VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

preinstalovany win7 pomaly a nestabilny

https://forum.viry.cz:443/viewtopic.php?t=150803

Stránka 1 z 2

preinstalovany win7 pomaly a nestabilny

Napsal: 09 pro 2016 15:18
od korzar
Zdravím,
potreboval by som poradit, co robit. Mozno je to virom, mozno zlymi ovladacmi, ale windows mi bootuje pomaly, niekedy musim 2 - 3 krat restartnut, nez nabehne, obcas sa mi stratia ikonky zvuku, je pomalsi ako so starymi ovladacmi a nezvlada videoeditor, ktory predtym isiel v pohode. Najde sa niekto, kto sa mi na to pozrie? Vopred ďakujem :-)

Pocitac:
Typ počítača ACPI x64-based PC
Operačný systém Windows 7 Professional Media Center Edition
DirectX 4.09.00.0904 (DirectX 9.0c)
Typ procesora 2x , 2800 MHz
Systém.pamäť 8192 MB
Grafická karta AMD Radeon HD 6700 Series
Zvuková karta High Definition Audio Controller [NoDB]
Typ procesora 2x , 2800 MHz
AMD Athlon(tm) II X4 641 Quad-Core Processor, 2800 MHz

LOG DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18523
Run by peg at 15:10:32 on 2016-12-09
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.8189.4927 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: ESET NOD32 Antivirus 10.0.369.1 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET NOD32 Antivirus 10.0.369.1 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeUltimate10.exe
C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.bin
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ACDSeeCommanderUltimate10] C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3ED6C1F5-DB0D-4E13-A066-60EC30D2C9A7} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 keystone.mwbsys.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Verimatrix\ViewRight Web\npViewRight.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2016-11-22 11944]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2016-11-2 56336]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2016-10-13 232072]
R1 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2016-10-13 67712]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-11-17 27552]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-28 246784]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-8-5 83768]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-10-11 2815520]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2016-11-20 98304]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-10-12 1136608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-10-12 1514464]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2016-11-17 108768]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2016-11-17 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2016-11-17 229088]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-11-17 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2016-11-17 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-5-25 94208]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2016-11-20 3735552]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-10-12 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-10-12 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-10-12 64896]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-11-13 135928]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2016-11-22 61656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2016-11-22 1035272]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-5-6 639512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-7-14 107192]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-7-14 128696]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2016-10-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-10-17 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-11-15 114688]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-10-17 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-10-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2016-10-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-10-17 1255736]
.
=============== Created Last 30 ================
.
2016-12-09 10:23:04 321480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\moz6D16.tmp
2016-12-08 21:18:32 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05CFDC01-75A2-48DE-BB69-11A743833BB1}\gapaengine.dll
2016-12-08 21:14:57 11781064 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1DF22AFD-A261-4984-A662-D78595F084CC}\mpengine.dll
2016-11-29 19:15:50 11781064 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-11-28 08:15:07 -------- d-----w- C:\Windows\pss
2016-11-25 17:59:34 -------- d-----w- C:\Program Files\ESET
2016-11-25 10:34:46 -------- d-----w- C:\Users\peg\AppData\Local\ESET
2016-11-22 20:19:56 -------- d-----w- C:\Users\peg\aTubeCatcher
2016-11-22 19:02:24 -------- d-----w- C:\Users\peg\AppData\Local\Diagnostics
2016-11-22 14:39:13 -------- d-----w- C:\Program Files (x86)\HP
2016-11-22 14:39:12 -------- d-----w- C:\Program Files\HP
2016-11-22 14:38:47 622480 ----a-w- C:\Windows\System32\HPWia2_DJ2050_J510.dll
2016-11-22 14:38:47 2723728 ----a-w- C:\Windows\System32\HPScanTRDrv_DJ2050_J510.dll
2016-11-22 14:38:46 332176 ----a-w- C:\Windows\System32\hpinksts8711LM.dll
2016-11-22 14:38:45 270224 ----a-w- C:\Windows\System32\hpinkcoi8711.dll
2016-11-22 14:38:44 2873744 ----a-w- C:\Windows\System32\hpinkins8711.exe
2016-11-22 14:37:33 61656 ----a-w- C:\Windows\System32\drivers\Rtnic64.sys
2016-11-22 14:35:25 1035272 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2016-11-22 14:35:24 82544 ----a-w- C:\Windows\System32\RtNicProp64.dll
2016-11-22 14:32:18 11944 ----a-w- C:\Windows\System32\drivers\amdide64.sys
2016-11-20 20:19:59 -------- d-----w- C:\Users\peg\AppData\Roaming\Radegast
2016-11-20 20:19:17 -------- d-----w- C:\Program Files (x86)\Radegast
2016-11-20 18:46:10 548864 ----a-w- C:\Windows\SysWow64\GDS32.DLL
2016-11-20 18:32:31 -------- d-----w- C:\Users\peg\AppData\Local\SpacialAudio
2016-11-20 18:27:10 -------- d-----w- C:\Program Files (x86)\SpacialAudio
2016-11-20 17:44:50 -------- d-----w- C:\ProgramData\MySQL
2016-11-20 17:23:35 -------- d-----w- C:\Program Files\Firebird
2016-11-20 17:16:55 -------- d-----w- C:\ProgramData\firebird
2016-11-20 17:16:39 -------- d-----w- C:\Program Files (x86)\Firebird
2016-11-17 18:24:49 77824 ----a-w- C:\Windows\SysWow64\fmcodec.DLL
2016-11-17 18:24:37 -------- d-----w- C:\Program Files (x86)\DsNET Corp
2016-11-17 11:41:05 -------- d-----w- C:\Users\peg\AppData\Roaming\AMD
2016-11-17 11:00:49 -------- d-----w- C:\Windows\System32\DAX2
2016-11-17 10:43:17 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2016-11-17 10:43:17 103424 ----a-w- C:\Windows\System32\DelayAPO.dll
2016-11-17 10:31:15 65408 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys
2016-11-17 10:21:30 108768 ----a-w- C:\Windows\System32\drivers\amdhub30.sys
2016-11-17 10:17:00 229088 ----a-w- C:\Windows\System32\drivers\amdxhc.sys
2016-11-17 10:00:25 -------- d-----w- C:\Program Files\AMD
2016-11-17 09:58:59 6477312 ----a-w- C:\Windows\System32\amdmantle64.dll
2016-11-17 09:58:59 5068288 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2016-11-17 09:58:59 204800 ----a-w- C:\Windows\System32\amdgfxinfo64.dll
2016-11-17 09:58:59 189952 ----a-w- C:\Windows\SysWow64\amdgfxinfo32.dll
2016-11-17 09:46:34 -------- d-----w- C:\ProgramData\ProductData
2016-11-17 09:46:32 -------- d-----w- C:\Windows\IObit
2016-11-17 09:45:43 27552 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2016-11-17 09:45:43 -------- d-----w- C:\ProgramData\IObit
2016-11-17 09:45:19 -------- d-----w- C:\Program Files (x86)\IObit
2016-11-17 09:45:00 -------- d-----w- C:\Users\peg\AppData\Roaming\IObit
2016-11-17 08:39:23 -------- d-----w- C:\Users\peg\AppData\Local\AMD
2016-11-17 08:39:15 -------- d-----w- C:\Users\peg\AppData\Local\ATI
2016-11-17 08:39:11 -------- d-----w- C:\Program Files (x86)\AMD APP
2016-11-17 08:39:03 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2016-11-17 08:37:48 -------- d-----w- C:\ProgramData\AMD
2016-11-17 08:37:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2016-11-17 08:37:40 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2016-11-17 08:37:10 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2016-11-17 08:36:12 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2016-11-17 08:09:54 -------- d-----w- C:\Users\peg\AppData\Local\eSupport.com
2016-11-17 08:09:49 -------- d-----w- C:\Program Files (x86)\eSupport.com
2016-11-17 08:03:47 -------- d-----w- C:\Program Files (x86)\Lavalys
2016-11-16 17:46:14 -------- d-----w- C:\Windows\Profiles
2016-11-16 17:46:14 -------- d-----w- C:\Users\peg\AppData\Roaming\URSoft
2016-11-16 17:45:57 -------- d-----w- C:\Program Files (x86)\Your Uninstaller
2016-11-16 15:39:16 -------- d-----w- C:\Program Files\NewBlue
2016-11-16 15:38:08 -------- d-----w- C:\Program Files (x86)\NewBlue
2016-11-16 12:10:15 -------- d-----w- C:\Users\peg\AppData\Local\Xara
2016-11-16 12:10:12 -------- d-----w- C:\Users\peg\AppData\Roaming\MAGIX
2016-11-16 12:10:03 -------- d-----w- C:\Program Files\Common Files\MAGIX Shared
2016-11-16 12:10:03 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Shared
2016-11-16 12:08:37 -------- d-----w- C:\Program Files\Common Files\MAGIX Services
2016-11-16 12:08:32 -------- d-----w- C:\Program Files\MAGIX
2016-11-16 12:05:17 -------- d-----w- C:\ProgramData\MAGIX
2016-11-16 12:05:17 -------- d-----w- C:\Program Files (x86)\MAGIX
2016-11-16 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2016-11-16 12:04:39 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2016-11-15 00:42:59 877056 ----a-w- C:\Windows\System32\oleaut32.dll
.
==================== Find3M ====================
.
2016-12-09 10:22:09 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-11-22 14:35:25 116304 ----a-w- C:\Windows\System32\RTNUninst64.dll
2016-11-17 10:31:15 94208 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-28 01:22:26 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-10-27 19:13:51 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-10-27 19:13:36 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-10-27 18:55:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-10-27 18:54:13 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-10-27 18:54:04 417792 ----a-w- C:\Windows\System32\html.iec
2016-10-27 18:53:35 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-10-27 18:53:20 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-10-27 18:37:41 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-10-27 18:37:40 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-10-27 18:37:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-10-27 18:28:32 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-10-27 18:19:40 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-10-27 18:15:42 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-10-27 17:44:44 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-10-27 17:44:24 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-10-27 17:16:51 2920448 ----a-w- C:\Windows\System32\wininet.dll
2016-10-25 15:02:34 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-10-22 17:54:16 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-10-22 17:36:58 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-10-22 17:36:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-10-22 17:35:55 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-10-22 17:35:40 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-10-22 17:34:30 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-10-22 17:21:34 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-10-22 17:20:58 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-10-22 17:04:17 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-10-22 16:44:04 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-10-22 16:43:36 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-10-22 16:43:09 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-10-22 16:12:44 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-10-16 23:34:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2016-10-16 23:34:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2016-10-16 23:34:09 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2016-10-16 23:34:09 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2016-10-16 16:37:31 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2016-10-16 16:37:31 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2016-10-16 16:37:31 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2016-10-16 16:37:31 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2016-10-16 16:37:31 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-10-15 15:31:21 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-10-15 15:13:55 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-10-15 15:13:55 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2016-10-13 14:39:14 67712 ----a-w- C:\Windows\System32\drivers\epfwwfpr.sys
2016-10-13 14:39:14 232072 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2016-10-13 14:39:14 177792 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
2016-10-13 09:03:35 68608 ----a-w- C:\Windows\System32\taskhost.exe
2016-10-13 09:00:13 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2016-10-13 09:00:13 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2016-10-12 23:40:35 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-10-12 23:40:35 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-12 22:38:05 0 ----a-w- C:\Windows\ativpsrm.bin
2016-10-11 15:40:56 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-10-11 15:37:24 706792 ----a-w- C:\Windows\System32\winload.efi
2016-10-11 15:37:24 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-10-11 15:37:23 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-10-11 15:37:23 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-10-11 15:37:23 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-10-11 15:34:46 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-10-11 15:31:59 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-10-11 15:24:41 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-10-11 15:24:41 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-10-11 15:21:52 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-10-11 15:03:45 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-10-11 15:03:43 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-10-11 15:03:41 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-10-11 15:03:03 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-10-11 14:59:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-10-11 14:59:03 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-10-11 14:56:22 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-10-11 14:55:48 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-10-11 14:55:46 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-10-11 14:55:33 346112 ----a-w- C:\Windows\System32\bcdedit.exe
2016-10-11 14:55:11 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-10-11 14:55:05 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-10-11 14:55:01 112640 ----a-w- C:\Windows\System32\smss.exe
2016-10-11 14:51:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-10-11 14:51:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-10-11 14:51:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-10-11 14:51:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-10-11 14:50:49 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-10-11 14:50:42 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 14:50:42 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 14:50:42 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 14:50:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 13:33:27 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
.
============= FINISH: 15:11:31,76 ===============

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 09 pro 2016 15:18
od korzar
LOG RSIT

Logfile of random's system information tool 1.14 (written by random/random)
Run by peg at 2016-12-09 15:15:05
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 780 GB (82%) free of 954 GB
Total RAM: 8189 MB (60% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:15:12, on 9. 12. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\peg_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ACDSeeCommanderUltimate10] C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://files.creative.com/Web/softwareu ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://files.creative.com/Web/softwareu ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://files.creative.com/Web/softwareu ... /CTPID.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8862 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe"
"C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe" -h
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeUltimate10.exe" /si "C:\Users\peg\Desktop\rozdelenie\Havana\IMG_5249.JPG"
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\peg\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\system32\tasks\{0871EDC5-D146-4707-AF6A-8E13F880F597} - C:\Windows\system32\pcalua.exe -a C:\Users\peg\Desktop\sam\sambc-up.exe -d C:\Users\peg\Desktop\sam
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-4037657875-1975843340-528618366-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan - c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Mozilla firefox=========

ProfilePath - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@verimatrix.com/ViewRightWeb]
"Description"=Verimatrix ViewRightWeb
"Path"=C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.185 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Element Hiding Helper pre Adblock Plus - extension - elemhidehelper@adblockplus.org
S3.Google Translator - extension - s3google@translator

C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\extensions.json
S3.Google Translator - extension - s3google@translator - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\extensions\s3google@translator.xpi
Element Hiding Helper for Adblock Plus - extension - elemhidehelper@adblockplus.org - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\extensions\elemhidehelper@adblockplus.org.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\pluginreg.dat
Plugin - Adobe Acrobat - 9.3.0.148 - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Silverlight Plug-In - 5.1.50901.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
Plugin - Shockwave Flash - 23.0.0.185 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
Plugin - Verimatrix ViewRight - 3.3.0.0 - C:\Program Files (x86)\Verimatrix\ViewRight Web\npViewRight.dll

=========Google Chrome=========

C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Google Slides 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Google Docs 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Google Drive 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Google Sheets 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 0 Google Docs Offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Chrome Web Store Payments 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-11-17 16696832]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-17 1467400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"ACDSeeCommanderUltimate10"=C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe [2016-10-20 3425224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]
C:\Program Files (x86)\Gigabyte\UpdManager\PreRun.exe [2008-04-03 297480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^peg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk]
C:\Windows\system32\RunDll32.exe [2009-07-14 45568]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"SPIRunE"=Rundll32 SPIRunE.dll,RunDLLEntry []
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-09 15:15:05 ----D---- C:\Program Files\trend micro
2016-12-09 15:15:04 ----D---- C:\rsit
2016-11-28 09:15:07 ----D---- C:\Windows\pss
2016-11-25 18:59:34 ----D---- C:\ProgramData\ESET
2016-11-25 18:59:34 ----D---- C:\Program Files\ESET
2016-11-22 15:39:13 ----D---- C:\ProgramData\HP
2016-11-22 15:39:13 ----D---- C:\Program Files (x86)\HP
2016-11-22 15:39:12 ----D---- C:\Program Files\HP
2016-11-22 15:39:08 ----A---- C:\ProgramData\Ament.ini
2016-11-22 15:38:47 ----A---- C:\Windows\system32\HPWia2_DJ2050_J510.dll
2016-11-22 15:38:47 ----A---- C:\Windows\system32\HPScanTRDrv_DJ2050_J510.dll
2016-11-22 15:38:46 ----A---- C:\Windows\system32\hpinksts8711LM.dll
2016-11-22 15:38:45 ----A---- C:\Windows\system32\hpinkcoi8711.dll
2016-11-22 15:38:44 ----A---- C:\Windows\system32\hpinkins8711.exe
2016-11-22 15:37:33 ----A---- C:\Windows\system32\drivers\Rtnic64.sys
2016-11-22 15:35:25 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2016-11-22 15:35:24 ----A---- C:\Windows\system32\RtNicProp64.dll
2016-11-22 15:32:18 ----A---- C:\Windows\system32\drivers\amdide64.sys
2016-11-22 08:24:05 ----D---- C:\Windows\Minidump
2016-11-20 21:19:59 ----D---- C:\Users\peg\AppData\Roaming\Radegast
2016-11-20 21:19:17 ----D---- C:\Program Files (x86)\Radegast
2016-11-20 19:46:10 ----A---- C:\Windows\SYSWOW64\GDS32.DLL
2016-11-20 19:27:10 ----D---- C:\Program Files (x86)\SpacialAudio
2016-11-20 18:44:50 ----D---- C:\ProgramData\MySQL
2016-11-20 18:23:35 ----D---- C:\Program Files\Firebird
2016-11-20 18:16:55 ----D---- C:\ProgramData\firebird
2016-11-20 18:16:39 ----D---- C:\Program Files (x86)\Firebird
2016-11-17 19:24:49 ----A---- C:\Windows\SYSWOW64\fmcodec.DLL
2016-11-17 19:24:37 ----D---- C:\Program Files (x86)\DsNET Corp
2016-11-17 12:41:05 ----D---- C:\Users\peg\AppData\Roaming\AMD
2016-11-17 12:00:49 ----D---- C:\Windows\system32\DAX2
2016-11-17 11:59:33 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2016-11-17 11:59:32 ----A---- C:\Windows\system32\YamahaAE3.dll
2016-11-17 11:59:32 ----A---- C:\Windows\system32\YamahaAE2.dll
2016-11-17 11:59:32 ----A---- C:\Windows\system32\YamahaAE.dll
2016-11-17 11:59:32 ----A---- C:\Windows\system32\WavesGUILib64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tossaemaxapo64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tossaeapo64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\toseaeapo64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tosasfapo64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tosade.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tepeqapo64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tbb_waves.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tadefxapo264.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\tadefxapo.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\SRSWOW64.dll
2016-11-17 11:59:31 ----A---- C:\Windows\system32\SRSTSX64.dll
2016-11-17 11:59:30 ----A---- C:\Windows\SYSWOW64\SRCOM.dll
2016-11-17 11:59:30 ----A---- C:\Windows\system32\SRSTSH64.dll
2016-11-17 11:59:30 ----A---- C:\Windows\system32\SRSHP64.dll
2016-11-17 11:59:30 ----A---- C:\Windows\system32\SRRPTR64.dll
2016-11-17 11:59:30 ----A---- C:\Windows\system32\SRCOM64.dll
2016-11-17 11:59:30 ----A---- C:\Windows\system32\SRCOM.dll
2016-11-17 11:59:30 ----A---- C:\Windows\system32\SRAPO64.dll
2016-11-17 11:59:29 ----A---- C:\Windows\system32\sltech64.dll
2016-11-17 11:59:29 ----A---- C:\Windows\system32\slprp64.dll
2016-11-17 11:59:28 ----A---- C:\Windows\system32\slcnt64.dll
2016-11-17 11:59:28 ----A---- C:\Windows\system32\sl3apo64.dll
2016-11-17 11:59:28 ----A---- C:\Windows\system32\SFSS_APO.dll
2016-11-17 11:59:28 ----A---- C:\Windows\system32\SFNHK64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2016-11-17 11:59:27 ----A---- C:\Windows\SYSWOW64\SEHDHF32.dll
2016-11-17 11:59:27 ----A---- C:\Windows\SYSWOW64\SECOMN32.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\SFCOM64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\SFAPO64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\SEHDRA64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\SEHDHF64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\SECOMN64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\SEAPO64.dll
2016-11-17 11:59:27 ----A---- C:\Windows\system32\RtPgEx64.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RtkCoLDR64.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RtkCfg64.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RtkApi64.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RTEEP64A.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RTEEL64A.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RTEEG64A.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RTEED64A.dll
2016-11-17 11:59:26 ----A---- C:\Windows\system32\RtDataProc64.dll
2016-11-17 11:59:25 ----A---- C:\Windows\SYSWOW64\RltkAPO.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\RTCOM64.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\RP3DHT64.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\RP3DAA64.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\RltkAPO64.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\RCoInstII64.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\R4EEP64A.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\R4EEL64A.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\R4EEG64A.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\R4EED64A.dll
2016-11-17 11:59:25 ----A---- C:\Windows\system32\R4EEA64A.dll
2016-11-17 11:59:24 ----A---- C:\Windows\system32\NAHIMICV3apo.dll
2016-11-17 11:59:24 ----A---- C:\Windows\system32\NAHIMICV2apo.dll
2016-11-17 11:59:24 ----A---- C:\Windows\system32\NahimicAPONSControl.dll
2016-11-17 11:59:24 ----A---- C:\Windows\system32\NAHIMICAPOlfx.dll
2016-11-17 11:59:24 ----A---- C:\Windows\system32\MISS_APO.dll
2016-11-17 11:59:23 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-11-17 11:59:23 ----A---- C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-11-17 11:59:23 ----A---- C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-11-17 11:59:23 ----A---- C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-11-17 11:59:22 ----A---- C:\Windows\system32\MaxxSpeechAPO64.dll
2016-11-17 11:59:22 ----A---- C:\Windows\system32\MaxxAudioRenderAVX64.dll
2016-11-17 11:59:22 ----A---- C:\Windows\system32\MaxxAudioRender64.dll
2016-11-17 11:59:21 ----A---- C:\Windows\system32\MaxxAudioRealtek64.dll
2016-11-17 11:59:21 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2016-11-17 11:59:21 ----A---- C:\Windows\system32\MaxxAudioCapture64.dll
2016-11-17 11:59:21 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-11-17 11:59:21 ----A---- C:\Windows\system32\MaxxAudioAPO7064.dll
2016-11-17 11:59:21 ----A---- C:\Windows\system32\MaxxAudioAPO6064.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\MaxxAudioAPO5064.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\MaxxAudioAPO4064.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\KAAPORT64.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\IntelSstCApoPropPage.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\IntelSSTAPO.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\ICEsoundAPO64.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMUI.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMLimiter.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMHVS.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMEQ_Voice.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMEQ.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMClariFi.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HMAPO.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HiFiDAX2API.dll
2016-11-17 11:59:20 ----A---- C:\Windows\system32\HarmanAudioInterface.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\FMAPO64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSU2PREC64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSU2PLFX64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSU2PGFX64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-11-17 11:59:19 ----A---- C:\Windows\system32\DolbyDAX2APOv211.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DolbyDAX2APOv201.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DolbyDAX2APOProp.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPP64AF3.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPP64A.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPO64AF3.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPO64A.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPD64AF3.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPD64A.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPA64F3.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\DDPA64.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\CX64Proxy.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\CX64APO.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\CAF64APO2.dll
2016-11-17 11:59:18 ----A---- C:\Windows\system32\Caf64api.dll
2016-11-17 11:59:17 ----A---- C:\Windows\system32\audioLibVc.dll
2016-11-17 11:59:17 ----A---- C:\Windows\system32\AERTAR64.dll
2016-11-17 11:59:17 ----A---- C:\Windows\system32\AERTAC64.dll
2016-11-17 11:59:17 ----A---- C:\Windows\system32\AcpiServiceVnA64.dll
2016-11-17 11:59:13 ----A---- C:\Windows\system32\drivers\rtvienna.dat
2016-11-17 11:59:13 ----A---- C:\Windows\system32\drivers\rtkSSTsetting.dat
2016-11-17 11:59:12 ----A---- C:\Windows\system32\RCoRes64.dat
2016-11-17 11:59:12 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2016-11-17 11:43:17 ----A---- C:\Windows\system32\drivers\AtihdW76.sys
2016-11-17 11:43:17 ----A---- C:\Windows\system32\DelayAPO.dll
2016-11-17 11:31:15 ----A---- C:\Windows\system32\drivers\EtronHub3.sys
2016-11-17 11:21:30 ----A---- C:\Windows\system32\drivers\amdhub30.sys
2016-11-17 11:17:00 ----A---- C:\Windows\system32\drivers\amdxhc.sys
2016-11-17 11:00:25 ----D---- C:\Program Files\AMD
2016-11-17 10:59:10 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2016-11-17 10:59:10 ----A---- C:\Windows\system32\OpenCL.dll
2016-11-17 10:59:10 ----A---- C:\Windows\system32\coinst_15.20.dll
2016-11-17 10:59:09 ----A---- C:\Windows\system32\amdocl64.dll
2016-11-17 10:59:09 ----A---- C:\Windows\system32\amdocl12cl64.dll
2016-11-17 10:59:08 ----A---- C:\Windows\SYSWOW64\amdocl12cl.dll
2016-11-17 10:59:07 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2016-11-17 10:59:07 ----A---- C:\Windows\system32\clinfo.exe
2016-11-17 10:59:06 ----A---- C:\Windows\SYSWOW64\amdocl_ld32.exe
2016-11-17 10:59:06 ----A---- C:\Windows\SYSWOW64\amdocl_as32.exe
2016-11-17 10:59:06 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2016-11-17 10:59:06 ----A---- C:\Windows\system32\amdocl_ld64.exe
2016-11-17 10:59:06 ----A---- C:\Windows\system32\amdocl_as64.exe
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\hsa-thunk.dll
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\detoured.dll
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2016-11-17 10:59:05 ----A---- C:\Windows\system32\mantleaxl64.dll
2016-11-17 10:59:05 ----A---- C:\Windows\system32\mantle64.dll
2016-11-17 10:59:05 ----A---- C:\Windows\system32\hsa-thunk64.dll
2016-11-17 10:59:05 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2016-11-17 10:59:05 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2016-11-17 10:59:05 ----A---- C:\Windows\system32\detoured.dll
2016-11-17 10:59:05 ----A---- C:\Windows\system32\atieah64.exe
2016-11-17 10:59:05 ----A---- C:\Windows\system32\atiapfxx.exe
2016-11-17 10:59:03 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2016-11-17 10:59:03 ----A---- C:\Windows\system32\atitmm64.dll
2016-11-17 10:59:02 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2016-11-17 10:59:02 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atio6axx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atimuixx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atimpc64.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atiglpxx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atig6txx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atig6pxx.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\amdpcom64.dll
2016-11-17 10:59:01 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2016-11-17 10:59:01 ----A---- C:\Windows\system32\atidemgy.dll
2016-11-17 10:59:01 ----A---- C:\Windows\system32\aticalrt64.dll
2016-11-17 10:59:00 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2016-11-17 10:59:00 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2016-11-17 10:59:00 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2016-11-17 10:59:00 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2016-11-17 10:59:00 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2016-11-17 10:59:00 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2016-11-17 10:59:00 ----A---- C:\Windows\system32\aticaldd64.dll
2016-11-17 10:59:00 ----A---- C:\Windows\system32\aticalcl64.dll
2016-11-17 10:59:00 ----A---- C:\Windows\system32\amdmmcl6.dll
2016-11-17 10:58:59 ----A---- C:\Windows\SYSWOW64\ativvsvl.dat
2016-11-17 10:58:59 ----A---- C:\Windows\SYSWOW64\ativvsva.dat
2016-11-17 10:58:59 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2016-11-17 10:58:59 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvsvl.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvsva.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_vi_nd.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_vi.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_FJ_nd.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_FJ.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_cz_nd.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_cik_nd.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativvaxy_cik.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativce03.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\ativce02.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\atiicdxx.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\amdmantle64.dll
2016-11-17 10:58:59 ----A---- C:\Windows\system32\amdicdxx.dat
2016-11-17 10:58:59 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2016-11-17 10:58:59 ----A---- C:\Windows\system32\amde31a.dat
2016-11-17 10:46:34 ----D---- C:\ProgramData\ProductData
2016-11-17 10:46:32 ----D---- C:\Windows\IObit
2016-11-17 10:45:43 ----D---- C:\ProgramData\IObit
2016-11-17 10:45:43 ----A---- C:\Windows\SYSWOW64\drivers\HWiNFO64A.SYS
2016-11-17 10:45:19 ----D---- C:\Program Files (x86)\IObit
2016-11-17 10:45:00 ----D---- C:\Users\peg\AppData\Roaming\IObit
2016-11-17 09:39:15 ----D---- C:\Users\peg\AppData\Roaming\ATI
2016-11-17 09:39:15 ----D---- C:\ProgramData\ATI
2016-11-17 09:39:11 ----D---- C:\Program Files (x86)\AMD APP
2016-11-17 09:37:48 ----D---- C:\ProgramData\AMD
2016-11-17 09:37:47 ----A---- C:\Windows\system32\drivers\amdiox64.sys
2016-11-17 09:37:40 ----D---- C:\Program Files\Common Files\ATI Technologies
2016-11-17 09:37:10 ----A---- C:\Windows\system32\ATIDEMGX.dll
2016-11-17 09:36:12 ----D---- C:\Program Files (x86)\ATI Technologies
2016-11-17 09:09:49 ----D---- C:\Program Files (x86)\eSupport.com
2016-11-17 09:03:47 ----D---- C:\Program Files (x86)\Lavalys
2016-11-16 18:48:23 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-11-16 18:48:23 ----A---- C:\Windows\system32\winload.exe
2016-11-16 18:48:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-11-16 18:48:23 ----A---- C:\Windows\system32\ntdll.dll
2016-11-16 18:48:23 ----A---- C:\Windows\system32\lsasrv.dll
2016-11-16 18:48:23 ----A---- C:\Windows\system32\crypt32.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-16 18:48:22 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-11-16 18:48:22 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\wow64win.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\wow64cpu.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\wow64.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\wintrust.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\winsrv.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\wdigest.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\TSpkg.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\sspisrv.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\sspicli.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\srcore.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\srclient.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\smss.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\schannel.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\secur32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\rstrui.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\rpchttp.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\rpcrt4.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\ntvdm64.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\ncrypt.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\msv1_0.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\lsass.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\KernelBase.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\kernel32.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\kerberos.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-11-16 18:48:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-11-16 18:48:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-11-16 18:48:22 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-11-16 18:48:22 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-11-16 18:48:22 ----A---- C:\Windows\system32\drivers\appid.sys
2016-11-16 18:48:22 ----A---- C:\Windows\system32\csrsrv.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\cryptsvc.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\cryptnet.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\cryptbase.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\credssp.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\conhost.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\certcli.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\bcdedit.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\auditpol.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\appidsvc.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-11-16 18:48:22 ----A---- C:\Windows\system32\appidapi.dll
2016-11-16 18:48:22 ----A---- C:\Windows\system32\advapi32.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-16 18:48:21 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\user.exe
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-11-16 18:48:21 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-11-16 18:48:21 ----A---- C:\Windows\system32\nlsbres.dll
2016-11-16 18:48:21 ----A---- C:\Windows\system32\msobjs.dll
2016-11-16 18:48:21 ----A---- C:\Windows\system32\msaudite.dll
2016-11-16 18:48:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-11-16 18:48:21 ----A---- C:\Windows\system32\adtschema.dll
2016-11-16 18:46:14 ----D---- C:\Windows\Profiles
2016-11-16 18:46:14 ----D---- C:\Users\peg\AppData\Roaming\URSoft
2016-11-16 18:46:13 ----AD---- C:\ProgramData\TEMP
2016-11-16 18:45:57 ----D---- C:\Program Files (x86)\Your Uninstaller
2016-11-16 16:39:16 ----D---- C:\Program Files\NewBlue
2016-11-16 16:38:08 ----D---- C:\Program Files (x86)\NewBlue
2016-11-16 13:10:12 ----D---- C:\Users\peg\AppData\Roaming\MAGIX
2016-11-16 13:10:03 ----D---- C:\Program Files\Common Files\MAGIX Shared
2016-11-16 13:08:37 ----D---- C:\Program Files\Common Files\MAGIX Services
2016-11-16 13:08:32 ----D---- C:\Program Files\MAGIX
2016-11-16 13:05:17 ----D---- C:\ProgramData\MAGIX
2016-11-16 13:05:17 ----D---- C:\Program Files (x86)\MAGIX
2016-11-16 13:04:39 ----D---- C:\Program Files (x86)\MSXML 4.0
2016-11-15 22:57:06 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-15 01:43:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-11-15 01:43:07 ----A---- C:\Windows\system32\mshtml.dll
2016-11-15 01:43:06 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-11-15 01:43:06 ----A---- C:\Windows\system32\ieframe.dll
2016-11-15 01:43:05 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-11-15 01:43:05 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-11-15 01:43:05 ----A---- C:\Windows\system32\wininet.dll
2016-11-15 01:43:05 ----A---- C:\Windows\system32\win32k.sys
2016-11-15 01:43:05 ----A---- C:\Windows\system32\jscript9.dll
2016-11-15 01:43:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-11-15 01:43:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-11-15 01:43:04 ----A---- C:\Windows\system32\urlmon.dll
2016-11-15 01:43:04 ----A---- C:\Windows\system32\MSVidCtl.dll
2016-11-15 01:43:04 ----A---- C:\Windows\system32\iertutil.dll
2016-11-15 01:43:03 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-11-15 01:43:03 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2016-11-15 01:43:03 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2016-11-15 01:43:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-11-15 01:43:03 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-11-15 01:43:03 ----A---- C:\Windows\system32\win32spl.dll
2016-11-15 01:43:03 ----A---- C:\Windows\system32\UIAnimation.dll
2016-11-15 01:43:03 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-11-15 01:43:03 ----A---- C:\Windows\system32\ie4uinit.exe
2016-11-15 01:43:03 ----A---- C:\Windows\system32\clfs.sys
2016-11-15 01:43:03 ----A---- C:\Windows\system32\atmfd.dll
2016-11-15 01:43:02 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-11-15 01:43:02 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-11-15 01:43:02 ----A---- C:\Windows\system32\msfeeds.dll
2016-11-15 01:43:02 ----A---- C:\Windows\system32\msctf.dll
2016-11-15 01:43:02 ----A---- C:\Windows\system32\inetcomm.dll
2016-11-15 01:43:02 ----A---- C:\Windows\system32\IMJP10K.DLL
2016-11-15 01:43:02 ----A---- C:\Windows\system32\iedkcs32.dll
2016-11-15 01:43:02 ----A---- C:\Windows\system32\drivers\bowser.sys
2016-11-15 01:43:01 ----A---- C:\Windows\system32\UtcResources.dll
2016-11-15 01:43:01 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\msctf.dll
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\input.dll
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-11-15 01:42:59 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-11-15 01:42:59 ----A---- C:\Windows\system32\webcheck.dll
2016-11-15 01:42:59 ----A---- C:\Windows\system32\oleaut32.dll
2016-11-15 01:42:59 ----A---- C:\Windows\system32\input.dll
2016-11-15 01:42:59 ----A---- C:\Windows\system32\dxtrans.dll
2016-11-15 01:42:59 ----A---- C:\Windows\system32\dxtmsft.dll
2016-11-15 01:42:59 ----A---- C:\Windows\system32\asycfilt.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-11-15 01:42:58 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\occache.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\msrating.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\mshtmled.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\jsproxy.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\jscript9diag.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\inseng.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\ieUnatt.exe
2016-11-15 01:42:58 ----A---- C:\Windows\system32\ieui.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\iesetup.dll
2016-11-15 01:42:58 ----A---- C:\Windows\system32\iernonce.dll
2016-11-15 01:42:57 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-11-15 01:42:57 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-11-15 01:42:57 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-11-15 01:42:57 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2016-11-15 01:42:57 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-11-15 01:42:57 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-11-15 01:42:57 ----A---- C:\Windows\system32\vbscript.dll
2016-11-15 01:42:57 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-11-15 01:42:57 ----A---- C:\Windows\system32\jscript.dll
2016-11-15 01:42:57 ----A---- C:\Windows\system32\INETRES.dll
2016-11-15 01:42:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-11-15 01:42:57 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-11-15 01:42:57 ----A---- C:\Windows\system32\ieapfltr.dll
2016-11-15 01:42:56 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-11-15 01:42:56 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-11-15 01:42:56 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-11-15 01:42:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-11-15 01:42:56 ----A---- C:\Windows\system32\lpk.dll
2016-11-15 01:42:56 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-11-15 01:42:56 ----A---- C:\Windows\system32\fontsub.dll
2016-11-15 01:42:56 ----A---- C:\Windows\system32\dciman32.dll
2016-11-15 01:42:56 ----A---- C:\Windows\system32\atmlib.dll
2016-11-15 01:42:55 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-11-15 01:42:55 ----A---- C:\Windows\system32\tzres.dll
2016-11-15 01:42:50 ----A---- C:\Windows\system32\diagtrack.dll

======List of files/folders modified in the last 1 month======

2016-12-09 15:15:05 ----RD---- C:\Program Files
2016-12-09 15:14:30 ----D---- C:\Windows\Temp
2016-12-09 15:10:38 ----D---- C:\Windows\Prefetch
2016-12-09 11:41:23 ----D---- C:\Windows\system32\config
2016-12-09 11:25:36 ----D---- C:\Windows\System32
2016-12-09 11:25:36 ----D---- C:\Windows\inf
2016-12-09 11:25:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-09 11:23:07 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-08 22:14:49 ----SHD---- C:\System Volume Information
2016-11-30 08:31:07 ----D---- C:\Windows\system32\catroot
2016-11-30 08:31:02 ----SHD---- C:\Windows\Installer
2016-11-30 08:31:01 ----HD---- C:\Config.Msi
2016-11-30 08:30:50 ----D---- C:\Windows
2016-11-30 08:30:48 ----D---- C:\Windows\system32\drivers
2016-11-30 08:30:44 ----D---- C:\Program Files\Microsoft Security Client
2016-11-30 08:30:43 ----D---- C:\Program Files (x86)\Microsoft Security Client
2016-11-28 09:17:43 ----D---- C:\Users\peg\AppData\Roaming\uTorrent
2016-11-28 09:15:47 ----D---- C:\Windows\Tasks
2016-11-28 09:15:47 ----D---- C:\Windows\system32\Tasks
2016-11-25 19:00:08 ----D---- C:\Windows\system32\DriverStore
2016-11-25 18:59:34 ----HD---- C:\ProgramData
2016-11-24 06:58:19 ----D---- C:\Windows\system32\wdi
2016-11-22 20:27:12 ----D---- C:\Windows\system32\NDF
2016-11-22 18:55:53 ----D---- C:\KMPlayer
2016-11-22 15:39:13 ----RD---- C:\Program Files (x86)
2016-11-22 15:39:13 ----D---- C:\Windows\twain_32
2016-11-22 15:35:25 ----A---- C:\Windows\system32\RTNUninst64.dll
2016-11-22 08:56:35 ----D---- C:\Windows\Logs
2016-11-22 08:56:35 ----D---- C:\Windows\debug
2016-11-22 08:49:05 ----D---- C:\Windows\DigitalLocker
2016-11-22 08:47:56 ----D---- C:\Windows\SYSWOW64\drivers
2016-11-20 22:26:32 ----SD---- C:\Users\peg\AppData\Roaming\Microsoft
2016-11-20 19:46:10 ----D---- C:\Windows\SysWOW64
2016-11-20 19:27:56 ----D---- C:\Windows\winsxs
2016-11-20 01:01:38 ----D---- C:\Windows\LiveKernelReports
2016-11-20 00:07:45 ----D---- C:\Users\peg\AppData\Roaming\Firestorm_x64
2016-11-19 10:40:57 ----D---- C:\Windows\rescache
2016-11-17 13:52:18 ----D---- C:\Windows\Microsoft.NET
2016-11-17 13:51:36 ----RSD---- C:\Windows\assembly
2016-11-17 12:43:30 ----D---- C:\Users\peg\AppData\Roaming\Nik Software
2016-11-17 12:01:06 ----D---- C:\Windows\system32\catroot2
2016-11-17 12:00:39 ----D---- C:\Windows\SYSWOW64\RTCOM
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2016-11-17 10:59:05 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2016-11-17 10:59:05 ----A---- C:\Windows\system32\atiuxp64.dll
2016-11-17 10:59:05 ----A---- C:\Windows\system32\atiesrxx.exe
2016-11-17 10:59:05 ----A---- C:\Windows\system32\atieclxx.exe
2016-11-17 10:59:04 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2016-11-17 10:59:04 ----A---- C:\Windows\system32\atiumd6a.dll
2016-11-17 10:59:04 ----A---- C:\Windows\system32\atiumd64.dll
2016-11-17 10:59:03 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2016-11-17 10:59:03 ----A---- C:\Windows\system32\atiu9p64.dll
2016-11-17 10:59:02 ----A---- C:\Windows\system32\atidxx64.dll
2016-11-17 10:59:01 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2016-11-17 10:59:01 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2016-11-17 10:59:01 ----A---- C:\Windows\system32\aticfx64.dll
2016-11-17 10:59:00 ----A---- C:\Windows\system32\atiadlxx.dll
2016-11-17 09:39:03 ----D---- C:\Program Files (x86)\Common Files
2016-11-17 09:38:40 ----D---- C:\Program Files\ATI Technologies
2016-11-17 09:37:40 ----D---- C:\Program Files\Common Files
2016-11-17 09:03:58 ----SD---- C:\ProgramData\Microsoft
2016-11-16 19:01:26 ----D---- C:\Windows\SYSWOW64\en-US
2016-11-16 19:01:23 ----D---- C:\Windows\system32\en-US
2016-11-16 19:01:17 ----D---- C:\Windows\AppPatch
2016-11-16 19:01:16 ----D---- C:\Windows\system32\Boot
2016-11-16 13:09:53 ----RSD---- C:\Windows\Fonts
2016-11-16 13:04:29 ----D---- C:\ProgramData\Package Cache
2016-11-15 09:18:58 ----D---- C:\Program Files\Internet Explorer
2016-11-15 09:18:56 ----D---- C:\Program Files (x86)\Internet Explorer
2016-11-15 09:18:55 ----D---- C:\Windows\SYSWOW64\migration
2016-11-15 09:18:40 ----D---- C:\Windows\system32\migration
2016-11-15 02:51:26 ----D---- C:\Windows\system32\MRT
2016-11-15 02:48:20 ----AC---- C:\Windows\system32\MRT.exe

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide64;amdide64; C:\Windows\system32\DRIVERS\amdide64.sys [2016-11-22 11944]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2012-06-22 56336]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-10-13 232072]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-10-13 177792]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2016-10-13 67712]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-11-17 27552]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2016-11-17 108768]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-11-17 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-11-17 665088]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2016-11-17 229088]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-11-17 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2016-11-17 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2016-11-17 94208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2016-11-17 5310472]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-12-09 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2016-11-22 61656]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2016-11-22 1035272]
R3 t3;Sound Blaster X-Fi Xtreme Audio; C:\Windows\system32\drivers\t3.sys [2009-05-06 639512]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-04-26 353000]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2016-03-28 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-11-17 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-08-05 83768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-10-11 2815520]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-07-14 107192]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-07-14 128696]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14 153752]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-07-25 324224]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2016-10-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-10-17 79360]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-10-27 114688]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-09-09 651576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-09 172488]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-10-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-14 52920]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-14 136360]

-----------------EOF-----------------

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 10 pro 2016 12:02
od korzar
Zdá sa, že môj problém sem nepatrí, keďže nikto nereaguje. Poradíte mi prosím aspoň nejaký nástroj, ktorý by mi počítač nejak zrozumiteľne diagnostikoval? Skúsil som driver booster, ale mam pocit, ze som tomu nijako nepomohol...

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 11 pro 2016 22:06
od altrok
Krasny den Vam preju :bye:


:arrow: Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 100.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne.


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

:arrow: Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • spuste dvojklikem a extrahujte na plochu
  • kliknete na Next
  • aktualizujte virovou databazi klikem na Update a pokracujte na Next
  • vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 20 minut)
  • zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
  • kliknete na Cleanup a souhlaste s restartem - Yes
  • obsah logu ulozene na plose v mbar\mbar-log-2016-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 12 pro 2016 09:26
od korzar
# AdwCleaner v6.040 - Logfile created 12/12/2016 at 09:22:16
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-11.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : peg - PEG-PC
# Running from : C:\Users\peg\Desktop\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\peg\AppData\Local\eSupport.com
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[-] Folder deleted: C:\Program Files (x86)\eSupport.com


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-4037657875-1975843340-528618366-1000\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Conduit
[-] Key deleted: HKLM\SOFTWARE\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit


***** [ Web browsers ] *****

[-] [C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1417 Bytes] - [12/12/2016 09:22:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [1623 Bytes] - [12/12/2016 09:21:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1563 Bytes] ##########

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 12 pro 2016 10:03
od korzar
Ten rootkit stale bezi, ale musim utekat do prace, tak to necham ist a log nahodim popoludni.
Ďakujem moc za pomoc

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 12 pro 2016 17:08
od korzar
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18524

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 8587042816, free: 6512066560

Downloaded database version: v2016.12.12.03
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.11.29.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
12/12/2016 09:28:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdide64.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em000k_64\1010\em000k_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em006_64\1155\em006_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em018_64\1457\em018_64.dll
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtnic64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\t3.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.12.12.03
rootkit: v2016.11.20.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b81060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b81b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b81060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80078b2e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80078c3060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 33B15F6E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953314816
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.83" is compressed (flags = 1)
Infected: C:\Windows\System32\drivers\etc\hosts --> [Hijack.HostFile]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18524

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 8587042816, free: 5408387072

=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
12/12/2016 10:12:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdide64.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em000k_64\1010\em000k_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em006_64\1155\em006_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em018_64\1457\em018_64.dll
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtnic64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\t3.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.12.12.03
rootkit: v2016.11.20.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b81060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b81b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b81060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80078b2e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80078c3060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 33B15F6E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953314816
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0098342CDF321BD50D7B0A262DF09ED346B0DB56.bin.83" is compressed (flags = 1)
Infected: C:\Windows\System32\drivers\etc\hosts --> [Hijack.HostFile]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 13 pro 2016 19:44
od altrok
:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 14 pro 2016 11:19
od korzar
Pise mi to ze first launcher is not valid win 32 aplication

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 14 pro 2016 11:24
od korzar
FIRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by peg (administrator) on PEG-PC (14-12-2016 11:21:10)
Running from C:\Users\peg\Desktop
Loaded Profiles: peg (Available Profiles: peg)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-11-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKU\S-1-5-21-4037657875-1975843340-528618366-1000\...\Run: [ACDSeeCommanderUltimate10] => C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe [3425224 2016-10-20] ()
HKU\S-1-5-21-4037657875-1975843340-528618366-1000\...\MountPoints2: {e6e2e7c6-9106-11e6-a346-806e6f6e6963} - D:\Launch.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 player.kmpmedia.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3ED6C1F5-DB0D-4E13-A066-60EC30D2C9A7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF DefaultProfile: 7t3giv0f.default
FF ProfilePath: C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default [2016-12-14]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\Extensions\elemhidehelper@adblockplus.org.xpi [2016-10-27]
FF Extension: (S3.Google Translator) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\Extensions\s3google@translator.xpi [2016-10-19]
FF Extension: (Adblock Plus) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\7t3giv0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-14] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4037657875-1975843340-528618366-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)

Chrome:
=======
CHR Profile: C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Google Slides) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-18]
CHR Extension: (Google Docs) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-16]
CHR Extension: (Google Drive) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-16]
CHR Extension: (YouTube) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-16]
CHR Extension: (Google Sheets) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-14]
CHR Extension: (Gmail) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-10-17] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-17] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2815520 2016-10-11] (ESET)
S4 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2016-11-22] (Advanced Micro Devices Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [67712 2016-10-13] (ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-17] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2016-11-22] (Realtek Semiconductor Corporation )
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-14 11:21 - 2016-12-14 11:21 - 00011182 _____ C:\Users\peg\Desktop\FRST.txt
2016-12-14 11:21 - 2016-12-14 11:21 - 00000000 ____D C:\FRST
2016-12-14 11:16 - 2016-12-14 11:17 - 00110885 _____ C:\Users\peg\Desktop\FRSTLauncher.exe
2016-12-14 11:09 - 2016-12-14 11:09 - 02420224 _____ (Farbar) C:\Users\peg\Desktop\FRST64.exe
2016-12-14 00:26 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 00:26 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 00:26 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 00:26 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 00:26 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 00:26 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 00:26 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 00:26 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 00:26 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 00:26 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 00:26 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 00:26 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 00:26 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 00:26 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 00:26 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 00:26 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 00:26 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 00:26 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 00:26 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 00:26 - 2016-11-15 00:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-14 00:26 - 2016-11-14 23:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-14 00:26 - 2016-11-12 20:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-14 00:26 - 2016-11-12 20:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 00:26 - 2016-11-12 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-14 00:26 - 2016-11-12 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-14 00:26 - 2016-11-12 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-14 00:26 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 00:26 - 2016-11-12 20:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-14 00:26 - 2016-11-12 20:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-14 00:26 - 2016-11-12 20:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-14 00:26 - 2016-11-12 20:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-14 00:26 - 2016-11-12 20:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-14 00:26 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 00:26 - 2016-11-12 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-14 00:26 - 2016-11-12 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-14 00:26 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 00:26 - 2016-11-12 20:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-14 00:26 - 2016-11-12 19:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 00:26 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 00:26 - 2016-11-12 19:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-14 00:26 - 2016-11-12 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-14 00:26 - 2016-11-12 19:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 00:26 - 2016-11-12 19:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-14 00:26 - 2016-11-12 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-14 00:26 - 2016-11-12 19:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-14 00:26 - 2016-11-12 19:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-14 00:26 - 2016-11-12 19:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-14 00:26 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 00:26 - 2016-11-12 19:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-14 00:26 - 2016-11-12 19:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 00:26 - 2016-11-12 19:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-14 00:26 - 2016-11-12 19:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 00:26 - 2016-11-12 19:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-14 00:26 - 2016-11-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-14 00:26 - 2016-11-12 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-14 00:26 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 00:26 - 2016-11-12 19:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-14 00:26 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 00:26 - 2016-11-12 19:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 00:26 - 2016-11-12 19:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-14 00:26 - 2016-11-12 19:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 00:26 - 2016-11-12 19:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-14 00:26 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 00:26 - 2016-11-12 19:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-14 00:26 - 2016-11-12 19:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-14 00:26 - 2016-11-12 19:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-14 00:26 - 2016-11-12 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 00:26 - 2016-11-12 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-14 00:26 - 2016-11-12 18:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-14 00:26 - 2016-11-12 18:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-14 00:26 - 2016-11-12 18:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-14 00:26 - 2016-11-12 18:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-14 00:26 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 00:26 - 2016-11-12 18:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-14 00:26 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 00:26 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 00:26 - 2016-11-12 18:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-14 00:26 - 2016-11-12 18:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 00:26 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 00:26 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 00:26 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 00:26 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 00:26 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 00:26 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 00:26 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 00:26 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 00:26 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 00:26 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 00:26 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 00:26 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 00:26 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 00:26 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 00:26 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 00:26 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 00:26 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 00:26 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 00:26 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 00:26 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 00:26 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 00:26 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 00:26 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 00:26 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 00:26 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 00:26 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 00:26 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 00:26 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 23:50 - 2016-12-14 00:05 - 00000000 ____D C:\Users\peg\Desktop\keee l
2016-12-13 12:05 - 2005-06-01 12:11 - 00877568 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\is-M26KQ.tmp
2016-12-13 12:05 - 2005-06-01 11:54 - 00634880 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioEditor2.dll
2016-12-13 12:04 - 2016-12-13 12:04 - 00000000 ____D C:\Program Files (x86)\Okoker All to Mp3 Converter
2016-12-13 12:04 - 2005-06-01 12:12 - 00467968 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioRecord2.dll
2016-12-13 12:04 - 2004-11-04 13:31 - 00479744 _____ (NCT) C:\Windows\SysWOW64\NCTAudioCDGrabber2.dll
2016-12-13 12:04 - 2003-08-07 15:01 - 00237568 _____ C:\Windows\SysWOW64\lame_enc.dll
2016-12-13 11:34 - 2016-12-13 11:34 - 07935070 _____ C:\Users\peg\Desktop\Plus 7 dni Shanghai.pdf
2016-12-13 02:43 - 2016-12-13 19:51 - 00000000 ____D C:\Users\peg\AppData\LocalLow\uTorrent
2016-12-12 21:55 - 2016-12-13 10:12 - 00000000 ____D C:\Users\peg\Desktop\USA all
2016-12-12 09:28 - 2016-12-12 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-12 09:20 - 2016-12-12 09:22 - 00000000 ____D C:\AdwCleaner
2016-12-12 09:04 - 2016-12-12 09:04 - 00164744 _____ C:\Windows\ntbtlog.txt
2016-12-11 17:39 - 2016-12-12 00:41 - 00000000 ____D C:\Users\peg\Desktop\VIDEA CIBULKOVA
2016-12-11 17:09 - 2016-12-11 16:50 - 00000000 ____D C:\Users\peg\Desktop\DOMCA USA
2016-12-11 16:18 - 2016-12-12 01:00 - 00000000 ____D C:\Users\peg\Desktop\magix projekty
2016-12-11 14:50 - 2016-12-11 14:50 - 00002878 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (peg)
2016-12-10 20:04 - 2016-12-11 16:10 - 00000000 ____D C:\Users\peg\Desktop\povedali
2016-12-10 17:17 - 2016-12-11 21:25 - 00000000 ____D C:\Users\peg\Desktop\fyz priprava
2016-12-10 17:17 - 2016-12-11 21:04 - 00000000 ____D C:\Users\peg\Desktop\tenis hlavny
2016-12-10 13:16 - 2016-12-10 13:16 - 00000000 ____D C:\Users\peg\AppData\Local\Microsoft Corporation
2016-12-10 12:51 - 2016-12-10 12:51 - 00000000 ____D C:\Users\peg\AppData\Local\ElevatedDiagnostics
2016-12-09 21:05 - 2016-12-09 21:08 - 25325765 _____ C:\Users\peg\Desktop\Havana 2.WMV
2016-12-09 20:17 - 2016-12-09 20:21 - 27413777 _____ C:\Users\peg\Desktop\rano v havane.WMV
2016-12-09 19:23 - 2016-12-09 19:27 - 00000000 ____D C:\Users\peg\Desktop\nikon 2
2016-12-09 18:34 - 2016-12-09 21:36 - 00002420 _____ C:\Users\peg\Desktop\IMG_4963_mov.HDP
2016-12-09 18:24 - 2016-12-09 18:24 - 00000000 ____D C:\Users\peg\Desktop\2016-12-03
2016-12-09 18:23 - 2016-12-02 07:53 - 96431498 _____ C:\Users\peg\Desktop\IMG_4963.MOV
2016-12-09 15:15 - 2016-12-09 15:15 - 00000000 ____D C:\rsit
2016-12-09 15:15 - 2016-12-09 15:15 - 00000000 ____D C:\Program Files\trend micro
2016-12-09 14:02 - 2016-12-09 14:11 - 00000000 ____D C:\Users\peg\Desktop\rozdelenie
2016-12-09 12:55 - 2016-12-09 13:02 - 00000000 ____D C:\Users\peg\Desktop\hudobne podklady
2016-12-09 12:31 - 2016-12-09 13:34 - 00000000 ____D C:\Users\peg\Desktop\MATERIALY
2016-11-29 20:39 - 2016-11-29 20:39 - 00000000 ____D C:\Users\peg\Desktop\pdf-jednoduch uprava
2016-11-28 09:15 - 2016-12-10 12:57 - 00000000 ____D C:\Windows\pss
2016-11-25 18:59 - 2016-11-25 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-25 18:59 - 2016-11-25 18:59 - 00000000 ____D C:\ProgramData\ESET
2016-11-25 18:59 - 2016-11-25 18:59 - 00000000 ____D C:\Program Files\ESET
2016-11-25 11:34 - 2016-11-25 11:34 - 00000000 ____D C:\Users\peg\AppData\Local\ESET
2016-11-25 11:24 - 2016-11-25 11:24 - 00000000 ____D C:\Users\peg\Desktop\cms
2016-11-22 21:19 - 2016-11-22 21:19 - 00000000 ____D C:\Users\peg\aTubeCatcher
2016-11-22 15:39 - 2016-11-22 15:39 - 00002272 _____ C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2016-11-22 15:39 - 2016-11-22 15:39 - 00000057 _____ C:\ProgramData\Ament.ini
2016-11-22 15:39 - 2016-11-22 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-22 15:39 - 2016-11-22 15:39 - 00000000 ____D C:\ProgramData\HP
2016-11-22 15:39 - 2016-11-22 15:39 - 00000000 ____D C:\Program Files\HP
2016-11-22 15:39 - 2016-11-22 15:39 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-22 15:38 - 2016-11-22 15:38 - 02873744 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkins8711.exe
2016-11-22 15:38 - 2016-11-22 15:38 - 02723728 _____ (Hewlett-Packard Co.) C:\Windows\system32\HPScanTRDrv_DJ2050_J510.dll
2016-11-22 15:38 - 2016-11-22 15:38 - 00622480 _____ (Hewlett-Packard) C:\Windows\system32\HPWia2_DJ2050_J510.dll
2016-11-22 15:38 - 2016-11-22 15:38 - 00332176 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinksts8711LM.dll
2016-11-22 15:38 - 2016-11-22 15:38 - 00270224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkcoi8711.dll
2016-11-22 15:37 - 2016-11-22 15:37 - 00061656 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnic64.sys
2016-11-22 15:35 - 2016-11-22 15:35 - 01035272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-11-22 15:35 - 2016-11-22 15:35 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-11-22 15:32 - 2016-11-22 15:32 - 00011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
2016-11-22 08:24 - 2016-11-22 08:56 - 00000000 ____D C:\Windows\Minidump
2016-11-21 12:21 - 2016-11-21 12:21 - 00000132 _____ C:\Users\peg\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-11-20 21:19 - 2016-11-20 22:17 - 00000000 ____D C:\Users\peg\AppData\Roaming\Radegast
2016-11-20 21:19 - 2016-11-20 21:19 - 00001885 _____ C:\Users\peg\Desktop\Radegast.lnk
2016-11-20 21:19 - 2016-11-20 21:19 - 00000000 ____D C:\Users\peg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radegast
2016-11-20 21:19 - 2016-11-20 21:19 - 00000000 ____D C:\Program Files (x86)\Radegast
2016-11-20 19:53 - 2016-11-20 19:53 - 00002014 _____ C:\Users\peg\Desktop\SAM Broadcaster.lnk
2016-11-20 19:53 - 2016-11-20 19:53 - 00000000 ____D C:\Users\peg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
2016-11-20 19:53 - 2016-11-20 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
2016-11-20 19:46 - 2016-11-20 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
2016-11-20 19:46 - 2010-09-17 11:13 - 00548864 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2016-11-20 19:32 - 2016-11-20 19:32 - 00000000 ____D C:\Users\peg\AppData\Local\SpacialAudio
2016-11-20 19:27 - 2016-11-20 19:27 - 00000000 ____D C:\Program Files (x86)\SpacialAudio
2016-11-20 18:45 - 2016-11-20 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2016-11-20 18:45 - 2016-11-20 18:45 - 00000000 ____D C:\Windows\System32\Tasks\MySQL
2016-11-20 18:44 - 2016-11-20 19:42 - 00000000 ____D C:\ProgramData\MySQL
2016-11-20 18:23 - 2016-11-20 18:23 - 00000000 ____D C:\Program Files\Firebird
2016-11-20 18:16 - 2016-11-20 23:26 - 00000000 ____D C:\ProgramData\firebird
2016-11-20 18:16 - 2016-11-20 19:27 - 00000000 ____D C:\Program Files (x86)\Firebird
2016-11-20 18:10 - 2016-11-20 18:10 - 00003116 _____ C:\Windows\System32\Tasks\{0871EDC5-D146-4707-AF6A-8E13F880F597}
2016-11-20 18:09 - 2016-11-20 18:09 - 00000000 ____D C:\Users\peg\Desktop\sam
2016-11-20 18:02 - 2016-11-20 18:11 - 00000000 ____D C:\Users\peg\Desktop\ALL AUDIO DJ
2016-11-19 23:11 - 2016-11-19 23:12 - 00000132 _____ C:\Users\peg\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-11-17 19:24 - 2016-11-17 19:24 - 00001186 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2016-11-17 19:24 - 2016-11-17 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2016-11-17 19:24 - 2016-11-17 19:24 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2016-11-17 19:24 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2016-11-17 16:13 - 2016-12-09 13:04 - 00000000 ____D C:\Users\peg\Desktop\videa
2016-11-17 12:41 - 2016-11-17 12:41 - 00000000 ____D C:\Users\peg\AppData\Roaming\AMD
2016-11-17 12:00 - 2016-11-17 12:00 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-17 12:00 - 2016-11-17 12:00 - 00000000 ____D C:\Windows\system32\DAX2
2016-11-17 11:59 - 2016-11-17 11:59 - 72520720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-11-17 11:59 - 2016-11-17 11:59 - 23505720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 23414272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 17378000 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 15202040 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 13122584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 12988352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 10534696 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 07172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 07096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 07020920 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-11-17 11:59 - 2016-11-17 11:59 - 06374320 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-11-17 11:59 - 2016-11-17 11:59 - 05793528 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 05593624 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 05341352 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 05310472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-11-17 11:59 - 2016-11-17 11:59 - 03299832 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 03291320 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 03283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 03203592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 03133856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02895104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-11-17 11:59 - 2016-11-17 11:59 - 02825104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02775360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02706872 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02439048 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02203752 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02073088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01920820 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2016-11-17 11:59 - 2016-11-17 11:59 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01618032 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01422928 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01360520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01337648 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01213664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01186840 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01166168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01115136 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01041744 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 01001800 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00999856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00962136 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00923752 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00873472 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00864344 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00858208 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00854040 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00725944 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00601152 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00571384 _____ (Intel Corporation) C:\Windows\system32\tbb_waves.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00498640 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00472312 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00447184 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00438696 _____ (Conexant Systems, Inc.) C:\Windows\system32\CAF64APO2.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00416512 _____ (Harman) C:\Windows\system32\HMUI.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00372736 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00366128 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00360352 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00341160 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00203848 _____ (Harman) C:\Windows\system32\HMHVS.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00190936 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00190936 _____ (Harman) C:\Windows\system32\HMEQ.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00179600 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00154368 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00112496 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf64api.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 00005604 _____ C:\Windows\system32\cxapo.lncs
2016-11-17 11:59 - 2016-11-17 11:59 - 00000736 _____ C:\Windows\system32\cxapo.prop
2016-11-17 11:43 - 2016-11-17 11:43 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-11-17 11:43 - 2016-11-17 11:43 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-11-17 11:31 - 2016-11-17 11:31 - 00065408 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2016-11-17 11:21 - 2016-11-17 11:21 - 00108768 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdhub30.sys
2016-11-17 11:17 - 2016-11-17 11:17 - 00229088 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdxhc.sys
2016-11-17 11:00 - 2016-11-17 11:00 - 00000000 ____D C:\Program Files\AMD
2016-11-17 10:59 - 2016-11-17 10:59 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 39714304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 21622784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-11-17 10:59 - 2016-11-17 10:59 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-11-17 10:59 - 2016-11-17 10:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-11-17 10:59 - 2016-11-17 10:59 - 00235008 _____ C:\Windows\system32\clinfo.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00160256 _____ C:\Windows\system32\atieah64.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe
2016-11-17 10:59 - 2016-11-17 10:59 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00093696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-11-17 10:59 - 2016-11-17 10:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-11-17 10:58 - 2016-11-17 10:59 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-11-17 10:58 - 2016-11-17 10:58 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-11-17 10:58 - 2016-11-17 10:58 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-11-17 10:58 - 2016-11-17 10:58 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-11-17 10:58 - 2016-11-17 10:58 - 00833798 _____ C:\Windows\system32\amdicdxx.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00737410 _____ C:\Windows\system32\atiicdxx.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-11-17 10:58 - 2016-11-17 10:58 - 00660928 _____ C:\Windows\system32\atiapfxx.blb
2016-11-17 10:58 - 2016-11-17 10:58 - 00322868 _____ C:\Windows\system32\ativvaxy_vi.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00321200 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00255808 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00250884 _____ C:\Windows\system32\ativvaxy_FJ.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00249088 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00234420 _____ C:\Windows\system32\ativvaxy_cik.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-11-17 10:58 - 2016-11-17 10:58 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-11-17 10:58 - 2016-11-17 10:58 - 00169152 _____ C:\Windows\system32\ativce03.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00167456 _____ C:\Windows\system32\amde31a.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2016-11-17 10:58 - 2016-11-17 10:58 - 00100816 _____ C:\Windows\system32\ativce02.dat
2016-11-17 10:46 - 2016-12-11 14:54 - 00000000 ____D C:\ProgramData\ProductData
2016-11-17 10:46 - 2016-11-17 10:46 - 00000000 ____D C:\Windows\IObit
2016-11-17 10:45 - 2016-11-17 12:18 - 00000000 ____D C:\Users\peg\AppData\Roaming\IObit
2016-11-17 10:45 - 2016-11-17 10:47 - 00000000 ____D C:\Users\peg\AppData\LocalLow\IObit
2016-11-17 10:45 - 2016-11-17 10:46 - 00000000 ____D C:\ProgramData\IObit
2016-11-17 10:45 - 2016-11-17 10:45 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-11-17 10:43 - 2016-11-17 10:43 - 17150504 _____ (IObit ) C:\Users\peg\Downloads\driver_booster_setup.exe
2016-11-17 09:39 - 2016-11-17 09:39 - 00000000 ____D C:\Users\peg\AppData\Roaming\ATI
2016-11-17 09:39 - 2016-11-17 09:39 - 00000000 ____D C:\Users\peg\AppData\Local\ATI
2016-11-17 09:39 - 2016-11-17 09:39 - 00000000 ____D C:\Users\peg\AppData\Local\AMD
2016-11-17 09:39 - 2016-11-17 09:39 - 00000000 ____D C:\ProgramData\ATI
2016-11-17 09:39 - 2016-11-17 09:39 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-11-17 09:38 - 2016-11-17 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2016-11-17 09:37 - 2016-11-17 09:37 - 00000000 ____D C:\ProgramData\AMD
2016-11-17 09:37 - 2016-11-17 09:37 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-11-17 09:37 - 2011-07-28 22:36 - 00462848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2016-11-17 09:37 - 2011-07-26 03:41 - 00034823 _____ C:\Windows\atiogl.xml
2016-11-17 09:37 - 2010-02-18 09:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
2016-11-17 09:36 - 2016-11-17 09:39 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-11-17 09:03 - 2016-11-17 09:03 - 04179293 _____ (Lavalys, Inc. ) C:\Users\peg\Downloads\everesthome220.exe
2016-11-17 09:03 - 2016-11-17 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2016-11-17 09:03 - 2016-11-17 09:03 - 00000000 ____D C:\Program Files (x86)\Lavalys
2016-11-16 18:48 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-16 18:48 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-16 18:48 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-16 18:48 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-16 18:48 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-16 18:48 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-16 18:48 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-16 18:48 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-16 18:48 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-16 18:48 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-16 18:48 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-16 18:48 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-11-16 18:48 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-16 18:48 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-16 18:48 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-16 18:48 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-16 18:48 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-16 18:48 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-16 18:48 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-11-16 18:48 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-11-16 18:48 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-16 18:48 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-16 18:48 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-16 18:48 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-16 18:48 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-16 18:48 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-16 18:48 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-16 18:48 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-16 18:48 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-16 18:46 - 2016-12-13 00:24 - 00000000 ____D C:\ProgramData\TEMP
2016-11-16 18:46 - 2016-11-16 18:46 - 00000000 ____D C:\Windows\Profiles\peg
2016-11-16 18:46 - 2016-11-16 18:46 - 00000000 ____D C:\Users\peg\AppData\Roaming\URSoft
2016-11-16 18:46 - 2016-11-16 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller!
2016-11-16 18:45 - 2016-12-11 14:34 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller
2016-11-16 16:39 - 2016-11-16 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2016-11-16 16:39 - 2016-11-16 16:39 - 00000000 ____D C:\Program Files\NewBlue
2016-11-16 16:38 - 2016-11-16 16:38 - 00000000 ____D C:\Program Files (x86)\NewBlue
2016-11-16 16:15 - 2016-11-17 13:32 - 00000000 ____D C:\Users\peg\Desktop\KEE
2016-11-16 13:10 - 2016-11-16 16:33 - 00000000 ____D C:\Users\peg\Documents\MAGIX downloads
2016-11-16 13:10 - 2016-11-16 13:16 - 00000000 ____D C:\Users\peg\AppData\Roaming\MAGIX
2016-11-16 13:10 - 2016-11-16 13:10 - 00001149 _____ C:\Users\Public\Desktop\MAGIX Movie Edit Pro 2016 Premium.lnk
2016-11-16 13:10 - 2016-11-16 13:10 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2016-11-16 13:10 - 2016-11-16 13:10 - 00000000 ____D C:\Users\peg\Documents\MAGIX_MusicEditor
2016-11-16 13:10 - 2016-11-16 13:10 - 00000000 ____D C:\Users\peg\AppData\Local\Xara
2016-11-16 13:10 - 2016-11-16 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2016-11-16 13:10 - 2016-11-16 13:10 - 00000000 ____D C:\Program Files\Common Files\MAGIX Shared
2016-11-16 13:08 - 2016-11-16 13:08 - 00000000 ____D C:\Program Files\MAGIX
2016-11-16 13:08 - 2016-11-16 13:08 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2016-11-16 13:05 - 2016-11-16 13:15 - 00000000 ____D C:\ProgramData\MAGIX
2016-11-16 13:05 - 2016-11-16 13:13 - 00000000 ___RD C:\Users\peg\Documents\MAGIX
2016-11-16 13:05 - 2016-11-16 13:05 - 00000000 ____D C:\Program Files (x86)\MAGIX
2016-11-16 13:04 - 2016-11-16 13:04 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-11-16 12:51 - 2016-11-16 15:28 - 00000000 ____D C:\Users\peg\Desktop\vyber čina
2016-11-16 11:57 - 2016-11-16 11:58 - 00000000 ___RD C:\Users\peg\Desktop\NEPOUZ
2016-11-16 09:48 - 2016-12-14 10:51 - 00000000 ____D C:\Users\peg\AppData\LocalLow\Mozilla
2016-11-15 22:57 - 2016-12-11 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 21:01 - 2016-12-14 11:17 - 00000000 ____D C:\Users\peg\Desktop\web
2016-11-15 09:45 - 2016-11-28 21:09 - 00000000 ____D C:\Users\peg\Desktop\cina
2016-11-15 01:43 - 2016-11-02 16:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-15 01:43 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-15 01:43 - 2016-10-15 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-15 01:43 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-15 01:43 - 2016-10-11 16:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-15 01:43 - 2016-10-11 16:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-15 01:43 - 2016-10-11 16:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-15 01:43 - 2016-10-11 16:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-15 01:43 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-15 01:43 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-15 01:43 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-15 01:43 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-15 01:43 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-15 01:43 - 2016-10-11 16:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-15 01:43 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-15 01:43 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-15 01:43 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-15 01:43 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-15 01:43 - 2016-10-11 14:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-15 01:43 - 2016-10-07 16:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-15 01:43 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-15 01:43 - 2016-10-05 15:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-15 01:43 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-15 01:43 - 2016-09-09 19:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-15 01:43 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-15 01:42 - 2016-11-02 16:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-15 01:42 - 2016-11-02 16:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-15 01:42 - 2016-11-02 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-15 01:42 - 2016-11-02 16:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-15 01:42 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-15 01:42 - 2016-11-02 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-15 01:42 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-15 01:42 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-15 01:42 - 2016-10-15 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-15 01:42 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-15 01:42 - 2016-10-11 16:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-15 01:42 - 2016-10-11 16:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-15 01:42 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-15 01:42 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-15 01:42 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-15 01:42 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-15 01:42 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-15 01:42 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-15 01:42 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-15 01:42 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-15 01:42 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-15 01:42 - 2016-10-07 16:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-15 01:42 - 2016-10-07 16:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-15 01:42 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-15 01:42 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-15 01:42 - 2016-08-22 17:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-14 11:02 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-14 11:02 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-14 10:54 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-14 10:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-14 10:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-14 10:48 - 2009-07-14 05:45 - 00529432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 03:05 - 2016-10-16 19:40 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 03:01 - 2016-10-16 19:40 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-14 02:57 - 2016-10-13 12:45 - 00000000 ____D C:\Users\peg\AppData\Roaming\uTorrent
2016-12-14 00:06 - 2016-10-13 21:58 - 00000000 ____D C:\Users\peg\AppData\Local\FirestormOS_x64
2016-12-13 12:08 - 2016-11-02 10:05 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-12-13 11:24 - 2016-10-18 13:09 - 00000000 ___RD C:\Users\peg\Desktop\Privat
2016-12-12 17:39 - 2016-10-18 13:12 - 00000000 ___RD C:\Users\peg\Desktop\Udrzba
2016-12-11 14:37 - 2016-10-20 09:46 - 00001456 _____ C:\Users\peg\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-10 11:35 - 2016-10-12 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-09 19:36 - 2016-11-01 16:04 - 00000973 _____ C:\Users\peg\Desktop\PotPlayer 64 bit.lnk
2016-12-09 18:48 - 2016-10-13 13:10 - 00000000 ____D C:\KMPlayer
2016-12-09 13:34 - 2016-10-18 13:11 - 00000000 ___RD C:\Users\peg\Desktop\FOTO
2016-12-09 13:02 - 2016-10-18 13:12 - 00000000 ____D C:\Users\peg\Desktop\PLUS7
2016-11-30 08:31 - 2016-10-13 09:21 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-30 08:31 - 2016-10-13 09:21 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-30 08:30 - 2016-10-13 09:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-30 08:30 - 2016-10-13 09:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-28 02:00 - 2016-10-13 00:39 - 00000000 ____D C:\Users\peg\AppData\Local\Adobe
2016-11-22 21:19 - 2016-10-12 21:41 - 00000000 ____D C:\Users\peg
2016-11-22 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 15:39 - 2016-10-20 20:23 - 00000000 ____D C:\Users\peg\AppData\Local\HP
2016-11-22 15:35 - 2016-10-12 21:49 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-11-22 08:49 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-11-20 19:32 - 2016-10-12 21:41 - 00000000 ____D C:\Users\peg\AppData\Local\VirtualStore
2016-11-20 01:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-11-20 00:07 - 2016-10-13 21:58 - 00000000 ____D C:\Users\peg\AppData\Roaming\Firestorm_x64
2016-11-19 22:30 - 2016-11-02 10:18 - 00001070 _____ C:\Users\peg\Desktop\Adobe Audition CC.lnk
2016-11-19 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-11-17 19:03 - 2016-10-12 23:17 - 00000000 ___RD C:\Users\peg\Desktop\software
2016-11-17 12:43 - 2016-10-25 09:16 - 00000000 ____D C:\Users\peg\AppData\Roaming\Nik Software
2016-11-17 12:24 - 2016-10-12 23:07 - 00000000 ___RD C:\Users\peg\Desktop\systemove veci
2016-11-17 12:00 - 2016-10-12 21:48 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-11-17 11:31 - 2011-05-25 12:19 - 00094208 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2016-11-17 10:59 - 2011-07-28 22:36 - 00672768 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-11-17 10:59 - 2011-07-28 22:35 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-11-17 10:59 - 2011-07-28 22:11 - 08893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-11-17 10:59 - 2011-07-28 22:09 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-11-17 10:59 - 2011-07-28 22:03 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-11-17 10:59 - 2011-07-28 22:02 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-11-17 10:59 - 2011-07-28 21:54 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-11-17 10:59 - 2011-07-28 21:53 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-11-17 10:59 - 2011-07-28 21:53 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-11-17 10:59 - 2011-04-20 01:09 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-11-17 10:59 - 2011-04-20 01:07 - 01445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-11-17 10:59 - 2011-04-20 00:59 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-11-17 10:59 - 2011-04-20 00:49 - 11948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-11-17 10:59 - 2011-04-20 00:21 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-11-17 10:59 - 2011-04-20 00:21 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-11-17 10:29 - 2016-10-14 15:22 - 00000000 ____D C:\Users\peg\AppData\Local\Google
2016-11-17 09:38 - 2016-10-12 21:54 - 00000000 ____D C:\Program Files\ATI Technologies
2016-11-16 15:32 - 2016-10-12 22:31 - 00127944 _____ C:\Users\peg\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-16 13:04 - 2016-10-13 21:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-15 01:45 - 2016-10-14 15:23 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 01:45 - 2016-10-14 15:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-11-21 12:21 - 2016-11-21 12:21 - 0000132 _____ () C:\Users\peg\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-11-19 23:11 - 2016-11-19 23:12 - 0000132 _____ () C:\Users\peg\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-20 09:46 - 2016-12-11 14:37 - 0001456 _____ () C:\Users\peg\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-11-22 15:39 - 2016-11-22 15:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-11-17 12:00 - 2016-11-17 12:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\peg\AppData\Local\Temp\libeay32.dll
C:\Users\peg\AppData\Local\Temp\msvcr120.dll
C:\Users\peg\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-10 13:48

==================== End of FRST.txt ============================

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 14 pro 2016 11:24
od korzar
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by peg (14-12-2016 11:22:21)
Running from C:\Users\peg\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-10-12 20:41:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4037657875-1975843340-528618366-500 - Administrator - Disabled)
Guest (S-1-5-21-4037657875-1975843340-528618366-501 - Limited - Disabled)
peg (S-1-5-21-4037657875-1975843340-528618366-1000 - Administrator - Enabled) => C:\Users\peg

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: ESET NOD32 Antivirus 10.0.369.1 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 10.0.369.1 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
µTorrent (HKU\S-1-5-21-4037657875-1975843340-528618366-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
ACDSee Ultimate 10 (64-bit) (HKLM\...\{F1BD782B-A54A-4BC1-9A4E-CF64CFF019BD}) (Version: 10.0.0.839 - ACD Systems International Inc.)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{10ADF519-706B-6EC7-A1A7-A2580D920457}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - Creative Technology Limited)
diktafón PCDict (HKLM-x32\...\PCDict pre MS Word_is1) (Version: - MMS - Miroslav Mrázik)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
ESET NOD32 Antivirus (HKLM\...\{8211678A-12EA-4972-8753-238373AA4CC5}) (Version: 10.0.369.1 - ESET, spol. s r.o.)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.101 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.101 - Etron Technology) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.50527 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{ab0d6df9-c3fc-44cc-8b26-8f3694c5c162}) (Version: 4.7.50527 - The Phoenix Firestorm Project, Inc.)
Free M4a to MP3 Converter 5.9 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
MAGIX Movie Edit Pro 2016 Premium (Design elements) (HKLM\...\MX.{2AD908DC-375F-42EA-87AE-FE602B14D6F1}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (Design elements) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (Fade effects) (HKLM\...\MX.{05837796-24FD-47AA-B2B7-84B058BDBCDA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (Fade effects) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (Soundtrack Maker styles) (HKLM\...\MX.{2E891025-5E3E-4CDA-BDC6-BBE81C894E40}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (Soundtrack Maker styles) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (title effects) (HKLM\...\MX.{EF552B3A-EBDB-4BCE-82C7-EEA9AE8D6EF0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (title effects) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{9112041B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 sk) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 sk)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2010 CRT libraries (HKLM\...\{D9D020C0-B53E-4A40-B2FA-35D47966601B}) (Version: 10.0.30319.1 - The Firebird Project)
MSI to redistribute MS VS2010 CRT libraries (HKLM-x32\...\{3EE48F79-0D53-4FE3-B611-280D1EB6873A}) (Version: 10.0.30319.1 - The Firebird Project)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
Radegast 2.12 (HKLM-x32\...\Radegast) (Version: 2.12 - Radegast Development Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version: - )
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Update Manager B11.0426.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
ViewRight Web PC (HKLM-x32\...\{B62D5F4C-BEB2-4DCD-A8B4-EE21CCAEC28A}) (Version: 3.3.0.0 - Verimatrix, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Your Uninstaller! Version 6.2 (HKLM-x32\...\Your Uninstaller!_is1) (Version: 6.2 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5BE1F732-3C97-4EE1-9A47-CC212CEC3645} - System32\Tasks\Driver Booster SkipUAC (peg) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {8C6C7D41-AE07-41CF-94AC-4852D7F4C7F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8D836471-1BF1-481D-80D6-209FE030D116} - System32\Tasks\{0871EDC5-D146-4707-AF6A-8E13F880F597} => pcalua.exe -a C:\Users\peg\Desktop\sam\sambc-up.exe -d C:\Users\peg\Desktop\sam
Task: {B267C0A9-FEF0-4CE5-B9F0-E6C1A0D2272E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-15 09:47 - 2016-10-20 09:24 - 03425224 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
2011-07-28 17:44 - 2011-07-28 17:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-28 17:55 - 2011-07-28 17:55 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-10-17 00:32 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-10-17 00:32 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-08-26 04:29 - 2009-08-26 04:29 - 00150016 _____ () C:\Windows\SysWOW64\OemSpiE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13 [166]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-12-12 17:06 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 player.kmpmedia.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4037657875-1975843340-528618366-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: FirebirdGuardianDefaultInstance => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^peg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk.Startup
MSCONFIG\startupreg: ACDSeeCommanderUltimate10 => C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{83BFD811-8175-4C5F-A13A-D149E3047308}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{3191CA1B-5F77-482F-B54E-93481873196E}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [{3F67882F-13D7-46EA-804F-91A107D9EE7A}] => C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [{D6D35FE7-13A6-4961-8CCB-8C2A503E29F8}] => C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{F818A03F-BB49-41C2-9B59-2B19B9DEB094}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{B0513F04-931E-4482-9F4D-EA162C154D72}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [{02B5EA47-4F82-4D42-9B20-4802684B204E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B8EFE77E-7AFE-4372-9722-8FFC5FA863D7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90AFBA51-4C2B-4EC1-8F73-311500300092}] => C:\Users\peg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A9A500F-15C5-453F-9204-5FA5FEAFADDA}] => C:\Users\peg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{57C67D61-D9D1-4382-9C62-36261E7131A4}] => C:\Users\peg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{880C6BA6-4319-4B4E-8390-A078172FA35A}] => C:\Users\peg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CB8F0B9F-2125-4CCA-AE38-60A2F60C651A}] => C:\Users\peg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BBE1D370-4393-47C6-959E-579B99DB65E4}] => C:\Users\peg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F334ADAC-9A60-4CAF-B090-8C2D1EDBBC1F}C:\program files\firestorm-releasex64\slvoice.exe] => C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{BF46112D-1492-40D9-AD6D-1074C6416178}C:\program files\firestorm-releasex64\slvoice.exe] => C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{65DE80A2-E644-4EC1-97D9-056CD9D31968}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E15B9A03-89E3-4BED-9B68-90DDAC3380EA}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E558F2D2-0D95-46E3-AA30-377B09355951}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D62F2A48-B0DA-413B-8562-17079D8F64BF}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C6294E5-FA0E-4B3B-B2BE-B9815EBD58F0}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2219511F-B86A-4625-A7E0-81558F9341D3}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CA631C43-5121-450F-8C22-5C22DF692AE2}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{24C4DE9A-0FBA-4835-A8CA-77BA5DB02E1A}] => C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [{2DF08DE2-2A9B-4C08-845E-3A4FEE2C3D0F}] => LPort=3306
FirewallRules: [{21B11214-C162-4768-BE0C-7DA93505618A}] => LPort=3306
FirewallRules: [TCP Query User{85045CE4-7C85-42A8-A00C-4F59051CEE96}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [UDP Query User{825F6DCD-7D5E-463F-AFE6-87E62BCAB9FA}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [{81AD59FC-F96F-4527-A0B3-A9F8EB086706}] => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe

==================== Restore Points =========================

11-12-2016 14:27:01 Before uninstall Poradce pro upgrade na systém Windows 7
11-12-2016 14:27:18 Odebráno: Poradce pro upgrade na systém Windows 7
11-12-2016 14:54:07 Before uninstall Driver Booster 4.1
12-12-2016 10:07:18 Malwarebytes Anti-Rootkit Restore Point
12-12-2016 17:06:35 Malwarebytes Anti-Rootkit Restore Point
13-12-2016 00:25:03 Before uninstall Malwarebytes Anti-Malware verze 2.2.1.1043
13-12-2016 09:31:16 Windows Update
14-12-2016 02:57:57 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2016 10:49:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/13/2016 09:21:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/12/2016 09:25:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/12/2016 09:07:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/11/2016 03:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/11/2016 02:24:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9dc

Start Time: 01d253b1660a7ba2

Termination Time: 11

Application Path: C:\Program Files\WinRAR\WinRAR.exe

Report Id: e847351d-bfa4-11e6-9379-50e5495a63d1

Error: (12/11/2016 02:19:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1080

Start Time: 01d253b10f7e1075

Termination Time: 9

Application Path: C:\Program Files\WinRAR\WinRAR.exe

Report Id: 7e709c12-bfa4-11e6-9379-50e5495a63d1

Error: (12/11/2016 02:18:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 134

Start Time: 01d253b101ee2f9f

Termination Time: 24

Application Path: C:\Program Files\WinRAR\WinRAR.exe

Report Id: 47e2d084-bfa4-11e6-9379-50e5495a63d1

Error: (12/11/2016 02:15:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1014

Start Time: 01d253b09aab918f

Termination Time: 9

Application Path: C:\Program Files\WinRAR\WinRAR.exe

Report Id: e54eff01-bfa3-11e6-9379-50e5495a63d1

Error: (12/11/2016 02:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e50

Start Time: 01d253b08cc55215

Termination Time: 11

Application Path: C:\Program Files\WinRAR\WinRAR.exe

Report Id: d25b56d7-bfa3-11e6-9379-50e5495a63d1


System errors:
=============
Error: (12/13/2016 07:51:42 PM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 07:51:41 PM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 02:43:40 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 02:43:39 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 01:59:38 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 01:59:38 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 12:48:26 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 12:48:26 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 12:47:52 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2016 12:47:52 AM) (Source: DCOM) (EventID: 10016) (User: peg-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user peg-PC\peg SID (S-1-5-21-4037657875-1975843340-528618366-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2016-11-17 09:04:03.289
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\peg\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-17 09:04:03.252
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\peg\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-17 09:04:02.925
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-17 09:04:02.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 641 Quad-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 8189.24 MB
Available physical RAM: 5650.52 MB
Total Virtual: 16376.67 MB
Available Virtual: 13587.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:751.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 33B15F6E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 16 pro 2016 18:19
od altrok
:arrow: Odinstalujte Microsoft Security Essentials


  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
HKU\S-1-5-21-4037657875-1975843340-528618366-1000\...\MountPoints2: {e6e2e7c6-9106-11e6-a346-806e6f6e6963} - D:\Launch.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
File: C:\Windows\SysWOW64\is-M26KQ.tmp
2016-12-09 15:15 - 2016-12-09 15:15 - 00000000 ____D C:\rsit
2016-12-09 15:15 - 2016-12-09 15:15 - 00000000 ____D C:\Program Files\trend micro
Task: {5BE1F732-3C97-4EE1-9A47-CC212CEC3645} - System32\Tasks\Driver Booster SkipUAC (peg) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {8D836471-1BF1-481D-80D6-209FE030D116} - System32\Tasks\{0871EDC5-D146-4707-AF6A-8E13F880F597} => pcalua.exe -a C:\Users\peg\Desktop\sam\sambc-up.exe -d C:\Users\peg\Desktop\sam
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13 [166]
EmptyTemp:
End

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 16 pro 2016 21:20
od korzar
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by peg (16-12-2016 21:14:46) Run:1
Running from C:\Users\peg\Desktop
Loaded Profiles: peg (Available Profiles: peg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
HKU\S-1-5-21-4037657875-1975843340-528618366-1000\...\MountPoints2: {e6e2e7c6-9106-11e6-a346-806e6f6e6963} - D:\Launch.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
File: C:\Windows\SysWOW64\is-M26KQ.tmp
2016-12-09 15:15 - 2016-12-09 15:15 - 00000000 ____D C:\rsit
2016-12-09 15:15 - 2016-12-09 15:15 - 00000000 ____D C:\Program Files\trend micro
Task: {5BE1F732-3C97-4EE1-9A47-CC212CEC3645} - System32\Tasks\Driver Booster SkipUAC (peg) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {8D836471-1BF1-481D-80D6-209FE030D116} - System32\Tasks\{0871EDC5-D146-4707-AF6A-8E13F880F597} => pcalua.exe -a C:\Users\peg\Desktop\sam\sambc-up.exe -d C:\Users\peg\Desktop\sam
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13 [166]
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe ========================

File not signed
MD5: 89AB2D2BCFFD147A5EFD2280B50BBCC2
Creation and modification date: 2016-09-15 09:47 - 2016-10-20 09:24
Size: 3425224
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

"HKU\S-1-5-21-4037657875-1975843340-528618366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6e2e7c6-9106-11e6-a346-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{e6e2e7c6-9106-11e6-a346-806e6f6e6963} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
gdrv => service removed successfully

========================= File: C:\Windows\SysWOW64\is-M26KQ.tmp ========================

File not signed
MD5: 49BE506E5F1B6A759840DD59D52C7403
Creation and modification date: 2016-12-13 12:05 - 2005-06-01 12:11
Size: 0877568
Attributes: ----A
Company Name: NCT Company Ltd.
Internal Name: NCTAudioFile2 ActiveX DLL
Original Name: NCTAudioFile2.DLL
Product: NCTAudioFile2 ActiveX DLL
Description: NCTAudioFile2 ActiveX DLL
File Version: 2,6,1,648
Product Version: 2,6,1,648
Copyright: NCT Company Ltd. Copyright 1999 - 2003

====== End of File: ======

C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BE1F732-3C97-4EE1-9A47-CC212CEC3645}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BE1F732-3C97-4EE1-9A47-CC212CEC3645}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (peg) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (peg)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D836471-1BF1-481D-80D6-209FE030D116}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D836471-1BF1-481D-80D6-209FE030D116}" => key removed successfully
C:\Windows\System32\Tasks\{0871EDC5-D146-4707-AF6A-8E13F880F597} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0871EDC5-D146-4707-AF6A-8E13F880F597}" => key removed successfully
C:\ProgramData\TEMP => ":B3D74A13" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 70514218 B
Java, Flash, Steam htmlcache => 891 B
Windows/system/drivers => 4587951 B
Edge => 0 B
Chrome => 45787017 B
Firefox => 376884444 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 6820 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 76660 B
peg => 296850993 B

RecycleBin => 232430030 B
EmptyTemp: => 987.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:16:18 ====

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 16 pro 2016 22:03
od altrok
:arrow: Odinstalovat jste Microsoft Security Essentials?


:arrow: Defragmentujte jeste systemovy disk. Zlepsila se situace?

Re: preinstalovany win7 pomaly a nestabilny

Napsal: 16 pro 2016 22:18
od korzar
Microsoft Security Essentials som odinstaloval, akurat ze o 10 dni mi skonci eset.
defragmentacia asi chvilku bude trvat, dam to robit na noc
pociatc je o nieco lepsi, aj ked predvcerom nechcel nabehnut. Skor ma ale trapi ten videoeditor. Predtym so starym diskom isiel v pohode, teraz to proste nezvlada a trha.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz