 000,074,544 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2017.01.06 14:16:35 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016.12.14 12:55:14 | 000,077,416 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2015.04.30 00:01:06 | 000,023,200 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2015.02.02 12:20:00 | 018,977,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015.02.02 11:48:20 | 000,591,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015.01.21 13:17:42 | 000,229,088 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2015.01.21 13:17:42 | 000,108,256 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2015.01.13 17:09:56 | 000,443,064 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2014.12.21 10:37:42 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2014.10.28 06:46:14 | 000,062,152 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2014.09.24 00:56:58 | 000,083,656 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2014.09.24 00:56:58 | 000,043,720 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2014.06.08 10:50:27 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014.06.08 10:50:27 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014.06.08 10:50:04 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014.06.08 10:50:04 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014.06.08 10:33:14 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2014.06.08 10:04:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2014.06.08 10:04:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2014.02.27 08:53:38 | 000,331,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2014.02.24 15:43:44 | 000,233,672 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\amdpsp.sys -- (amdpsp)
DRV:64bit: - [2014.02.24 15:43:22 | 000,081,096 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdkmcsp.sys -- (amdkmcsp)
DRV:64bit: - [2012.08.03 10:36:52 | 000,055,776 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2017.01.06 13:28:22 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2279825905-639020350-948219934-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2279825905-639020350-948219934-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-2279825905-639020350-948219934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.5.1.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SAFEPRICE\FF [2017.01.06 14:16:36 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2017.01.06 14:16:37 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017.01.06 14:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2017.01.06 14:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2017.01.06 14:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Extensions
[2017.01.08 05:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions
[2017.01.08 03:39:38 | 000,026,996 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\abpwatcher@adblockplus.org.xpi
[2017.01.08 05:58:39 | 000,074,664 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\translator@zoli.bod.xpi
[2017.01.08 03:39:53 | 000,770,771 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2017.01.08 03:39:36 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswwebrepie64.dll (AVAST Software)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswwebrepie.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4:64bit: - HKLM..\Run: [RtsFT] C:\Windows\RTFTrack.exe (Realtek semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2279825905-639020350-948219934-1000..\Run: [Viber] C:\Users\Defeld\AppData\Local\Viber\Viber.exe (Viber Media S.Ã r.l.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D418ABF-E1A7-421E-89F7-04ED260486A0}: DhcpNameServer = 192.168.20.1 8.8.8.8
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2017.01.08 11:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2017.01.08 11:55:06 | 000,000,000 | ---D | C] -- C:\rsit
[2017.01.08 10:08:50 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\VS Revo Group
[2017.01.08 04:51:06 | 000,000,000 | ---D | C] -- C:\Users\Defeld\dwhelper
[2017.01.08 04:42:04 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Macromedia
[2017.01.08 03:37:45 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Původní data aplikace Firefox
[2017.01.08 03:33:03 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\AMD
[2017.01.08 03:32:44 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\ATI
[2017.01.08 03:32:44 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\ATI
[2017.01.08 03:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.01.08 02:52:10 | 000,176,064 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017.01.08 02:51:55 | 000,102,856 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017.01.08 02:51:55 | 000,081,696 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017.01.08 02:51:47 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017.01.08 02:51:38 | 000,250,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.01.08 02:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017.01.08 02:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017.01.08 02:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.01.08 02:47:39 | 054,199,488 | ---- | C] (Malwarebytes ) -- C:\Users\Defeld\Desktop\mb3-setup-consumer-3.0.5.1299.exe
[2017.01.08 02:15:48 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\AppEx Networks
[2017.01.08 02:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2017.01.08 02:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2017.01.08 02:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2017.01.08 02:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2017.01.08 02:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2017.01.08 01:44:54 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Adobe
[2017.01.07 23:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2017.01.07 23:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2017.01.07 23:47:42 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2017.01.07 23:23:23 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Defeld\Desktop\ATF-Cleaner.exe
[2017.01.07 22:43:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017.01.07 02:51:27 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Desktop\TORENTY
[2017.01.07 02:51:27 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Videoklipy
[2017.01.07 02:51:23 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Stit grafika
[2017.01.07 02:51:22 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Průkazky příprava
[2017.01.07 02:51:20 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Minecraft dany tricko
[2017.01.07 02:51:19 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Mikrotik
[2017.01.07 02:51:18 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Grafika na štít prp prcka
[2017.01.07 02:51:15 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\Etiketa
[2017.01.07 02:50:39 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Desktop\__2010 rok
[2017.01.07 01:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology
[2017.01.07 01:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
[2017.01.07 01:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology
[2017.01.06 21:53:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2017.01.06 21:52:46 | 000,390,656 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMBL.DLL
[2017.01.06 21:52:29 | 000,366,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_BLL.dll
[2017.01.06 21:52:29 | 000,282,624 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_BLC.dll
[2017.01.06 21:52:29 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_BLI.dll
[2017.01.06 21:52:29 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2017.01.06 21:52:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2017.01.06 21:52:19 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNCALBL.DLL
[2017.01.06 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\WinRAR
[2017.01.06 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\GHISLER
[2017.01.06 18:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2017.01.06 18:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2017.01.06 18:58:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2017.01.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2017.01.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2017.01.06 18:56:35 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Microsoft Help
[2017.01.06 18:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2017.01.06 18:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2017.01.06 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2017.01.06 18:56:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2017.01.06 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\ODUI
[2017.01.06 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Documents\Stardock
[2017.01.06 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Stardock
[2017.01.06 18:45:14 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Stardock
[2017.01.06 18:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2017.01.06 18:44:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
[2017.01.06 18:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2017.01.06 18:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2017.01.06 18:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2017.01.06 18:13:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\detoured.dll
[2017.01.06 18:13:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\detoured.dll
[2017.01.06 18:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2017.01.06 18:03:55 | 000,000,000 | ---D | C] -- C:\drivers
[2017.01.06 17:19:26 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\TeamViewer
[2017.01.06 17:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2017.01.06 16:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2017.01.06 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Defeld\Documents\ViberDownloads
[2017.01.06 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\AMD
[2017.01.06 15:42:33 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\ViberPC
[2017.01.06 15:42:20 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
[2017.01.06 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Viber
[2017.01.06 15:42:07 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Package Cache
[2017.01.06 15:38:41 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\ACD Systems
[2017.01.06 15:38:37 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\ACD Systems
[2017.01.06 15:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2017.01.06 15:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2017.01.06 15:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2017.01.06 15:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2017.01.06 15:35:35 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Downloaded Installations
[2017.01.06 15:32:07 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2017.01.06 15:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
[2017.01.06 15:31:41 | 000,037,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2017.01.06 15:28:03 | 000,802,904 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017.01.06 15:28:03 | 000,144,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017.01.06 15:27:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2017.01.06 15:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2017.01.06 15:27:43 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2017.01.06 15:27:43 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2017.01.06 15:27:43 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2017.01.06 15:27:43 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2017.01.06 15:27:43 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2017.01.06 15:27:43 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2017.01.06 15:27:43 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2017.01.06 15:27:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2017.01.06 15:27:42 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2017.01.06 15:27:42 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2017.01.06 15:27:42 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2017.01.06 15:27:42 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2017.01.06 15:27:42 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2017.01.06 15:27:42 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2017.01.06 15:27:41 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2017.01.06 15:27:41 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2017.01.06 15:27:41 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2017.01.06 15:27:41 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2017.01.06 15:27:41 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2017.01.06 15:27:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2017.01.06 15:27:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2017.01.06 15:27:40 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2017.01.06 15:27:39 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2017.01.06 15:27:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2017.01.06 15:27:38 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2017.01.06 15:27:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2017.01.06 15:27:38 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2017.01.06 15:27:38 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2017.01.06 15:27:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2017.01.06 15:27:38 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2017.01.06 15:27:37 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2017.01.06 15:27:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2017.01.06 15:27:37 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2017.01.06 15:27:37 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2017.01.06 15:27:36 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2017.01.06 15:27:36 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2017.01.06 15:27:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2017.01.06 15:27:36 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2017.01.06 15:27:36 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2017.01.06 15:27:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2017.01.06 15:27:35 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2017.01.06 15:27:35 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2017.01.06 15:27:35 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2017.01.06 15:27:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2017.01.06 15:27:34 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2017.01.06 15:27:34 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2017.01.06 15:27:34 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2017.01.06 15:27:34 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2017.01.06 15:27:34 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2017.01.06 15:27:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2017.01.06 15:27:34 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2017.01.06 15:27:34 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2017.01.06 15:27:33 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2017.01.06 15:27:33 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2017.01.06 15:27:33 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2017.01.06 15:27:33 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2017.01.06 15:27:33 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2017.01.06 15:27:33 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2017.01.06 15:27:32 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2017.01.06 15:27:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2017.01.06 15:27:32 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2017.01.06 15:27:32 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2017.01.06 15:27:32 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2017.01.06 15:27:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2017.01.06 15:27:31 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2017.01.06 15:27:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2017.01.06 15:27:31 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2017.01.06 15:27:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2017.01.06 15:27:31 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2017.01.06 15:27:31 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2017.01.06 15:27:30 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2017.01.06 15:27:30 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2017.01.06 15:27:30 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2017.01.06 15:27:30 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2017.01.06 15:27:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2017.01.06 15:27:30 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2017.01.06 15:27:29 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2017.01.06 15:27:29 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2017.01.06 15:27:29 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2017.01.06 15:27:29 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2017.01.06 15:27:29 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2017.01.06 15:27:29 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2017.01.06 15:27:28 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2017.01.06 15:27:28 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2017.01.06 15:27:28 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2017.01.06 15:27:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2017.01.06 15:27:28 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2017.01.06 15:27:28 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2017.01.06 15:27:28 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2017.01.06 15:27:28 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2017.01.06 15:27:27 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2017.01.06 15:27:27 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2017.01.06 15:27:27 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2017.01.06 15:27:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2017.01.06 15:27:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2017.01.06 15:27:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2017.01.06 15:27:26 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2017.01.06 15:27:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2017.01.06 15:27:25 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2017.01.06 15:27:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2017.01.06 15:27:25 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2017.01.06 15:27:25 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2017.01.06 15:27:25 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2017.01.06 15:27:25 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2017.01.06 15:27:24 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2017.01.06 15:27:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2017.01.06 15:27:24 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2017.01.06 15:27:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2017.01.06 15:27:24 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2017.01.06 15:27:24 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2017.01.06 15:27:23 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2017.01.06 15:27:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2017.01.06 15:27:22 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2017.01.06 15:27:22 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2017.01.06 15:27:22 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2017.01.06 15:27:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2017.01.06 15:27:22 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2017.01.06 15:27:22 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2017.01.06 15:27:21 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2017.01.06 15:27:21 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2017.01.06 15:27:21 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2017.01.06 15:27:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2017.01.06 15:27:21 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2017.01.06 15:27:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2017.01.06 15:27:20 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2017.01.06 15:27:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2017.01.06 15:27:20 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2017.01.06 15:27:20 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2017.01.06 15:27:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2017.01.06 15:27:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2017.01.06 15:27:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2017.01.06 15:27:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2017.01.06 15:27:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2017.01.06 15:27:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2017.01.06 15:27:19 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2017.01.06 15:27:19 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2017.01.06 15:27:19 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2017.01.06 15:27:19 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2017.01.06 15:27:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2017.01.06 15:27:18 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2017.01.06 15:27:17 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2017.01.06 15:27:17 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2017.01.06 15:27:17 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2017.01.06 15:27:17 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2017.01.06 15:27:17 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2017.01.06 15:27:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2017.01.06 15:27:16 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2017.01.06 15:27:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2017.01.06 15:27:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2017.01.06 15:27:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2017.01.06 15:27:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2017.01.06 15:27:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2017.01.06 15:27:15 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2017.01.06 15:27:15 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2017.01.06 15:27:15 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2017.01.06 15:27:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2017.01.06 15:27:14 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2017.01.06 15:27:14 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2017.01.06 15:27:14 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2017.01.06 15:27:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2017.01.06 15:27:13 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2017.01.06 15:27:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2017.01.06 15:27:13 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2017.01.06 15:27:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2017.01.06 15:27:10 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2017.01.06 15:27:10 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2017.01.06 15:27:09 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2017.01.06 15:27:09 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2017.01.06 15:27:09 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2017.01.06 15:27:09 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2017.01.06 15:27:08 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2017.01.06 15:27:08 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2017.01.06 15:27:08 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2017.01.06 15:27:08 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2017.01.06 15:27:07 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2017.01.06 15:27:07 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2017.01.06 15:27:07 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2017.01.06 15:27:07 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2017.01.06 15:27:06 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2017.01.06 15:27:06 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2017.01.06 15:27:05 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2017.01.06 15:27:05 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2017.01.06 15:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2017.01.06 15:22:44 | 001,037,832 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2017.01.06 15:22:44 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2017.01.06 15:22:20 | 009,891,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2017.01.06 15:22:20 | 004,332,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtCRU64.exe
[2017.01.06 15:22:20 | 000,418,784 | ---- | C] (Realsil Semiconductor Corporation) -- C:\Windows\SysNative\drivers\RtsUer.sys
[2017.01.06 15:22:20 | 000,084,480 | ---- | C] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll
[2017.01.06 15:21:51 | 003,127,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\rtsuvc.sys
[2017.01.06 15:21:50 | 005,158,144 | ---- | C] (Realtek semiconductor) -- C:\Windows\RTFTrack.exe
[2017.01.06 15:21:50 | 001,980,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsDecode.dll
[2017.01.06 15:21:50 | 000,639,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtCamP64.dll
[2017.01.06 15:21:50 | 000,555,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtCamP.dll
[2017.01.06 15:21:50 | 000,099,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtCamO64.dll
[2017.01.06 15:21:23 | 004,172,536 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2017.01.06 15:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Atheros
[2017.01.06 15:20:05 | 000,609,992 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btfilter.sys
[2017.01.06 15:20:05 | 000,208,992 | ---- | C] (Qualcomm®Atheros®) -- C:\Windows\SysNative\BtContextMenu.dll
[2017.01.06 15:20:05 | 000,207,960 | ---- | C] (Qualcomm Atheros Communications Inc.) -- C:\Windows\SysNative\btcoinst.dll
[2017.01.06 15:20:05 | 000,037,464 | ---- | C] (Qualcomm®Atheros®) -- C:\Windows\SysNative\BtContextMenu.dll.muien-US
[2017.01.06 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2017.01.06 15:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2017.01.06 15:19:30 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2017.01.06 15:19:30 | 002,867,928 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64A52.DLL
[2017.01.06 15:19:30 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2017.01.06 15:19:30 | 001,790,168 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64AP86.dll
[2017.01.06 15:19:30 | 001,700,568 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\drivers\CHDRT64.sys
[2017.01.06 15:19:30 | 000,944,832 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64BP07.dll
[2017.01.06 15:19:30 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2017.01.06 15:19:30 | 000,406,208 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative

\CSpkExt64.dll
[2017.01.06 15:19:30 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2017.01.06 15:19:30 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2017.01.06 15:19:30 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2017.01.06 15:19:30 | 000,050,848 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CxPageMaster64.dll
[2017.01.06 14:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2017.01.06 14:39:23 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Thunderbird
[2017.01.06 14:39:23 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Thunderbird
[2017.01.06 14:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2017.01.06 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017.01.06 14:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017.01.06 14:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2017.01.06 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Mozilla
[2017.01.06 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Mozilla
[2017.01.06 14:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2017.01.06 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\CEF
[2017.01.06 14:17:14 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\AVAST Software
[2017.01.06 14:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2017.01.06 14:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2017.01.06 14:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2017.01.06 14:16:44 | 000,293,352 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswvmm.sys
[2017.01.06 14:16:44 | 000,163,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2017.01.06 14:16:43 | 000,969,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2017.01.06 14:16:43 | 000,513,632 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2017.01.06 14:16:43 | 000,108,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017.01.06 14:16:43 | 000,103,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017.01.06 14:16:43 | 000,074,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017.01.06 14:16:43 | 000,037,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017.01.06 14:16:38 | 000,921,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017.01.06 14:16:38 | 000,391,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017.01.06 14:16:37 | 000,992,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017.01.06 14:16:32 | 000,053,208 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2017.01.06 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2017.01.06 14:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2017.01.06 14:12:56 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\VS Revo Group
[2017.01.06 14:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2017.01.06 14:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2017.01.06 14:12:52 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2017.01.06 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2017.01.06 13:33:59 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEShims.dll
[2017.01.06 13:33:59 | 000,000,000 | ---D | C] -- C:\Windows\tbaseregistry
[2017.01.06 13:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\AppData\Local\EmieUserList
[2017.01.06 13:28:53 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\AppData\Local\EmieSiteList
[2017.01.06 13:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2017.01.06 13:28:50 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2017.01.06 13:28:22 | 000,026,528 | ---- | C] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2017.01.06 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\IObit
[2017.01.06 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2017.01.06 13:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2017.01.06 13:27:56 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Programs
[2017.01.06 13:22:56 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Adobe
[2017.01.06 13:22:53 | 000,000,000 | R--D | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017.01.06 13:22:53 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Searches
[2017.01.06 13:22:53 | 000,000,000 | R--D | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017.01.06 13:22:45 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Identities
[2017.01.06 13:22:43 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Contacts
[2017.01.06 13:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2017.01.06 13:06:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2017.01.06 13:06:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2017.01.06 13:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2017.01.06 13:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2017.01.06 13:02:36 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2017.01.06 13:02:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2017.01.06 13:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2017.01.06 13:02:18 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\VirtualStore
[2017.01.06 13:01:38 | 000,000,000 | --SD | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Videos
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Saved Games
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Pictures
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Music
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Links
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Favorites
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Downloads
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Documents
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\Desktop
[2017.01.06 13:01:38 | 000,000,000 | R--D | C] -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\AppData\Local\Temporary Internet Files
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Šablony
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Soubory cookie
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\SendTo
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Poslední
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Okolní tiskárny
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Okolní síť
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Documents\Obrázky
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Nabídka Start
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Local Settings
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Documents\Hudba
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\AppData\Local\History
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Documents\Filmy
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Dokumenty
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\Data aplikací
[2017.01.06 13:01:38 | 000,000,000 | -HSD | C] -- C:\Users\Defeld\AppData\Local\Data aplikací
[2017.01.06 13:01:38 | 000,000,000 | -H-D | C] -- C:\Users\Defeld\AppData
[2017.01.06 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Temp
[2017.01.06 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Local\Microsoft
[2017.01.06 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Defeld\AppData\Roaming\Media Center Programs
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Šablony
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Plocha
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Obrázky
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Oblíbené položky
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Nabídka Start
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Hudba
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Filmy
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2017.01.06 13:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Data aplikací
[2017.01.06 12:53:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017.01.06 12:51:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2017.01.06 12:39:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2017.01.06 12:39:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2017.01.08 15:37:00 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2017.01.08 15:28:00 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.01.08 15:28:00 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.01.08 12:41:11 | 000,081,696 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017.01.08 11:54:46 | 001,222,144 | ---- | M] () -- C:\Users\Defeld\Desktop\RSITx64.exe
[2017.01.08 11:26:19 | 000,102,856 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017.01.08 11:26:00 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017.01.08 11:25:34 | 000,250,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.01.08 11:25:07 | 000,191,562 | ---- | M] () -- C:\Windows\SysWow64\rootpa.e2e
[2017.01.08 11:24:21 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2017.01.08 11:24:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.01.08 11:24:09 | 1314,152,447 | -HS- | M] () -- C:\hiberfil.sys
[2017.01.08 11:21:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2017.01.08 10:09:52 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2017.01.08 03:22:56 | 001,582,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.01.08 03:22:56 | 000,668,376 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2017.01.08 03:22:56 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.01.08 03:22:56 | 000,141,004 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2017.01.08 03:22:56 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.01.08 03:16:09 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2017.01.08 02:52:10 | 000,176,064 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017.01.08 02:51:22 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.08 02:48:31 | 054,199,488 | ---- | M] (Malwarebytes ) -- C:\Users\Defeld\Desktop\mb3-setup-consumer-3.0.5.1299.exe
[2017.01.08 01:45:38 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017.01.08 01:45:38 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017.01.07 23:23:23 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Defeld\Desktop\ATF-Cleaner.exe
[2017.01.07 23:09:11 | 000,286,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.01.07 22:53:25 | 003,988,944 | ---- | M] () -- C:\Users\Defeld\Desktop\adwcleaner_6.042.exe
[2017.01.07 01:44:08 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk
[2017.01.06 21:54:08 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2017.01.06 19:13:46 | 000,000,184 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2017.01.06 18:46:37 | 000,002,091 | ---- | M] () -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2017.01.06 18:13:15 | 000,171,008 | ---- | M] () -- C:\Windows\SysNative\atieah64.exe
[2017.01.06 18:13:15 | 000,155,136 | ---- | M] () -- C:\Windows\SysWow64\atieah32.exe
[2017.01.06 18:13:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\detoured.dll
[2017.01.06 18:13:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\detoured.dll
[2017.01.06 18:13:07 | 000,246,660 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_FJ.dat
[2017.01.06 18:13:07 | 000,245,120 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_FJ_nd.dat
[2017.01.06 18:13:07 | 000,203,776 | ---- | M] () -- C:\Windows\SysNative\amdgfxinfo64.dll
[2017.01.06 18:13:07 | 000,189,952 | ---- | M] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2017.01.06 15:42:21 | 000,000,956 | ---- | M] () -- C:\Users\Defeld\Desktop\Viber.lnk
[2017.01.06 15:36:49 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 8 (64-bit).lnk
[2017.01.06 15:31:57 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[2017.01.06 15:31:33 | 000,037,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2017.01.06 15:28:41 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2017.01.06 15:22:44 | 001,037,832 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2017.01.06 15:22:44 | 000,116,304 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2017.01.06 15:22:44 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2017.01.06 15:22:20 | 009,891,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2017.01.06 15:22:20 | 004,332,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtCRU64.exe
[2017.01.06 15:22:20 | 000,418,784 | ---- | M] (Realsil Semiconductor Corporation) -- C:\Windows\SysNative\drivers\RtsUer.sys
[2017.01.06 15:22:20 | 000,084,480 | ---- | M] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll
[2017.01.06 15:21:51 | 005,158,144 | ---- | M] (Realtek semiconductor) -- C:\Windows\RTFTrack.exe
[2017.01.06 15:21:51 | 003,127,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\rtsuvc.sys
[2017.01.06 15:21:50 | 001,980,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsDecode.dll
[2017.01.06 15:21:50 | 000,639,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtCamP64.dll
[2017.01.06 15:21:50 | 000,555,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtCamP.dll
[2017.01.06 15:21:50 | 000,099,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtCamO64.dll
[2017.01.06 15:21:23 | 004,172,536 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2017.01.06 15:20:05 | 000,609,992 | ---- | M] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btfilter.sys
[2017.01.06 15:20:05 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBT.bin
[2017.01.06 15:20:05 | 000,208,992 | ---- | M] (Qualcomm®Atheros®) -- C:\Windows\SysNative\BtContextMenu.dll
[2017.01.06 15:20:05 | 000,207,960 | ---- | M] (Qualcomm Atheros Communications Inc.) -- C:\Windows\SysNative\btcoinst.dll
[2017.01.06 15:20:05 | 000,046,972 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x11020000.dfu
[2017.01.06 15:20:05 | 000,046,868 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x31010000.dfu
[2017.01.06 15:20:05 | 000,046,852 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x11020100.dfu
[2017.01.06 15:20:05 | 000,045,868 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x01020201.dfu
[2017.01.06 15:20:05 | 000,044,028 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x01020200.dfu
[2017.01.06 15:20:05 | 000,040,684 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
[2017.01.06 15:20:05 | 000,040,036 | ---- | M] () -- C:\Windows\SysNative\drivers\AthrBT_0x31010100.dfu
[2017.01.06 15:20:05 | 000,037,464 | ---- | M] (Qualcomm®Atheros®) -- C:\Windows\SysNative\BtContextMenu.dll.muien-US
[2017.01.06 15:20:05 | 000,001,926 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40.dfu
[2017.01.06 15:20:05 | 000,001,922 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010100_40.dfu
[2017.01.06 15:20:05 | 000,001,802 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
[2017.01.06 15:20:05 | 000,001,802 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
[2017.01.06 15:20:05 | 000,001,802 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020100_40.dfu
[2017.01.06 15:20:05 | 000,001,796 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020000_40.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
[2017.01.06 15:20:05 | 000,001,512 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
[2017.01.06 15:20:05 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
[2017.01.06 15:20:05 | 000,001,228 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
[2017.01.06 15:20:05 | 000,001,214 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
[2017.01.06 15:20:05 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
[2017.01.06 15:20:05 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu
[2017.01.06 15:20:05 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu
[2017.01.06 15:20:05 | 000,001,192 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
[2017.01.06 15:20:05 | 000,000,296 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
[2017.01.06 15:20:05 | 000,000,278 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_26.dfu
[2017.01.06 15:19:30 | 007,164,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2017.01.06 15:19:30 | 002,867,928 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64A52.DLL
[2017.01.06 15:19:30 | 002,743,328 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2017.01.06 15:19:30 | 001,790,168 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64AP86.dll
[2017.01.06 15:19:30 | 001,700,568 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\drivers\CHDRT64.sys
[2017.01.06 15:19:30 | 000,944,832 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64BP07.dll
[2017.01.06 15:19:30 | 000,434,960 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2017.01.06 15:19:30 | 000,406,208 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\CSpkExt64.dll
[2017.01.06 15:19:30 | 000,141,584 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2017.01.06 15:19:30 | 000,124,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2017.01.06 15:19:30 | 000,075,024 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2017.01.06 15:19:30 | 000,050,848 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\CxPageMaster64.dll
[2017.01.06 15:19:30 | 000,030,893 | ---- | M] () -- C:\Windows\SysNative\drivers\Mixer.ini
[2017.01.06 14:38:41 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2017.01.06 14:22:18 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017.01.06 14:16:59 | 000,293,352 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswvmm.sys
[2017.01.06 14:16:58 | 000,969,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2017.01.06 14:16:58 | 000,513,632 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2017.01.06 14:16:35 | 000,391,496 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017.01.06 14:16:35 | 000,163,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2017.01.06 14:16:35 | 000,108,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017.01.06 14:16:35 | 000,103,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017.01.06 14:16:35 | 000,074,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017.01.06 14:16:35 | 000,037,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017.01.06 14:16:32 | 000,992,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017.01.06 14:16:32 | 000,921,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017.01.06 14:16:32 | 000,053,208 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2017.01.06 14:12:54 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2017.01.06 13:31:49 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2017.01.06 13:28:22 | 000,026,528 | ---- | M] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2017.01.06 13:08:33 | 001,533,716 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017.01.06 13:02:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_amdpsp_01011.Wdf
[2017.01.06 12:56:55 | 000,219,876 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017.01.06 12:56:55 | 000,219,876 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017.01.06 12:54:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.12.27 11:44:46 | 002,483,162 | ---- | M] () -- C:\Users\Defeld\Documents\Stehlík Zdeněk - reseni exekuce a pokuty.pdf
[2016.12.25 11:52:25 | 000,362,327 | ---- | M] () -- C:\Users\Defeld\Documents\IMG_20161225_0001.pdf
[2016.12.18 21:47:02 | 009,687,009 | ---- | M] () -- C:\Users\Defeld\Documents\IMG_20161218_0001.pdf
[2016.12.16 12:04:45 | 000,201,045 | ---- | M] () -- C:\Users\Defeld\Documents\IMG_20161216_0001.pdf
[2016.12.14 12:55:14 | 000,077,416 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys

========== Files Created - No Company Name ==========

[2017.01.08 15:37:00 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2017.01.08 11:54:45 | 001,222,144 | ---- | C] () -- C:\Users\Defeld\Desktop\RSITx64.exe
[2017.01.08 02:51:22 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.08 02:51:19 | 000,077,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.01.07 23:49:22 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2017.01.07 23:49:22 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2017.01.07 22:53:11 | 003,988,944 | ---- | C] () -- C:\Users\Defeld\Desktop\adwcleaner_6.042.exe
[2017.01.07 02:49:20 | 000,000,482 | ---- | C] () -- C:\Users\Defeld\Desktop\DisableOSUpgrade.reg
[2017.01.07 02:49:17 | 101,467,883 | ---- | C] () -- C:\Users\Defeld\Desktop\Orgasm World Championship Katya Clover VS Andrea Y - XVIDEOS.mp4
[2017.01.07 02:49:17 | 000,757,395 | ---- | C] () -- C:\Users\Defeld\Desktop\značení prádla.jpg
[2017.01.07 02:49:16 | 027,407,787 | ---- | C] () -- C:\Users\Defeld\Desktop\značení prádla mustr.psd
[2017.01.07 02:47:14 | 006,155,156 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161030_0001.jpg
[2017.01.07 02:47:14 | 000,164,761 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161102_0002.pdf
[2017.01.07 02:47:14 | 000,162,529 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161102_0001.pdf
[2017.01.07 02:47:13 | 021,009,638 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161103_0001 zacatek.pdf
[2017.01.07 02:47:13 | 009,117,615 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161103_0002 motorky komplet orez.pdf
[2017.01.07 02:47:12 | 021,866,012 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161103_0004 end.pdf
[2017.01.07 02:47:12 | 007,159,479 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161103_0003 end pred.pdf
[2017.01.07 02:47:11 | 009,687,009 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161218_0001.pdf
[2017.01.07 02:47:11 | 002,483,162 | ---- | C] () -- C:\Users\Defeld\Documents\Stehlík Zdeněk - reseni exekuce a pokuty.pdf
[2017.01.07 02:47:11 | 001,690,228 | ---- | C] () -- C:\Users\Defeld\Documents\Daneček pololetní testy škola 2A.pdf
[2017.01.07 02:47:11 | 001,634,366 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161107_0001.pdf
[2017.01.07 02:47:11 | 000,739,607 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161201_0001.pdf
[2017.01.07 02:47:11 | 000,476,316 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161205_0001.pdf
[2017.01.07 02:47:11 | 000,362,327 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161225_0001.pdf
[2017.01.07 02:47:11 | 000,201,045 | ---- | C] () -- C:\Users\Defeld\Documents\IMG_20161216_0001.pdf
[2017.01.07 01:44:08 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk
[2017.01.06 21:52:29 | 000,098,048 | ---- | C] () -- C:\Windows\SysNative\CNC176BD.TBL
[2017.01.06 19:13:46 | 000,000,202 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2017.01.06 19:13:46 | 000,000,202 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2017.01.06 19:13:46 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2017.01.06 18:46:37 | 000,002,091 | ---- | C] () -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2017.01.06 18:13:15 | 000,171,008 | ---- | C] () -- C:\Windows\SysNative\atieah64.exe
[2017.01.06 18:13:15 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2017.01.06 18:13:07 | 000,246,660 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_FJ.dat
[2017.01.06 18:13:07 | 000,245,120 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_FJ_nd.dat
[2017.01.06 18:13:07 | 000,203,776 | ---- | C] () -- C:\Windows\SysNative\amdgfxinfo64.dll
[2017.01.06 18:13:07 | 000,189,952 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2017.01.06 17:14:24 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2017.01.06 17:14:24 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2017.01.06 15:42:21 | 000,000,956 | ---- | C] () -- C:\Users\Defeld\Desktop\Viber.lnk
[2017.01.06 15:41:28 | 001,581,582 | ---- | C] () -- C:\Users\Defeld\Desktop\winbox.exe
[2017.01.06 15:36:49 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 8 (64-bit).lnk
[2017.01.06 15:32:04 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2017.01.06 15:31:57 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[2017.01.06 15:31:57 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[2017.01.06 15:28:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2017.01.06 15:20:05 | 000,246,804 | ---- | C] () -- C:\Windows\SysNative\drivers\AtherosBT.bin
[2017.01.06 15:20:05 | 000,046,972 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x11020000.dfu
[2017.01.06 15:20:05 | 000,046,868 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x31010000.dfu
[2017.01.06 15:20:05 | 000,046,852 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x11020100.dfu
[2017.01.06 15:20:05 | 000,045,868 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x01020201.dfu
[2017.01.06 15:20:05 | 000,044,028 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x01020200.dfu
[2017.01.06 15:20:05 | 000,040,684 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
[2017.01.06 15:20:05 | 000,040,036 | ---- | C] () -- C:\Windows\SysNative\drivers\AthrBT_0x31010100.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
[2017.01.06 15:20:05 | 000,001,926 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40.dfu
[2017.01.06 15:20:05 | 000,001,922 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010100_40.dfu
[2017.01.06 15:20:05 | 000,001,802 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
[2017.01.06 15:20:05 | 000,001,802 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
[2017.01.06 15:20:05 | 000,001,802 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x11020100_40.dfu
[2017.01.06 15:20:05 | 000,001,796 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x11020000_40.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
[2017.01.06 15:20:05 | 000,001,516 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
[2017.01.06 15:20:05 | 000,001,512 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
[2017.01.06 15:20:05 | 000,001,242 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
[2017.01.06 15:20:05 | 000,001,228 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
[2017.01.06 15:20:05 | 000,001,214 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
[2017.01.06 15:20:05 | 000,001,204 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
[2017.01.06 15:20:05 | 000,001,204 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu
[2017.01.06 15:20:05 | 000,001,198 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu
[2017.01.06 15:20:05 | 000,001,192 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
[2017.01.06 15:20:05 | 000,000,296 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
[2017.01.06 15:20:05 | 000,000,278 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_40.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
[2017.01.06 15:20:05 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\drivers\ramps_0x01020201_26.dfu
[2017.01.06 15:19:30 | 000,030,893 | ---- | C] () -- C:\Windows\SysNative\drivers\Mixer.ini
[2017.01.06 14:38:41 | 000,001,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2017.01.06 14:38:41 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2017.01.06 14:22:18 | 000,000,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017.01.06 14:22:18 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017.01.06 14:12:54 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2017.01.06 13:34:00 | 000,191,562 | ---- | C] () -- C:\Windows\SysWow64\rootpa.e2e
[2017.01.06 13:31:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2017.01.06 13:31:47 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\spu_storage.bin
[2017.01.06 13:22:56 | 000,001,393 | ---- | C] () -- C:\Users\Defeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017.01.06 13:08:33 | 001,533,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017.01.06 13:02:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_amdpsp_01011.Wdf
[2017.01.06 12:55:26 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2017.01.06 12:54:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2017.01.06 12:54:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017.01.06 12:50:31 | 1314,152,447 | -HS- | C] () -- C:\hiberfil.sys
[2016.08.30 17:29:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2016.08.30 17:29:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2016.08.30 17:29:23 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2016.08.30 17:29:17 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2016.08.30 17:29:17 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2016.08.30 17:27:27 | 000,002,473 | ---- | C] () -- C:\Windows\SysWow64\tbaseprovisioning.exe.config
[2015.02.02 00:14:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.08 10:52:14 | 014,179,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.08 10:52:14 | 012,877,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2017.01.06 15:38:41 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\ACD Systems
[2017.01.06 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\AMD
[2017.01.06 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\AVAST Software
[2017.01.06 13:28:22 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\IObit
[2017.01.06 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Stardock
[2017.01.06 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\TeamViewer
[2017.01.06 14:39:23 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Thunderbird
[2017.01.08 11:25:30 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\ViberPC
[2017.01.08 10:08:50 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\VS Revo Group

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,004,854 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2017.01.06 19:13:46 | 000,000,202 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
[2017.01.06 19:13:46 | 000,000,202 | ---- | C] () -- C:\Windows\Tasks\AutoKMSDaily.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2014.06.08 10:06:42 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2014.06.08 10:06:42 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2014.06.08 10:06:42 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2014.06.08 10:06:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2014.06.08 10:06:42 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2014.06.08 10:06:42 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2014.06.08 10:17:20 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=DFDE777FAF31DC25E3624E8071073146 -- C:\Windows\SysNative\svchost.exe
[2014.06.08 10:17:20 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=DFDE777FAF31DC25E3624E8071073146 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.22137_none_14583c9b351893b5\svchost.exe
[2014.06.08 10:17:19 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=FFB38D8AFD6F4FCA1D46D64F1EDE0B9F -- C:\Windows\SysWOW64\svchost.exe
[2014.06.08 10:17:19 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=FFB38D8AFD6F4FCA1D46D64F1EDE0B9F -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.22137_none_b839a1177cbb227f\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.06.08 10:15:26 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2014.06.08 10:23:10 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2014.06.08 10:17:20 | 001,901,928 | ---- | M] (Microsoft Corporation) MD5=5AE58766730BBE03157A27A60B94E156 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22176_none_118eb55296526d33\tcpip.sys
[2014.06.08 10:23:10 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2014.06.08 10:43:54 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2014.06.08 10:15:26 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2014.06.08 10:43:54 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2014.06.08 10:24:44 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.06.08 10:24:44 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.06.08 10:49:31 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.06.08 10:49:31 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.06.08 10:49:31 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[11 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2017.01.06 15:38:41 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\ACD Systems
[2017.01.07 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Adobe
[2017.01.06 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\AMD
[2017.01.08 03:32:44 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\ATI
[2017.01.06 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\AVAST Software
[2017.01.06 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Identities
[2017.01.06 13:28:22 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\IObit
[2017.01.08 04:42:04 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Macromedia
[2010.11.21 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Media Center Programs
[2017.01.08 02:13:26 | 000,000,000 | --SD | M] -- C:\Users\Defeld\AppData\Roaming\Microsoft
[2017.01.06 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Mozilla
[2017.01.06 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Stardock
[2017.01.06 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\TeamViewer
[2017.01.06 14:39:23 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\Thunderbird
[2017.01.08 11:25:30 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\ViberPC
[2017.01.08 10:08:50 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\VS Revo Group
[2017.01.06 20:19:48 | 000,000,000 | ---D | M] -- C:\Users\Defeld\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2017.01.08 02:13:26 | 000,010,134 | R--- | M] () -- C:\Users\Defeld\AppData\Roaming\Microsoft\Installer\{1D464EFF-EC8B-F225-2F74-F74143200DDF}\ARPPRODUCTICON.exe
[2017.01.08 02:13:28 | 000,010,134 | R--- | M] () -- C:\Users\Defeld\AppData\Roaming\Microsoft\Installer\{2C637DB1-3E0A-4089-8366-C6C0B01E5C2B}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2017.01.08 11:24:21 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2017.01.08 10:09:52 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2017.01.06 13:28:22 | 000,026,528 | ---- | M] (REALiX(tm)) -- C:\Windows\system32\drivers\HWiNFO64A.SYS

< %systemroot%\system32\*.* /3 >
[2017.01.06 18:13:07 | 000,189,952 | ---- | M] () -- C:\Windows\system32\amdgfxinfo32.dll
[2017.01.06 18:13:15 | 000,155,136 | ---- | M] () -- C:\Windows\system32\atieah32.exe
[2017.01.08 02:13:19 | 000,058,434 | ---- | M] () -- C:\Windows\system32\CCCInstall_201701080213197654.log
[2017.01.06 18:13:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\detoured.dll
[2017.01.08 01:45:38 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2017.01.08 01:45:38 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2017.01.06 12:56:55 | 000,219,876 | ---- | M] () -- C:\Windows\system32\license.rtf
[2017.01.06 13:08:33 | 001,533,716 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2017.01.08 11:25:07 | 000,191,562 | ---- | M] () -- C:\Windows\system32\rootpa.e2e
[2017.01.06 15:22:20 | 009,891,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RsCRIcon.dll
[2017.01.06 15:21:50 | 001,980,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RsDecode.dll
[2017.01.06 15:21:50 | 000,555,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RtCamP.dll
[2017.01.06 14:16:32 | 000,921,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ucrtbase.dll

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Viber" = "C:\Users\Defeld\AppData\Local\Viber\Viber.exe" StartMinimized -- [2016.04.13 16:54:22 | 069,268,048 | ---- | M] (Viber Media S.Ã r.l.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.06.08 10:55:53 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2017.01.08 15:37:00 | 000,000,512 | ---- | M] () MD5=99141DCFA834A4C6222AD0C682304DE7 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2007.05.06 03:59:52 | 000,089,868 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\70s\Groovey-Cracked Italic.ttf
[2007.05.06 03:59:54 | 000,092,928 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\70s\Groovey-Cracked Normal.ttf
[2007.05.06 02:36:50 | 000,073,808 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\B\Borghs-Cracked Italic.ttf
[2007.05.06 02:36:50 | 000,071,388 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\B\Borghs-Cracked Normal.ttf
[2007.05.06 03:50:13 | 000,073,672 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\B\Borghs-Cracked-Condensed Italic.ttf
[2007.05.06 03:50:14 | 000,071,020 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\B\Borghs-Cracked-Condensed Normal.ttf
[2007.05.06 03:50:16 | 000,074,772 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\B\Borghs-Cracked-Extended Italic.ttf
[2007.05.06 03:50:18 | 000,072,236 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\B\Borghs-Cracked-Extended Normal.ttf
[2007.05.07 10:00:46 | 000,033,804 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\Christmas On Crack.ttf
[2007.05.07 10:00:47 | 000,252,796 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\Crack DEMO.ttf
[2002.03.03 00:50:32 | 000,084,272 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\Crackaddict.ttf
[1997.11.22 09:17:32 | 000,006,504 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\Cracked Brain.ttf
[2007.04.30 09:20:26 | 000,079,804 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\CRACKKILLS.otf
[2007.05.06 02:09:11 | 000,099,456 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\Crackling Plain.ttf
[2007.05.06 02:09:12 | 000,077,080 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\CracklingFire.ttf
[2004.10.20 23:23:22 | 000,027,720 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\CrackMan.ttf
[1999.08.08 21:28:20 | 000,079,904 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\C\Crackwhore.ttf
[2001.06.18 21:00:54 | 000,079,692 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Creating Keepsakes\CK Cracked.ttf
[2007.05.06 03:55:09 | 000,135,116 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\D\Dinosuaria-Cracked Italic.ttf
[2007.05.06 03:55:11 | 000,133,480 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\D\Dinosuaria-Cracked Normal.ttf
[1994.02.19 07:36:48 | 000,033,292 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\F\FZ JAZZY 12 CRACKED.ttf
[2006.10.14 16:17:53 | 000,125,094 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Fading-Worn\Lots of Dead Crack Babies.ttf
[1996.07.27 04:51:20 | 000,125,094 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Famous Fonts\Lots of Dead Crack Babies.ttf
[1999.01.28 12:49:08 | 000,036,340 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Graffiti\Cracked Johnnie.ttf
[2006.10.14 16:22:16 | 000,099,796 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Holiday-Halloween-Horror\Crack.ttf
[2007.05.06 04:01:23 | 000,095,832 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\M\Marshmallow-Cracked Italic.ttf
[2007.05.06 04:01:24 | 000,091,472 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\M\Marshmallow-Cracked Normal.ttf
[2007.05.06 04:01:28 | 000,091,108 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\M\Marshmallow-Cracked-Condensed Normal.ttf
[2007.05.06 04:01:27 | 000,095,908 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\M\Marshmallow-Cracked-Condensed Italic.ttf
[2007.05.06 04:01:30 | 000,097,556 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\M\Marshmallow-Cracked-Extended Italic.ttf
[2007.05.06 04:01:31 | 000,093,676 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\M\Marshmallow-Cracked-Extended Normal.ttf
[2007.04.30 09:18:25 | 000,185,812 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\N\Newcracks13.otf
[2007.04.30 14:19:53 | 000,052,344 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\N\Nutcracker.otf
[2007.05.06 04:03:30 | 000,103,864 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\P\Philadelphia-Cracked Normal.ttf
[2007.05.06 04:03:27 | 000,106,532 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\P\Philadelphia-Cracked Italic.ttf
[2007.05.06 04:03:33 | 000,103,492 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\P\Philadelphia-Cracked-Condensed Normal.ttf
[2007.05.06 04:03:31 | 000,106,344 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\P\Philadelphia-Cracked-Condensed Italic.ttf
[2007.05.06 04:03:36 | 000,105,580 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\P\Philadelphia-Cracked-Extended Normal.ttf
[2007.05.06 04:03:35 | 000,107,852 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\P\Philadelphia-Cracked-Extended Italic.ttf
[2007.05.01 13:58:29 | 000,087,696 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Robert Schenk\SalloonCracked.ttf

< *loader* /s >
[2015.11.04 08:25:12 | 076,246,632 | ---- | M] () -- \Záloha Instalace old 320GB disk\DISKStation\Synology-PhotoStationUploader-Setup-056.exe
[2007.04.30 09:28:09 | 000,025,012 | ---- | M] () -- \Záloha Instalace old 320GB disk\Fonty\Japanese Techno\Overloader.ttf

< End of report >

Spusťte znovu OTL jako správce.
Do spodniho okna vlozte nasledujici text:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2279825905-639020350-948219934-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
[2017.01.06 14:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Extensions
[2017.01.08 05:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions
[2017.01.08 03:39:38 | 000,026,996 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\abpwatcher@adblockplus.org.xpi
[2017.01.08 05:58:39 | 000,074,664 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\translator@zoli.bod.xpi
[2017.01.08 03:39:53 | 000,770,771 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2017.01.08 03:39:36 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:files
C:\Windows\tasks\AutoKMSDaily.job
C:\ProgramData\DP45977C.lfl
C:\Windows\tasks\AutoKMS.job
C:\Windows\AutoKMS.ini
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

ostupoval jsem dle instrukcí a tady je log..

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2279825905-639020350-948219934-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\Defeld\AppData\Roaming\Mozilla\Extensions folder moved successfully.
Folder move failed. C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions scheduled to be moved on reboot.
File C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\abpwatcher@adblockplus.org.xpi not found.
File move failed. C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\translator@zoli.bod.xpi scheduled to be moved on reboot.
File move failed. C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi scheduled to be moved on reboot.
File move failed. C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
C:\Windows\tasks\AutoKMSDaily.job moved successfully.
C:\ProgramData\DP45977C.lfl moved successfully.
C:\Windows\tasks\AutoKMS.job moved successfully.
C:\Windows\AutoKMS.ini moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Defeld
->Temp folder emptied: 65406673 bytes
->Temporary Internet Files folder emptied: 5164705 bytes
->FireFox cache emptied: 282471339 bytes
->Flash cache emptied: 1223 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4746838 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 341,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Defeld
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01082017_174016

Files\Folders moved on Reboot...
C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions folder moved successfully.
File\Folder C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\translator@zoli.bod.xpi not found!
File\Folder C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi not found!
File\Folder C:\Users\Defeld\AppData\Roaming\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found!
C:\Users\Defeld\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Defeld\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Defeld\AppData\Local\Mozilla\Firefox\Profiles\6yl39iso.default-1483843057778\startupCache\startupCache.8.little moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170106153146.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170106153147.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170106153154.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170106181459.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170106181500.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Smazáno. Nastala nějaká změna?

Děkuji.. chci se jen zeptat co s těmi programy co jsem psal.. myslím:

Winlogon.exe
csrss.exe
atieclxx.exe

Pořád je vidím v procesech..

děkuji

Tyto procesy jsou regulérní. První je systémový, druhý také a třetí patří k ovladači gr. karty.

Tak děkuji moc za pomoc s počítačem..

)

Rádo se stalo!

VIRY.CZ

Jeden den poo přeinstalování počítače mám v procesech havěť

Jeden den poo přeinstalování počítače mám v procesech havěť

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha

Re: Jeden den poo přeinstalování počítače mám v procesech ha