VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojský kůň coinmainer - Win 10

https://forum.viry.cz:443/viewtopic.php?t=156558

Stránka 2 z 2

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 17:58
od Renata
Ještě jsem nerestartovala, protože, nevím jestli to mám do té karantény dát a co se stane, ale textové dokumenty jsem našla i bez restartu, tak je radši posílám. :)

Typ skenovat:
# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-11-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-21-2019
# Duration: 00:01:02
# OS: Windows 10 Pro
# Scanned: 35226
# Detected: 42


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Renátka Kouřilová\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.DriverBooster C:\Program Files (x86)\IOBIT\Driver Booster
PUP.Optional.DriverBooster C:\ProgramData\IOBIT\Driver Booster
PUP.Optional.DriverBooster C:\Users\Renátka Kouřilová\AppData\Roaming\IOBIT\Driver Booster
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus C:\Program Files (x86)\SlimDrivers
PUP.Optional.SlimCleanerPlus C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
PUP.Optional.SlimCleanerPlus C:\ProgramData\SlimWare Utilities, Inc
PUP.Optional.SlimCleanerPlus C:\Users\Renátka Kouřilová\AppData\Local\slimware utilities inc

***** [ Files ] *****

PUP.Optional.AdvancedSystemCare C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
PUP.Optional.DriverBooster C:\Users\Public\Desktop\Driver Booster 6.lnk
PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys
PUP.Optional.SlimCleanerPlus C:\Users\Public\Desktop\SlimDrivers.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.DriverBooster C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUŘILOVÁ)
PUP.Optional.Legacy C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E55F050C-B66F-4FEF-A048-433B0529BF7F}
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E55F050C-B66F-4FEF-A048-433B0529BF7F}
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUŘILOVÁ)
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
PUP.Optional.DriverUpdate HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B6BDD1-0B22-4A71-B210-B674D387E4C2}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
PUP.Optional.SlimCleanerPlus HKCU\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [11715 octets] - [21/11/2019 16:59:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 18:00
od Renata
Typ odstranit (Debug_log)

2019-11-21 15:59:10 : <INFO> [Application] AdwCleaner 7 . 4 . 2 launched
2019-11-21 15:59:20 : <INFO> [AdwUpgrade] Checking application updates
2019-11-21 15:59:20 : <INFO> [Telemetry] Sending hello
2019-11-21 15:59:22 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-11-21 15:59:22 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2019-11-21 15:59:22 : <INFO> [SslCert] Locality Name ("Santa Clara")
2019-11-21 15:59:22 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2019-11-21 15:59:22 : <INFO> [SslCert] Certificate EffectiveDate: "po oíj 2 00:00:00 2017 GMT"
2019-11-21 15:59:22 : <INFO> [SslCert] Certificate ExpirationDate: "út oíj 6 12:00:00 2020 GMT"
2019-11-21 15:59:22 : <INFO> [SslCert] ALPN: None
2019-11-21 15:59:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-11-21 15:59:22 : <INFO> [SslCert] KXE: "ECDH"
2019-11-21 15:59:22 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-11-21 15:59:22 : <INFO> [Telemetry] Status code: QVariant(int, 200)
2019-11-21 15:59:45 : <INFO> [Button clicked] EULA agreed
2019-11-21 15:59:47 : <INFO> [Button clicked] Scan
2019-11-21 15:59:47 : <INFO> [Scan] Started
2019-11-21 15:59:47 : <INFO> [Database] Downloading database
2019-11-21 15:59:48 : <INFO> [Database] Checking integrity
2019-11-21 15:59:48 : <INFO> [Database] Found 2588 families
2019-11-21 15:59:48 : <INFO> [Database] Database v "2019-11-20.1"
2019-11-21 15:59:50 : <INFO> [Loading paths] Local paths loaded
2019-11-21 15:59:50 : <INFO> [Loading paths] Chrome paths loaded
2019-11-21 15:59:50 : <INFO> [Loading paths] User Keys loaded
2019-11-21 15:59:50 : <INFO> [Module initialized] "File"
2019-11-21 15:59:50 : <INFO> [Module initialized] "Folder"
2019-11-21 15:59:50 : <INFO> [Module initialized] "RegistryKey"
2019-11-21 15:59:50 : <INFO> [Module initialized] "RegistryValue"
2019-11-21 15:59:50 : <INFO> [Module initialized] "TaskName"
2019-11-21 15:59:51 : <INFO> [Module initialized] "Service"
2019-11-21 15:59:51 : <INFO> [Module initialized] "Winlogon"
2019-11-21 15:59:59 : <INFO> [Module initialized] "URL"
2019-11-21 15:59:59 : <INFO> [Module initialized] "RegAppInit"
2019-11-21 15:59:59 : <INFO> [Module initialized] "RegClasses"
2019-11-21 15:59:59 : <INFO> [Module initialized] "DNS"
2019-11-21 15:59:59 : <INFO> [Module initialized] "RegFirewallPolicy"
2019-11-21 15:59:59 : <INFO> [Module initialized] "RegGuid"
2019-11-21 16:00:00 : <INFO> [Module initialized] "RegIEElevationPolicy"
2019-11-21 16:00:00 : <INFO> [Module initialized] "RegOther"
2019-11-21 16:00:00 : <INFO> [Module initialized] "RegProductID"
2019-11-21 16:00:00 : <INFO> [Module initialized] "RegSoftware"
2019-11-21 16:00:00 : <INFO> [Module initialized] "RegStartup"
2019-11-21 16:00:00 : <INFO> [Module initialized] "WMI"
2019-11-21 16:00:00 : <INFO> [Module initialized] "ChromiumExt"
2019-11-21 16:00:00 : <INFO> [Module initialized] "FirefoxExt"
2019-11-21 16:00:00 : <INFO> [Module initialize] Scan Browser
2019-11-21 16:00:06 : <INFO> [Module initialize] Scan Browser FF
2019-11-21 16:00:06 : <INFO> [Module initialize] FF start pages loaded
2019-11-21 16:00:06 : <INFO> [Module initialize] FF search providers loaded
2019-11-21 16:00:06 : <INFO> [Module initialize] FF plugin list loaded
2019-11-21 16:00:06 : <INFO> [Scan] Exclusions loaded
2019-11-21 16:00:06 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-11-21 16:00:10 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-11-21 16:00:11 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "C:\\Windows\\System32\\Tasks\\DRIVER BOOSTER SCHEDULER" [ "Task" ]
2019-11-21 16:00:11 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Driver Booster Scheduler" [ "Registry" ]
2019-11-21 16:00:11 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Driver Booster Scheduler" [ "Registry" ]
2019-11-21 16:00:11 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{55B6BDD1-0B22-4A71-B210-B674D387E4C2}\u0000" [ "Registry" ]
2019-11-21 16:00:15 : <INFO> [Button clicked] Settings menu item
2019-11-21 16:00:21 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Classes\\Installer\\Features\\952BA647474611149866C1269F6A0E36" [ "Registry" ]
2019-11-21 16:00:21 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Classes\\Installer\\Products\\952BA647474611149866C1269F6A0E36" [ "Registry" ]
2019-11-21 16:00:21 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\952BA647474611149866C1269F6A0E36" [ "Registry" ]
2019-11-21 16:00:23 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\Windows\\System32\\REGISTRYDEFRAGBOOTTIME.EXE" [ "File" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\Users\\Renátka Kouoilová\\AppData\\LocalLow\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\Program Files (x86)\\Common Files\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\Software\\Classes\\Interface\\{BA935377-E17C-4475-B1BF-DE3110613A99}" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\Software\\Classes\\CLSID\\{2803063F-4B8D-4dc6-8874-D1802487FE2D}" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\SOFTWARE\\CLASSES\\DIRECTORY\\SHELLEX\\CONTEXTMENUHANDLERS\\Advanced SystemCare" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\SOFTWARE\\CLASSES\\DRIVE\\SHELLEX\\CONTEXTMENUHANDLERS\\Advanced SystemCare" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\SOFTWARE\\CLASSES\\LNKFILE\\SHELLEX\\CONTEXTMENUHANDLERS\\Advanced SystemCare" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\Advanced SystemCare" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\shellex\\ContextMenuHandlers\\Advanced SystemCare" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\Software\\Wow6432Node\\IOBIT\\ASC" [ "Registry" ]
2019-11-21 16:00:24 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\Software\\Wow6432Node\\IObit\\RealTimeProtector" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "C:\\Users\\Public\\Desktop\\SlimDrivers.lnk" [ "File" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "C:\\Users\\Renátka Kouoilová\\AppData\\Local\\slimware utilities inc" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "C:\\ProgramData\\SlimWare Utilities, Inc" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "C:\\Program Files (x86)\\SlimDrivers" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SlimDrivers" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "HKLM\\Software\\Wow6432Node\\SlimWare Utilities Inc" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "HKCU\\Software\\SlimWare Utilities Inc" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "HKLM\\Software\\Wow6432Node\\SLIMWARE UTILITIES, INC." [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.SlimCleanerPlus" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{746AB259-6474-4111-8966-1C62F9A6E063}" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "C:\\Users\\Public\\Desktop\\Driver Booster 6.lnk" [ "File" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "C:\\Users\\Renátka Kouoilová\\AppData\\Roaming\\IOBIT\\Driver Booster" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "C:\\Program Files (x86)\\IOBIT\\Driver Booster" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "C:\\ProgramData\\IOBIT\\Driver Booster" [ "Folder" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "C:\\Windows\\System32\\Tasks\\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUOILOVÁ)" [ "Task" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUOILOVÁ)" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUOILOVÁ)" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E55F050C-B66F-4FEF-A048-433B0529BF7F}\u0000" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Plain\\{E55F050C-B66F-4FEF-A048-433B0529BF7F}\u0000" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Driver Booster_is1" [ "Registry" ]
2019-11-21 16:00:28 : <INFO> [Scan] Item detected: "PUP.Optional.DriverBooster" , "HKLM\\Software\\Wow6432Node\\IObit\\Driver Booster" [ "Registry" ]
2019-11-21 16:00:29 : <INFO> [Scan] Item detected: "PUP.Optional.DriverUpdate" , "HKLM\\SYSTEM\\Setup\\FirstBoot\\Services\\SWDUMon" [ "Registry" ]
2019-11-21 16:00:31 : <INFO> [Button clicked] Dashboard menu item
2019-11-21 16:00:44 : <INFO> [Scan] Item detected: "PUP.Optional.InstallCore" , "HKCU\\Software\\csastats" [ "Registry" ]
2019-11-21 16:00:50 : <INFO> [Telemetry] Sending to Influx
2019-11-21 16:00:52 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-11-21 16:00:52 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-11-21 16:00:52 : <INFO> [SslCert] Locality Name ()
2019-11-21 16:00:52 : <INFO> [SslCert] Organization ()
2019-11-21 16:00:52 : <INFO> [SslCert] Certificate EffectiveDate: "et oíj 17 14:50:26 2019 GMT"
2019-11-21 16:00:52 : <INFO> [SslCert] Certificate ExpirationDate: "st led 15 14:50:26 2020 GMT"
2019-11-21 16:00:52 : <INFO> [SslCert] ALPN: Yes
2019-11-21 16:00:52 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-11-21 16:00:52 : <INFO> [SslCert] KXE: "ECDH"
2019-11-21 16:00:52 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-11-21 16:00:52 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2019-11-21 16:00:52 : <INFO> [Telemetry] Sending to DSE
2019-11-21 16:00:53 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-11-21 16:00:53 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2019-11-21 16:00:53 : <INFO> [SslCert] Locality Name ("San Jose")
2019-11-21 16:00:53 : <INFO> [SslCert] Organization ("Malwarebytes Inc.")
2019-11-21 16:00:53 : <INFO> [SslCert] Certificate EffectiveDate: "et úno 22 00:00:00 2018 GMT"
2019-11-21 16:00:53 : <INFO> [SslCert] Certificate ExpirationDate: "st dub 22 12:00:00 2020 GMT"
2019-11-21 16:00:53 : <INFO> [SslCert] ALPN: Yes
2019-11-21 16:00:53 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-11-21 16:00:53 : <INFO> [SslCert] KXE: "ECDH"
2019-11-21 16:00:53 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-11-21 16:00:53 : <INFO> [Telemetry] Status code: QVariant(int, 201)
2019-11-21 16:00:53 : <INFO> [Scan] Finished
2019-11-21 16:01:53 : <INFO> [Button clicked] Quarantine menu item
2019-11-21 16:01:55 : <INFO> [Button clicked] Dashboard menu item
2019-11-21 16:57:35 : <INFO> [Button clicked] Quarantine menu item
2019-11-21 16:57:54 : <INFO> [Button clicked] Dashboard menu item
2019-11-21 16:57:56 : <INFO> [Button clicked] Log files menu item

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 18:31
od Rudy
Nálezy ADW smažte, restartujte a dejte nové logy FRST+Addition.

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 19:15
od Renata
Tady ještě pro jistotu protokol Adwcleaneru po restartu - vyběhl mi na obrazovku

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-11-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-21-2019
# Duration: 00:00:35
# OS: Windows 10 Pro
# Cleaned: 42
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IOBIT\Driver Booster
Deleted C:\Program Files (x86)\SlimDrivers
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
Deleted C:\ProgramData\SlimWare Utilities, Inc
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Renátka Kouřilová\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Renátka Kouřilová\AppData\Local\slimware utilities inc
Deleted C:\Users\Renátka Kouřilová\AppData\Roaming\IOBIT\Driver Booster
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\Users\Public\Desktop\Driver Booster 6.lnk
Deleted C:\Users\Public\Desktop\SlimDrivers.lnk
Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER
Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUŘILOVÁ)

***** [ Registry ] *****

Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E55F050C-B66F-4FEF-A048-433B0529BF7F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B6BDD1-0B22-4A71-B210-B674D387E4C2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E55F050C-B66F-4FEF-A048-433B0529BF7F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (RENÁTKA KOUŘILOVÁ)
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
Deleted HKLM\Software\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [93809 octets] - [21/11/2019 16:59:10]
AdwCleaner[S00].txt - [5477 octets] - [21/11/2019 17:00:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 19:15
od Renata
Tady nový FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2019
Ran by Renátka Kouřilová (administrator) on DESKTOP-8GUTKUB (Hewlett-Packard Presario CQ57 Notebook PC) (21-11-2019 19:01:36)
Running from C:\Users\Renátka Kouřilová\Desktop
Loaded Profiles: Renátka Kouřilová (Available Profiles: defaultuser0 & Renátka Kouřilová)
Platform: Windows 10 Pro Version 1909 18363.476 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Renátka Kouřilová\Desktop\adwcleaner_7.4.2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\MountPoints2: {0059af34-8527-11e9-851a-6427374dd8d4} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-186480865-526504866-4034979321-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [221184 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-06] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0075DC11-821C-46C9-A5D3-D0D29EC24CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-07-19] (Google Inc -> Google Inc.)
Task: {4F74A470-59EC-4BE4-BB13-EB8556318CF3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {665563D1-D372-4353-B4BB-A5F57DD30321} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E2FEB14-4A87-4A06-81EA-B131822F2340} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {826BD096-A603-487F-8524-73069D9C2ECA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2963216 2018-07-10] (IObit Information Technology -> IObit)
Task: {90269655-E4B5-46A0-8BA8-63C1E0BFCCCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9840A659-5CD8-4E82-856F-5AC9094D7D2D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9BD5E1B4-50F9-4983-B7F2-000DB681BD84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {A147528D-A93C-4B87-8636-557C764CDBC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-07-19] (Google Inc -> Google Inc.)
Task: {C0E4D49B-CAEE-40AF-A6F2-C5380295489F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1182232 2018-01-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D6B6027B-0FAD-4648-82BA-B3E39E7590D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-18] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{40984686-0048-4511-b961-8cc16d1fdefe}: [DhcpNameServer] 10.0.0.138 192.168.0.1
Tcpip\..\Interfaces\{55fc86c1-3c17-49e6-bea0-550539be8c4e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{a4972324-dca9-4ccb-ae83-c09c06d07010}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29
HKU\S-1-5-21-186480865-526504866-4034979321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29&q={searchTerms}
SearchScopes: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29&q={searchTerms}
SearchScopes: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w29&q={searchTerms}
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]

Edge:
======
DownloadDir: C:\Users\Renátka Kouřilová\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> about:tabs

FireFox:
========
FF DefaultProfile: 5vfrcgis.default
FF ProfilePath: C:\Users\Renátka Kouřilová\AppData\Roaming\Mozilla\Firefox\Profiles\5vfrcgis.default [2019-11-21]
FF user.js: detected! => C:\Users\Renátka Kouřilová\AppData\Roaming\Mozilla\Firefox\Profiles\5vfrcgis.default\user.js [2017-11-30]
FF Homepage: Mozilla\Firefox\Profiles\5vfrcgis.default -> hxxps://www.duolingo.com/|hxxps://www.duome.eu/ ... seznam.cz/
FF Extension: (Enhancer for YouTube™) - C:\Users\Renátka Kouřilová\AppData\Roaming\Mozilla\Firefox\Profiles\5vfrcgis.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2019-09-05]
FF Extension: (uBlock Origin) - C:\Users\Renátka Kouřilová\AppData\Roaming\Mozilla\Firefox\Profiles\5vfrcgis.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-14]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Notifications: Default -> hxxps://1.puttraffic.com
CHR Profile: C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default [2019-11-21]
CHR Extension: (YouTube) - C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-23]
CHR Extension: (Vyhledávání Google) - C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-07-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Gmail) - C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Renátka Kouřilová\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-31]
CHR HKU\S-1-5-21-186480865-526504866-4034979321-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [255472 2015-10-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [98008 2018-01-15] (Ellora Assets Corp -> Freemake)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268368 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-11-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21648880 2015-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674288 2015-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2019-11-21] (CPUID -> CPUID)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-07-19] (Martin Malik - REALiX -> REALiX(tm))
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2019-03-19] (Microsoft Windows -> MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1167560 2019-11-11] (Realtek Semiconductor Corp. -> Realtek )
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2019-08-31] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-18] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-21 19:01 - 2019-11-21 19:06 - 000017613 _____ C:\Users\Renátka Kouřilová\Desktop\FRST.txt
2019-11-21 16:59 - 2019-11-21 18:55 - 000000000 ____D C:\AdwCleaner
2019-11-21 16:58 - 2019-11-21 16:58 - 007622344 _____ (Malwarebytes) C:\Users\Renátka Kouřilová\Desktop\adwcleaner_7.4.2.exe
2019-11-21 16:17 - 2019-11-21 19:04 - 000000000 ____D C:\FRST
2019-11-21 14:34 - 2019-11-21 14:35 - 002260480 _____ (Farbar) C:\Users\Renátka Kouřilová\Desktop\FRST64.exe
2019-11-21 12:35 - 2019-11-21 12:35 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-11-21 12:35 - 2019-11-21 12:35 - 000002912 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-11-21 12:35 - 2019-11-21 12:35 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-11-21 12:35 - 2019-11-21 12:35 - 000000865 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-11-21 12:35 - 2019-11-21 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-11-21 12:34 - 2019-11-21 12:35 - 000000000 ____D C:\Program Files\CCleaner
2019-11-21 12:31 - 2019-11-21 12:31 - 024578944 _____ (Piriform Software Ltd) C:\Users\Renátka Kouřilová\Downloads\ccsetup563.exe
2019-11-21 00:59 - 2019-11-21 18:57 - 079953920 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-11-21 00:04 - 2019-11-21 00:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2019-11-20 23:50 - 2019-11-20 23:52 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-11-14 12:34 - 2019-11-14 12:35 - 024365064 _____ (IObit ) C:\Users\Renátka Kouřilová\Downloads\driver_booster_setup (listopad 2019).exe
2019-11-13 22:58 - 2019-11-13 22:58 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 006521768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 006232576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 004129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 002956472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-11-12 20:57 - 2019-11-12 20:57 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001866272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001664688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001413864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 001017680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000679152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000452920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000404904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000380944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-11-12 20:57 - 2019-11-12 20:57 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-11-12 20:57 - 2019-11-12 20:57 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-11-12 20:57 - 2019-11-12 20:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000089568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-11-12 20:57 - 2019-11-12 20:57 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-11-12 20:57 - 2019-11-12 20:57 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reg.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2019-11-12 20:57 - 2019-11-12 20:57 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-11-12 20:57 - 2019-11-12 20:57 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2019-11-12 20:57 - 2019-11-12 20:57 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 006227104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 003968512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 003791360 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 003728384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 002988344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 002763016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 002284032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 002114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 002081976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001656392 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001647064 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001327064 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001171704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000874936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000822200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 000517432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-11-12 20:56 - 2019-11-12 20:56 - 000466928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000461320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000372752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2019-11-12 20:56 - 2019-11-12 20:56 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-11-12 20:56 - 2019-11-12 20:56 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2019-11-12 20:56 - 2019-11-12 20:56 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-11-12 20:03 - 2019-10-17 07:17 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2019-11-12 20:03 - 2019-10-17 07:01 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2019-11-12 09:38 - 2019-11-12 09:38 - 000000000 ____D C:\ProgramData\ATI
2019-11-11 23:10 - 2019-11-11 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2019-11-11 23:10 - 2019-11-11 23:10 - 000000000 ____D C:\Program Files\ATI Technologies
2019-11-11 22:55 - 2019-11-11 22:55 - 001167560 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2019-11-11 22:49 - 2019-11-11 22:49 - 000061976 _____ C:\WINDOWS\system32\amdverag.dll
2019-11-11 22:49 - 2019-11-11 22:49 - 000020790 _____ C:\WINDOWS\SysWOW64\ativvsnl.dat
2019-11-11 22:49 - 2019-11-11 22:49 - 000020790 _____ C:\WINDOWS\system32\ativvsnl.dat
2019-11-11 22:49 - 2019-11-11 22:49 - 000000025 _____ C:\WINDOWS\SysWOW64\ativvsny.dat
2019-11-11 22:49 - 2019-11-11 22:49 - 000000025 _____ C:\WINDOWS\system32\ativvsny.dat
2019-11-11 22:48 - 2019-11-11 22:48 - 000305400 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2019-11-04 16:32 - 2019-11-12 21:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-25 15:27 - 2019-10-25 15:27 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 005501952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 004307968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 002369552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 002188808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 002158080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 001659192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 001185792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 001126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000960040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ManagedEventLogging.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000259384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CmUtil.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncController.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CabUtil.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.EventLogMessages.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAgentPolicyGenerator.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.WmiAccess.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncCommon.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.WinRT.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.LocalSyncProvider.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernSync.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateBaselineGenerator.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateConfigItemGenerator.exe
2019-10-25 15:27 - 2019-10-25 15:27 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SmbSyncProvider.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.MonitorSyncProvider.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncConditions.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2019-10-25 15:27 - 2019-10-25 15:27 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2019-10-25 15:27 - 2019-10-25 15:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2019-10-25 15:26 - 2019-10-25 15:27 - 001387024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 008011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 007195648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 007015936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 006082808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 005763848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 004150272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 003967920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 003752960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 002586816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 002562048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 002399232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 002258848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001916984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001718584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001691648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001616696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001154656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000827192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000816952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000666640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000396088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000375720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000251512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accessibilitycpl.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2019-10-25 15:26 - 2019-10-25 15:26 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2019-10-25 15:26 - 2019-10-25 15:26 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2019-10-25 15:26 - 2019-10-25 15:26 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\posetup.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2019-10-25 15:26 - 2019-10-25 15:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 007904152 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 007262456 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 006166016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 004047360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 003371928 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 002772272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 001974824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-10-25 15:25 - 2019-10-25 15:25 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 001069064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000911824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000586768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\accessibilitycpl.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000113160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000105488 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AtBroker.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000028344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2019-10-25 15:25 - 2019-10-25 15:25 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2019-10-25 15:25 - 2019-10-25 15:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-10-25 15:25 - 2019-10-25 15:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 007849424 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 005890048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 004615616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 003591208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 003105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 002126112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 002120704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 001259416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000874536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000657424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000322504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000291256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000204816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-10-25 15:24 - 2019-10-25 15:24 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-10-25 15:24 - 2019-10-25 15:24 - 000088568 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000065272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-10-25 15:24 - 2019-10-25 15:24 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-10-25 15:24 - 2019-10-25 15:24 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2019-10-25 15:24 - 2019-10-25 15:24 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-21 19:01 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-21 18:58 - 2019-06-09 19:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-21 18:57 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-21 18:56 - 2017-07-19 20:43 - 000000000 ____D C:\ProgramData\IObit
2019-11-21 18:56 - 2017-07-19 20:41 - 000000000 ____D C:\Users\Renátka Kouřilová\AppData\Roaming\IObit
2019-11-21 18:55 - 2019-06-09 18:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-21 18:55 - 2017-07-19 20:41 - 000000000 ____D C:\Users\Renátka Kouřilová\AppData\LocalLow\IObit
2019-11-21 18:55 - 2017-07-19 20:34 - 000000000 ____D C:\Users\Renátka Kouřilová\AppData\LocalLow\Mozilla
2019-11-21 08:57 - 2017-07-19 20:41 - 000000000 ____D C:\Program Files (x86)\IObit
2019-11-21 01:08 - 2018-12-07 12:28 - 000000002 _____ C:\Users\Renátka
2019-11-21 00:00 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-21 00:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-20 23:50 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-11-20 13:31 - 2019-08-03 13:33 - 000000000 ____D C:\Users\Renátka Kouřilová\AppData\Roaming\upjers-playground2
2019-11-18 20:17 - 2017-07-21 16:26 - 000000000 ____D C:\Users\Renátka Kouřilová\.smplayer
2019-11-18 14:23 - 2017-07-19 21:39 - 000000000 ____D C:\Users\Renátka Kouřilová\Documents\Bandicam
2019-11-17 13:44 - 2017-07-19 20:32 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-17 13:44 - 2017-07-19 20:32 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-17 13:44 - 2017-07-19 20:32 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-17 13:42 - 2017-07-19 20:43 - 000000000 ____D C:\ProgramData\ProductData
2019-11-16 19:17 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-12 21:59 - 2019-06-09 18:58 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-12 21:59 - 2019-03-19 12:57 - 000683780 _____ C:\WINDOWS\system32\perfh005.dat
2019-11-12 21:59 - 2019-03-19 12:57 - 000137462 _____ C:\WINDOWS\system32\perfc005.dat
2019-11-12 21:50 - 2019-06-09 18:33 - 000281440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-12 21:50 - 2017-07-19 20:10 - 000000000 ____D C:\ProgramData\AMD
2019-11-12 21:49 - 2017-07-19 20:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-12 21:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-11-12 21:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-11-12 21:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-11-12 21:17 - 2017-07-22 10:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-11-12 21:09 - 2017-07-22 10:18 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-11-11 23:09 - 2017-07-19 20:10 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2019-11-11 22:54 - 2017-07-19 20:07 - 000000000 ____D C:\AMD
2019-11-11 21:23 - 2017-07-19 21:42 - 000000000 ____D C:\Users\Renátka Kouřilová\Documents\ConvertXToDVD
2019-11-05 16:47 - 2017-07-19 20:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-11-05 16:46 - 2019-06-09 19:15 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 16:46 - 2019-06-09 19:15 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 16:45 - 2017-07-19 20:31 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-25 19:08 - 2017-12-21 14:15 - 000000000 ___RD C:\Users\Renátka Kouřilová\3D Objects
2019-10-25 19:08 - 2016-11-21 05:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-25 18:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-10-25 18:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-10-25 18:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-10-25 18:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-10-25 18:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-10-25 18:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2019-10-25 10:01 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ========

2017-07-19 21:42 - 2017-07-31 20:19 - 000099384 _____ () C:\Users\Renátka Kouřilová\AppData\Roaming\inst.exe
2017-07-19 21:42 - 2017-07-31 20:19 - 000007859 _____ () C:\Users\Renátka Kouřilová\AppData\Roaming\pcouffin.cat
2017-07-19 21:42 - 2017-07-31 20:19 - 000001167 _____ () C:\Users\Renátka Kouřilová\AppData\Roaming\pcouffin.inf
2017-07-19 21:42 - 2017-07-31 20:19 - 000000055 _____ () C:\Users\Renátka Kouřilová\AppData\Roaming\pcouffin.log
2017-07-19 21:42 - 2017-07-31 20:19 - 000082816 _____ (VSO Software) C:\Users\Renátka Kouřilová\AppData\Roaming\pcouffin.sys
2019-09-27 14:32 - 2019-09-27 14:32 - 000000721 _____ () C:\Users\Renátka Kouřilová\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 19:16
od Renata
A tady Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2019
Ran by Renátka Kouřilová (21-11-2019 19:10:07)
Running from C:\Users\Renátka Kouřilová\Desktop
Windows 10 Pro Version 1909 18363.476 (X64) (2019-06-09 18:17:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-186480865-526504866-4034979321-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-186480865-526504866-4034979321-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-186480865-526504866-4034979321-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-186480865-526504866-4034979321-501 - Limited - Disabled)
Renátka Kouřilová (S-1-5-21-186480865-526504866-4034979321-1001 - Administrator - Enabled) => C:\Users\Renátka Kouřilová
WDAGUtilityAccount (S-1-5-21-186480865-526504866-4034979321-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Any Video Converter 6.2.4 (HKLM-x32\...\Any Video Converter) (Version: 6.2.4 - Anvsoft)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.3.1262 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bandizip (HKLM\...\Bandizip) (Version: 6.08 - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Ford Racing 2 (HKLM-x32\...\{797E03F8-C8A0-47ED-AA9F-D7076276E491}) (Version: - )
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GMX - Enhanced by Google (HKLM-x32\...\{59B4B174-0934-60F4-B8B4-10746834C3F4}) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Inkscape 0.92.1 (HKLM-x32\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0005 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 70.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 70.0.1 (x64 cs)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
PotPlayer (HKLM-x32\...\PotPlayer) (Version: - Kakao Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.28162 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.1 - IObit)
SMPlayer 17.7.0 (x64) (HKLM\...\SMPlayer) (Version: 17.7.0 - Ricardo Villalba)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
upjers Playground 2.0.96 (HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\e2446448-09eb-5b1b-84b1-6746557362e3) (Version: 2.0.96 - upjers GmbH)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.9 - VSO Software)
XnView 2.40 (HKLM-x32\...\XnView_is1) (Version: 2.40 - Gougelet Pierre-e)
Zoner Photo Studio 7 Classic (HKLM-x32\...\{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}) (Version: 7.0.5000.2 - ZONER software)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-10-25] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-01] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.5.0.8_x86__h6adky7gbf63m [2019-11-20] (Gameloft.)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.4.0.10_x86__h6adky7gbf63m [2019-10-25] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-186480865-526504866-4034979321-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft -> Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-186480865-526504866-4034979321-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1-x32: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2015-02-19] () [File not signed]
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1-x32: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 7\Program\ShellExt7.dll [2004-11-03] (ZONER software) [File not signed]
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2-x32: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 7\Program\ShellExt7.dll [2004-11-03] (ZONER software) [File not signed]
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4-x32: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 7\Program\ShellExt7.dll [2004-11-03] (ZONER software) [File not signed]
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6-x32: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 7\Program\ShellExt7.dll [2004-11-03] (ZONER software) [File not signed]
ContextMenuHandlers1_S-1-5-21-186480865-526504866-4034979321-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2_S-1-5-21-186480865-526504866-4034979321-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-186480865-526504866-4034979321-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5_S-1-5-21-186480865-526504866-4034979321-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2017-07-21] (Bandisoft -> Bandisoft.com)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-08-21 22:09 - 2015-08-21 22:09 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 000102400 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2019-11-12 19:12 - 2019-11-12 19:12 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\A4.Foundation\26b4b8f944cc5d6d03ca0d21d616948b\A4.Foundation.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\b773ba1ac54be6416817e4ea43acd356\AEM.Actions.CCAA.Shared.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\f35f4e90e448ade295ea325150c6c13b\AEM.Plugin.EEU.Shared.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\e40aa7c6d2e57f92bfe8a2ddd87abd23\AEM.Plugin.Hotkeys.Shared.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\bf4c9553cee074acea1480b28f60505f\AEM.Plugin.DPPE.Shared.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000281600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\15471e995373ff9933a5eb1509d722e9\AEM.Plugin.Source.Kit.Server.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\952b1977a662c8efddeafdde197081a1\AEM.Plugin.WinMessages.Shared.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\2fd405f168776a2fb407326723eb58ce\AEM.Plugin.REG.Shared.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\eb869d4b2447fb394976d4cbcf219dfe\AEM.Plugin.GD.Shared.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\da3a2f5b71eb8cf94c107ca35d2107f8\AEM.Server.Shared.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server\f349349a1c232b8bb791d2726cafddb2\AEM.Server.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Foundation\fd9212a3510e91ca856c835211d413cc\APM.Foundation.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ATICCCom\afd2cbf7adc0c24d3afb8ce8de47431c\ATICCCom.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\76b50c7e3c24cbb969d1c8b249efb437\CCC.Implementation.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\d162362cb9829569ace0fcbd7170732e\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2019-11-12 19:21 - 2019-11-12 19:21 - 000154112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\b3c9a2b0f1d0a61b4df4fc705ebd4020\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\7e447910d88a82b6cac9acc755919ee0\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\5d0584d5580c048854e7737b33928923\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\35681df4218bf332ff8cbecaef30a485\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2019-11-12 19:23 - 2019-11-12 19:23 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\a97c0185977ae8fe641885af0d6421be\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\74fb5f4b5282e71ba20d94d5c4b5847e\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2019-11-12 19:21 - 2019-11-12 19:21 - 000132608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\f2143a113b2c594d727ed5729d4a9443\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2019-11-12 19:23 - 2019-11-12 19:23 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\7a2b50984d16010f306c136f7e668d0b\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000152576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\41e2f5d90aba67e3de3dc57dd27367fd\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\b4c014192cdc176c13aa9bd2ae28b89f\CLI.Aspect.FPS.Graphics.Shared.ni.dll
2019-11-12 19:21 - 2019-11-12 19:21 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\b56894c356d2796aacc33a7e4aceb0f2\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000111616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\185dd7265330844df795e8f6e7ae51c0\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2019-11-12 19:25 - 2019-11-12 19:25 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\47ac66352df3274f477b1f379a9f79bd\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000365056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\937f2dc66cf48373383fe053077760ad\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2019-11-12 19:24 - 2019-11-12 19:24 - 000064000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\e9c08ee255cf821489a99ab2317e7756\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000678912 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\5d490b279dae83ccc643100925a0f654\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2019-11-12 19:22 - 2019-11-12 19:22 - 000745472 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\5126cdaaa8ef20b9453c8cff0a1e3067\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000449024 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\49c6c6bcfc065142b18bc474bb0844dd\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\d83b9bc9d39b0fc0285f8c1aa49a4a91\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000158208 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\c9ebcfd83a1203e120f7c4155a623c5a\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\e019b5dd77f021430967a490ea45c349\CLI.Aspect.FPS.Graphics.Runtime.ni.dll
2019-11-12 19:24 - 2019-11-12 19:24 - 000082944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\e7a36e7b2b353346beab8ed74dfc418f\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\843466c7a96c80f00447c3f377983e18\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\9d9ae576c327540bd0973c85399aa7d9\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\8ccff2490e29ac548309b52699de5229\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2019-11-12 19:25 - 2019-11-12 19:25 - 000023552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\1a92e52249a0aaceed85ef2943fd8d5c\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2019-11-12 19:21 - 2019-11-12 19:21 - 000340992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\253880081557ae87ca8276ed94c8cedb\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\2c0e56f2b769321102bc07c3209acfba\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000081408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\7afd4fa34a8aee28857d25aac60c0465\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2019-11-12 19:24 - 2019-11-12 19:24 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\4893eb18f9f966e33100ce3ac985030e\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000276480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\791eaa186e117b1446a9a565e5a90966\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2019-11-12 19:22 - 2019-11-12 19:22 - 003312640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\00a7128cce2d0d42a2444328c23b16a0\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000240640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\de73a506f10469db59ae84f29d27e243\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2019-11-12 19:23 - 2019-11-12 19:23 - 000047616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\a89d1c007aef22d5d0176f59704ef218\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\263a2b7e579ec0e79d9c7cbc53037c55\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\5460535543890b06aa95911f3e90e2c3\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2019-11-12 19:24 - 2019-11-12 19:24 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\e98b0cea993d8a506b4222e226b47a7a\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll
2019-11-12 19:26 - 2019-11-12 19:26 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\be51574e8320b85aef04860eeed9fb29\CLI.Caste.A4.Runtime.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\e8864b2c4a78b242090338b01d7b8cc1\CLI.Caste.A4.Shared.ni.dll
2019-11-12 19:26 - 2019-11-12 19:26 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\ca854903c546ee2ff7b2e2b6ac875c52\CLI.Caste.A4.Dashboard.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\681ec55a25145d7b6956eb48886885af\CLI.Caste.Fuel.Shared.ni.dll
2019-11-12 19:26 - 2019-11-12 19:26 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\d232be0593b29b3d4dc489b7975f2247\CLI.Caste.Fuel.Runtime.ni.dll
2019-11-12 19:26 - 2019-11-12 19:26 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\7b52537400339908d50bc435866ba2b0\CLI.Caste.Fuel.Dashboard.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\316ae56cf6a2beeaf151ef26b9ab5454\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 001555456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\e8fbaf6a5e44a58b7e4f79e17a9aff2e\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000587776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\0178874472a1d225458d28646bbed5e6\CLI.Caste.Graphics.Dashboard.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\9f0a1005c9b4719341839f1eb2663cea\CLI.Caste.HydraVision.Runtime.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\b68cb5b96ac3e5a0b887617d7edba181\CLI.Caste.HydraVision.Shared.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\2296d14e5fea8b79d3258a79daca0cfc\CLI.Caste.HydraVision.Dashboard.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\eba0a5d55b5a8407bb7c50f5edf9f260\CLI.Caste.Platform.Shared.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\22b15f5c0352bba69cdc50907e998b68\CLI.Caste.Platform.Runtime.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\fe9c193ba08425bcf48db3b13e23556f\CLI.Caste.Platform.Dashboard.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000350720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\a776b8c2bf91142b906b97ebdac49844\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\ca77ae28375f3e5fd7175e1b0f4ba31f\CLI.Component.Runtime.Shared.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\5873d47d9e0dbb56f13cb1f92b5900c4\CLI.Component.Dashboard.ProfileManager2.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\107261d1f5a6d00be30feb560968120a\CLI.Component.Runtime.Shared.Private.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\989dd7b16335b39bc2a03fb5f930a8ef\CLI.Component.Runtime.Extension.EEU.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 001609728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\70b1b4f227c6d48731c32709e69e2c6e\CLI.Component.Dashboard.Shared.Private.ni.dll
2019-11-12 19:17 - 2019-11-12 19:17 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\5a4af49ba3d4484b7e7bacbb40eb5ef7\CLI.Component.Client.Shared.ni.dll
2019-11-12 19:17 - 2019-11-12 19:17 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\c0a690dc6406d0b9054c16960dd1bef0\CLI.Component.Dashboard.Shared.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000089600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\ec801d43d6980a9cba68ac371500504c\CLI.Foundation.Private.ni.dll
2019-11-12 19:29 - 2019-11-12 19:29 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\4bbffbf1f5fa13dec45055a6b8251c83\CLI.Foundation.XManifest.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\f0f7e0a45a86a5d5e2bf1adceb10a079\CLI.Foundation.CoreAudioAPI.ni.dll
2019-11-12 19:17 - 2019-11-12 19:17 - 001079808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\3077cbbb57185062b699922ffbd11462\CLI.Foundation.Client.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\9c6370b04a28210a4944f70cfd649e22\CLI.Foundation.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\d27ea92f1ee687781328d97ae5ed90a7\DEM.Foundation.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000115200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\75b60d5f579e27073056daa499f62bd5\DEM.Graphics.I0601.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\34b0e8498635c06b68a077f08c972621\DEM.Graphics.ni.dll
2019-11-12 19:26 - 2019-11-12 19:26 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\c31d514b3344d67f350bdf6131c00e32\Fuel.Foundation.ni.dll
2019-11-12 19:29 - 2019-11-12 19:29 - 000296960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\7c9f421b50032b40ba983fbaa62262ee\LOG.Foundation.Implementation.ni.dll
2019-11-12 19:12 - 2019-11-12 19:12 - 000150016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\3cd7c5534bbedeefb61edaa907196596\LOG.Foundation.Private.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000087552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\17ecb3c9f980cb4b5ef187c49a274a6d\LOG.Foundation.Implementation.Private.ni.dll
2019-11-12 19:12 - 2019-11-12 19:12 - 000132608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\95a6b5443ba794a8fe60c08de3a34755\LOG.Foundation.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\abecbadddfc3adf12260024e727a6844\MOM.Foundation.ni.dll
2019-11-12 19:32 - 2019-11-12 19:32 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\eea1be3a54923d0cd3fb0cd24d0a13d5\MOM.Implementation.ni.dll
2019-11-12 19:15 - 2019-11-12 19:15 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\1059326582fa791bf3bf9be683eb86f3\NEWAEM.Foundation.ni.dll
2019-11-12 19:14 - 2019-11-12 19:14 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\95d0d4fe6f060e8ed563a24cc5706583\ADL.Foundation.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 000256000 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Server\c76c2feae4a3df02baeed478caabd1d5\APM.Server.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000298496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\a109498f52ad6b51bafe3d1bbbd8d9b6\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 001654272 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\0e512ba9204f8ae958f27d1f22c087c5\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 006336512 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\205502ea7b75fb1ff93eaea2d1610cc9\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 008027648 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\72f5d828f2e449a70266817a6fb06738\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 001159680 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\24138a7ec634d100185f85c0d18b0122\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2019-11-12 19:17 - 2019-11-12 19:17 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\ac45570917123fed73dfff3a55f92260\CLI.Component.Client.Shared.Private.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 000234496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\79090c005a62ea9a13f85daeb66b292a\CLI.Component.Runtime.ni.dll
2019-11-12 19:28 - 2019-11-12 19:28 - 000929280 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\4ace49668159a1daa2eb9e3329110624\CLI.Component.Dashboard.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\fa8e5827f0583174ea344bf801cd8a63\DEM.Graphics.I0706.ni.dll
2019-11-12 19:20 - 2019-11-12 19:20 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\648188737fd1dd675d9f0e60bace341e\DEM.Graphics.I0709.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\0dfb5a89a8aa939a45b5db2ee9159374\DEM.Graphics.I0712.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\849bb8500bbdebdee8e41e98a0309d7b\DEM.Graphics.I0804.ni.dll
2019-11-12 19:29 - 2019-11-12 19:29 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\56cf8178376d43ec5be57cbe349c7634\DEM.Graphics.I0805.ni.dll
2019-11-12 19:29 - 2019-11-12 19:29 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\1fc3a08b9fc2bacbd91ce8e2d54c82ff\DEM.Graphics.I0812.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\09c115476d8f9dfd613f4d29db56d9cc\DEM.Graphics.I0906.ni.dll
2019-11-12 19:19 - 2019-11-12 19:19 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\1b9efdb301d43b985f14987fb8467106\DEM.Graphics.I0912.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\a51dcdfeadf6c13ebaaf98324b20adca\DEM.Graphics.I1010.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 001139200 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\b1f933f9d95c12c9b81fa5762be6e6ef\Localization.Foundation.Private.ni.dll
2019-11-12 19:32 - 2019-11-12 19:32 - 000244224 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\80ed208109150c59a8ed5beae8e9c596\ResourceManagement.Foundation.Implementation.ni.dll
2019-11-12 19:17 - 2019-11-12 19:17 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\6a2234ee3ca833b5cefbf9fed02f34f6\ResourceManagement.Foundation.Private.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\e1211d0806b70391924717bdd1247bf3\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2019-11-12 19:16 - 2019-11-12 19:16 - 002845696 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\9abc6db861b810b4a6871361783c5d9d\CLI.Caste.Graphics.Shared.ni.dll
2019-11-12 19:27 - 2019-11-12 19:27 - 003268608 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\a06537ba340b6796086ab1e10be0b643\CLI.Caste.Graphics.Runtime.ni.dll
2019-11-12 19:17 - 2019-11-12 19:17 - 000335360 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.W8090224c#\5c13b6449822f73009c6132cd1cc3c94\Microsoft.WindowsAPICodePack.ni.dll
2019-11-12 19:18 - 2019-11-12 19:18 - 002546688 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.Wfbf9373c#\246c5cd5e014f6f49fbe68b92d48d28d\Microsoft.WindowsAPICodePack.Shell.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2017-07-21 13:41 - 2017-07-21 13:49 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
10.0.0.39 DESKTOP-8GUTKUB.mshome.net # 2022 7 3 20 12 49 17 789
88

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-186480865-526504866-4034979321-1001\Control Panel\Desktop\\Wallpaper -> D:\Obrázky\Uložené obrázky\podzim 41.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99CC8FC0-946F-49C4-B3DB-87F0C3F10925}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C591B561-80F8-4D6C-A123-29AF7C1C94DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{602D10EF-22FA-4683-8374-2F5E1B34A265}] => (Block) LPort=445
FirewallRules: [{F5F1A42A-1BC8-454E-A249-1B4C510A3D21}] => (Block) LPort=445
FirewallRules: [{21D68995-C074-4024-9A20-2D6215BB9D9E}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{CD1E90F4-6500-49CD-83B1-5B55DBAD2A45}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{6D2B0C99-F8CD-4204-8EF7-9643B0A2B57A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{0C9A2C44-4573-4CE2-91F0-1B91616C5407}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{42FAD0D2-3CEA-41A5-A05C-4E1CC95909D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{DDC91E16-E635-4179-8365-ABB05977923B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [{D2B140EC-D05C-4039-A38C-32251A1657C1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [{4E88442B-92C2-4162-9B8E-8E5CD0F5D8AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-11-2019 23:00:29 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2019 19:15:36 Instalační služba modulů systému Windows
20-11-2019 23:46:20 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/21/2019 07:09:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2624,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/21/2019 06:56:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (11/21/2019 06:56:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (11/21/2019 06:03:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1524,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/21/2019 05:01:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (220,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/21/2019 04:21:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4608,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/21/2019 02:45:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WINWORD.EXE verze 9.0.0.2823 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 14dc

Čas spuštění: 01d5a071a2f7b6d2

Čas ukončení: 103

Cesta k aplikaci: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

ID hlášení: 13146498-e89c-4c7b-8b6d-f203f3183cf2

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (11/21/2019 02:35:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8060,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (11/21/2019 06:55:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/21/2019 06:55:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Andrea RT Filters Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/21/2019 06:55:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/21/2019 06:55:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/21/2019 06:07:16 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/21/2019 05:11:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/21/2019 04:45:30 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/21/2019 03:51:53 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
===================================
Date: 2019-11-20 22:47:49.521
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:HTML/CoinMiner
ID: 2147743857
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-8GUTKUB\Renátka Kouřilová
Název procesu: C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe
Verze bezpečnostních informací: AV: 1.305.2497.0, AS: 1.305.2497.0, NIS: 1.305.2497.0
Verze modulu: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-18 22:51:47.614
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {ACDEA221-9058-4DCD-8820-68052ADEFB5E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-11-17 14:54:11.240
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {10F9F59E-E518-4BFD-9501-22E1A93F2946}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-11-17 14:22:08.661
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {BE4F6A77-D560-4621-8E2D-34B14246C3BC}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-11-15 15:15:26.295
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {6534D094-B977-46AE-A75E-EDAEA895544F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-11-21 01:11:01.349
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2497.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-11-17 13:38:52.389
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Zálohování
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.305.2207.0;1.305.2207.0
Verze modulu: 1.1.16500.1

Date: 2019-11-17 13:38:49.400
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.305.2239.0;1.305.2239.0
Verze modulu: 1.1.16500.1

Date: 2019-11-10 14:01:53.167
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.1697.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-11-01 11:11:11.631
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.1017.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.43 12/13/2011
Motherboard: Hewlett-Packard 3577
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3690.9 MB
Available physical RAM: 1690.94 MB
Total Virtual: 5482.9 MB
Available Virtual: 3489.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.2 GB) (Free:89.26 GB) NTFS
Drive d: (Renátky záloha) (Fixed) (Total:241.15 GB) (Free:102.15 GB) NTFS

\\?\Volume{f04b1af0-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{f04b1af0-0000-0000-0000-40d337000000}\ () (Fixed) (Total:0.82 GB) (Free:0.32 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: F04B1AF0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)
Partition 4: (Not Active) - (Size=241.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 19:19
od Renata
Jen ještě musím říct, že po restartu se mi vymazaly programy Driver Booster a Slim Drivers, které jsem (no spíš jen Driver Booster) používala na aktualizaci ovladačů.

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 19:57
od Rudy
Zřejmě je ADW považuje za škodlivé. Já aktulizuji ovladače ručně, nemůže se stát, že nainstaluji nevhodný ovladač, protože ho vyberu k danému hardwaru.
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{21D68995-C074-4024-9A20-2D6215BB9D9E}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{CD1E90F4-6500-49CD-83B1-5B55DBAD2A45}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{6D2B0C99-F8CD-4204-8EF7-9643B0A2B57A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{0C9A2C44-4573-4CE2-91F0-1B91616C5407}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{42FAD0D2-3CEA-41A5-A05C-4E1CC95909D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{DDC91E16-E635-4179-8365-ABB05977923B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [{D2B140EC-D05C-4039-A38C-32251A1657C1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\MountPoints2: {0059af34-8527-11e9-851a-6427374dd8d4} - "F:\HiSuiteDownLoader.exe"
Task: {0075DC11-821C-46C9-A5D3-D0D29EC24CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-07-19] (Google Inc -> Google Inc.)
Task: {A147528D-A93C-4B87-8636-557C764CDBC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-07-19] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld ... &p_w=y1w29
HKU\S-1-5-21-186480865-526504866-4034979321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld ... &p_w=y1w29
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
C:\WINDOWS\LastGood.Tmp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Doporučuji odinstalovat IOBit, čistič není zrovna uživatelsky přívětivý a laik si jím snadno může poškodit systém.

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 20:59
od Renata
Po dokončení se NB restartoval a pak byl na ploše soubor Fixlog, který posílám.

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-11-2019
Ran by Renátka Kouřilová (21-11-2019 20:35:08) Run:1
Running from C:\Users\Renátka Kouřilová\Desktop
Loaded Profiles: Renátka Kouřilová (Available Profiles: defaultuser0 & Renátka Kouřilová)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{21D68995-C074-4024-9A20-2D6215BB9D9E}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{CD1E90F4-6500-49CD-83B1-5B55DBAD2A45}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{6D2B0C99-F8CD-4204-8EF7-9643B0A2B57A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{0C9A2C44-4573-4CE2-91F0-1B91616C5407}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{42FAD0D2-3CEA-41A5-A05C-4E1CC95909D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{DDC91E16-E635-4179-8365-ABB05977923B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [{D2B140EC-D05C-4039-A38C-32251A1657C1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-186480865-526504866-4034979321-1001\...\MountPoints2: {0059af34-8527-11e9-851a-6427374dd8d4} - "F:\HiSuiteDownLoader.exe"
Task: {0075DC11-821C-46C9-A5D3-D0D29EC24CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-07-19] (Google Inc -> Google Inc.)
Task: {A147528D-A93C-4B87-8636-557C764CDBC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-07-19] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld ... &p_w=y1w29
HKU\S-1-5-21-186480865-526504866-4034979321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld ... &p_w=y1w29
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
SearchScopes: HKU\S-1-5-21-186480865-526504866-4034979321-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w29&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
C:\WINDOWS\LastGood.Tmp

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21D68995-C074-4024-9A20-2D6215BB9D9E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD1E90F4-6500-49CD-83B1-5B55DBAD2A45}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D2B0C99-F8CD-4204-8EF7-9643B0A2B57A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C9A2C44-4573-4CE2-91F0-1B91616C5407}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42FAD0D2-3CEA-41A5-A05C-4E1CC95909D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDC91E16-E635-4179-8365-ABB05977923B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2B140EC-D05C-4039-A38C-32251A1657C1}" => removed successfully
"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db" => not found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-186480865-526504866-4034979321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0059af34-8527-11e9-851a-6427374dd8d4} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0075DC11-821C-46C9-A5D3-D0D29EC24CF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0075DC11-821C-46C9-A5D3-D0D29EC24CF3}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A147528D-A93C-4B87-8636-557C764CDBC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A147528D-A93C-4B87-8636-557C764CDBC5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-186480865-526504866-4034979321-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-186480865-526504866-4034979321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-186480865-526504866-4034979321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 866182229 B
Java, Flash, Steam htmlcache => 568 B
Windows/system/drivers => 2407433 B
Edge => 205378 B
Chrome => 57255999 B
Firefox => 87000047 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 13312 B
NetworkService => 26338 B
defaultuser0 => 32994 B
Renátka Kouřilová => 26919803 B

RecycleBin => 134479 B
EmptyTemp: => 1001.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:51:25 ====

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 21:00
od Renata
Prosím, jak je to tedy s tím Trojským koněm, poškodil něco, nebo se opravovalo jen co napáchal IOBit? Odstranil ho ten Defender nebo ne? Hláška v Defenderu je pořád, stále tvrdí, že je všechno v pořádku...

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 22:08
od Rudy
1. Defender trojáka skutečně odstranil, my jsme PC jen dočistili, krom trojáka tam byly zbytečnosti.
2. Troják nic nepoškodil a IOBit naštěstí také ne. Ten je nebezpečný pouze v rukou laika, který neví na co v něm kliknout.
3. Jinak by už měl být PC čistý.

Re: Trojský kůň coinmainer - Win 10

Napsal: 21 lis 2019 22:32
od Renata
Moc moc děkuji za Váš čas a dobré zprávy - hlavně také kvůli mamce, má 14 dní novou instalaci a úplně stejný problém, v tom případě jí Defender trojáka též odstranil (dnes na PC jede a naštěstí bez problémů :) )
Jsem pokročilejší laik - uživatel - v Advanced vím kam sáhnout abych počítač nezničila, nastavení různých programů jako uživatel zvládám bez problémů, ale tyhle systémové soubory co jsem Vám posílala, to je pro mne španělská ves. :)

Advanced system care raději už ale instalovat nebudu, ten vir byl s největší pravděpodobností od nich. Mám místo toho CCleaner - dříve jsem s ním měla dobré zkušenosti, tak se k němu vracím. (Doufám, že je to v pohodě)
Ještě jsem se chtěla zeptat na ten Driver Booster - aktualizovat ovladače ručně si neumím představit - existuje na to nějaký jiný lepší program, nebo stačí jednou za čas stáhnout tedy ten Driver Booster, přeskenovat a raději pak vymazat? (Používala jsem ho stejně průměrně tak 1x za 2-3 měsíce.)

Předpokládám, že ty prográmky a protokoly z plochy můžu bez problémů vymazat (stejně je každou chvíli nová verze)

Ještě jednou velice děkuji za ochotu a spolupráci.

Hezký zbytek večera přeje
Renata

Re: Trojský kůň coinmainer - Win 10

Napsal: 22 lis 2019 10:22
od Rudy
Nemáte zač! Jen podotknu, že IOBit se dá nahradit přívětivějším čističem CCleaner: https://www.stahuj.cz/utility_a_ostatni ... /ccleaner/ , který vám určitě nepoškodí systém. Hezký den! :)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz