Na mojom počítači sa objavil tajomný program AUEPMASTER.EXE?

Zpráva

7777 · #1 Příspěvek od **7777** » 04 lis 2018 23:04

Takže prosím o radu, Mám windows 7 Home Premium SP1, zhruba odvčera pozorujem výrazne spomalenie počítača. Po na kliknutí správcu úloh, zistil som že skoro 2,73 GB operačnej pamäte spotrebováva tajomný program AUEPMASTER.EXE. Na internete je toto síce kopa ale ja neviem anglicky a tak nerozumiem.

Posielam log z rsit:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomas at 2018-11-04 22:53:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 39 GB (39%) free of 99 GB
Total RAM: 7634 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:53:12, on 4. 11. 2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19155)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\trend micro\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKCU\..\Run: [VDownloader] C:\Program Files\VDownloader\Vdownloader4.exe /silent
O4 - HKCU\..\Run: [f.lux] "C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Facebook Gameroom.lnk = Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3520 series.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
O23 - Service: AMD User Experience Program Launcher (AUEPLauncher) - AMD - C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7878 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-95c89356-64e6-43bc-aa69-6231d6a29fc4 -SystemEventPortName:HostProcess-0485489f-660f-4ee5-81ee-c326581e7e90 -IoCancelEventPortName:HostProcess-0d55d4ab-3139-47bd-a5ad-2f2ffc49b839 -NonStateChangingEventPortName:HostProcess-a225ea97-b439-449b-8667-a37944f72534 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:28b29c6f-c484-4991-b42c-d879c0fb7c36 -DeviceGroupId:
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AC156JC05SZ;CONNECTION=USB;MONITOR=1;
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AMD\CNext\CNext\amddvr.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\AMD\CNext\CNext\amdow.exe" 3260
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe"
AUEPMaster.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
AUEPUF.exe
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {3E8891BB-DA32-4F16-97E4-84C1856C7F41}

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Tomas\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\viea99ai.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 31.0.0.122 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 31.0.0.122 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-06-22 229040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-06-22 896264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-06-22 2353944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2018-06-22 720144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-11-09 9068040]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VDownloader"=C:\Program Files\VDownloader\Vdownloader4.exe [2018-07-27 13982720]
"f.lux"=C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe [2018-07-03 1806344]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-04-26 292848]

C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe
Monitor Ink Alerts - HP Deskjet 3520 series.lnk - C:\Windows\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-11-04 22:53:08 ----D---- C:\rsit
2018-11-04 22:53:08 ----D---- C:\Program Files\trend micro
2018-11-04 22:51:21 ----D---- C:\FRST
2018-11-01 18:27:32 ----D---- C:\Program Files (x86)\NirSoft
2018-10-28 11:11:58 ----D---- C:\Program Files\Common Files\AVAST Software
2018-10-28 11:10:14 ----D---- C:\ProgramData\AVAST Software
2018-10-19 20:31:31 ----D---- C:\Program Files\Oracle
2018-10-17 19:21:14 ----A---- C:\Windows\system32\clinfo.exe
2018-10-17 19:21:12 ----A---- C:\Windows\system32\OpenCL.dll
2018-10-17 19:21:10 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2018-10-17 19:20:46 ----A---- C:\Windows\system32\amdocl64.dll
2018-10-17 19:20:20 ----A---- C:\Windows\system32\amdocl12cl64.dll
2018-10-17 19:20:08 ----A---- C:\Windows\SYSWOW64\amdocl12cl.dll
2018-10-17 19:19:48 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2018-10-17 19:18:02 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2018-10-17 19:10:40 ----A---- C:\Windows\system32\coinst_18.40.dll
2018-10-17 19:03:16 ----A---- C:\Windows\system32\amduve64.dll
2018-10-17 19:03:14 ----A---- C:\Windows\SYSWOW64\amduve32.dll
2018-10-17 19:03:04 ----A---- C:\Windows\SYSWOW64\atiumdvt.dll
2018-10-17 19:02:56 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2018-10-17 19:02:50 ----A---- C:\Windows\system32\atiumd6t.dll
2018-10-17 19:02:44 ----A---- C:\Windows\system32\atiumd6a.dll
2018-10-17 19:02:40 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2018-10-17 19:02:40 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2018-10-17 19:02:40 ----A---- C:\Windows\system32\atimpc64.dll
2018-10-17 19:02:40 ----A---- C:\Windows\system32\amdpcom64.dll
2018-10-17 19:02:32 ----A---- C:\Windows\system32\amdhcp64.dll
2018-10-17 19:02:30 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2018-10-17 19:02:18 ----A---- C:\Windows\system32\amdave64.dll
2018-10-17 19:02:16 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2018-10-17 19:01:46 ----A---- C:\Windows\system32\atisamu64.dll
2018-10-17 19:01:44 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2018-10-17 19:01:28 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2018-10-17 19:01:24 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2018-10-17 19:01:20 ----A---- C:\Windows\system32\amfrt64.dll
2018-10-17 19:01:16 ----A---- C:\Windows\SYSWOW64\amfrt32.dll
2018-10-17 19:01:08 ----A---- C:\Windows\system32\amdvlk64.dll
2018-10-17 19:00:58 ----A---- C:\Windows\SYSWOW64\amdvlk32.dll
2018-10-17 19:00:52 ----A---- C:\Windows\system32\amdmmcl6.dll
2018-10-17 19:00:50 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2018-10-17 19:00:46 ----A---- C:\Windows\system32\amdmcl64.dll
2018-10-17 19:00:44 ----A---- C:\Windows\SYSWOW64\amdmcl32.dll
2018-10-17 18:59:06 ----A---- C:\Windows\system32\RapidFireServer64.dll
2018-10-17 18:59:04 ----A---- C:\Windows\SYSWOW64\RapidFireServer.dll
2018-10-17 18:59:02 ----A---- C:\Windows\system32\Rapidfire64.dll
2018-10-17 18:59:00 ----A---- C:\Windows\SYSWOW64\Rapidfire.dll
2018-10-17 18:58:58 ----A---- C:\Windows\system32\mantleaxl64.dll
2018-10-17 18:58:56 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2018-10-17 18:58:54 ----A---- C:\Windows\system32\mantle64.dll
2018-10-17 18:58:52 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2018-10-17 18:58:50 ----A---- C:\Windows\system32\ATIODE.exe
2018-10-17 18:58:48 ----A---- C:\Windows\system32\ATIODCLI.exe
2018-10-17 18:58:36 ----A---- C:\Windows\system32\amdmantle64.dll
2018-10-17 18:58:24 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2018-10-17 18:58:20 ----A---- C:\Windows\system32\amdlvr64.dll
2018-10-17 18:58:18 ----A---- C:\Windows\SYSWOW64\amdlvr32.dll
2018-10-17 18:52:54 ----A---- C:\Windows\SYSWOW64\detoured.dll
2018-10-17 18:52:54 ----A---- C:\Windows\system32\detoured.dll
2018-10-17 18:52:46 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2018-10-17 18:52:38 ----A---- C:\Windows\system32\atiumd64.dll
2018-10-17 18:52:36 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2018-10-17 18:52:34 ----A---- C:\Windows\system32\atiu9p64.dll
2018-10-17 18:52:10 ----A---- C:\Windows\system32\GameManager64.dll
2018-10-17 18:52:08 ----A---- C:\Windows\SYSWOW64\GameManager32.dll
2018-10-17 18:52:02 ----A---- C:\Windows\system32\dgtrayicon.exe
2018-10-17 18:51:54 ----A---- C:\Windows\system32\atitmm64.dll
2018-10-17 18:51:52 ----A---- C:\Windows\system32\atimuixx.dll
2018-10-17 18:51:50 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2018-10-17 18:51:48 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2018-10-17 18:51:48 ----A---- C:\Windows\system32\atiglpxx.dll
2018-10-17 18:51:46 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2018-10-17 18:51:40 ----A---- C:\Windows\system32\atiesrxx.exe
2018-10-17 18:51:36 ----A---- C:\Windows\system32\atieclxx.exe
2018-10-17 18:51:34 ----A---- C:\Windows\system32\atieah64.exe
2018-10-17 18:51:32 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2018-10-17 18:51:28 ----A---- C:\Windows\system32\atidemgy.dll
2018-10-17 18:51:20 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2018-10-17 18:50:34 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2018-10-17 18:50:32 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2018-10-17 18:50:30 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2018-10-17 12:58:08 ----A---- C:\Windows\SYSWOW64\amdihk32.dll
2018-10-17 12:58:08 ----A---- C:\Windows\system32\amdihk64.dll
2018-10-15 10:26:56 ----A---- C:\Windows\system32\drivers\VBoxNetLwf.sys
2018-10-15 10:26:56 ----A---- C:\Windows\system32\drivers\VBoxNetAdp6.sys
2018-10-14 19:08:01 ----D---- C:\Program Files (x86)\Adobe
2018-10-10 13:38:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-10-10 13:38:23 ----A---- C:\Windows\system32\mshtml.dll
2018-10-10 13:38:22 ----A---- C:\Windows\SYSWOW64\wmp.dll
2018-10-10 13:38:22 ----A---- C:\Windows\system32\wmp.dll
2018-10-10 13:38:22 ----A---- C:\Windows\system32\win32k.sys
2018-10-10 13:38:22 ----A---- C:\Windows\system32\ieframe.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\themeui.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\msrd3x40.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-10-10 13:38:21 ----A---- C:\Windows\SYSWOW64\itss.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\urlmon.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\themeui.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\termsrv.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-10-10 13:38:21 ----A---- C:\Windows\system32\msxml6.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-10 13:38:21 ----A---- C:\Windows\system32\KernelBase.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\itss.dll
2018-10-10 13:38:21 ----A---- C:\Windows\system32\drivers\ntfs.sys
2018-10-10 13:38:21 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-10-10 13:38:21 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2018-10-10 13:38:21 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2018-10-10 13:38:21 ----A---- C:\Windows\system32\diagtrack.dll
2018-10-10 13:38:20 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-10-10 13:38:20 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-10-10 13:38:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-10-10 13:38:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2018-10-10 13:38:20 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-10-10 13:38:20 ----A---- C:\Windows\system32\schannel.dll
2018-10-10 13:38:20 ----A---- C:\Windows\system32\ntdll.dll
2018-10-10 13:38:20 ----A---- C:\Windows\system32\iedkcs32.dll
2018-10-10 13:38:20 ----A---- C:\Windows\system32\hal.dll
2018-10-10 13:38:20 ----A---- C:\Windows\system32\gdi32.dll
2018-10-10 13:38:20 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-10-10 13:38:20 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-10-10 13:38:20 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-10-10 13:38:20 ----A---- C:\Windows\system32\certcli.dll
2018-10-10 13:38:19 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-10-10 13:38:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-10-10 13:38:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-10-10 13:38:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\wininet.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\vbscript.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\msfeeds.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\jscript9.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\jscript.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\iertutil.dll
2018-10-10 13:38:19 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-10-10 13:38:19 ----A---- C:\Windows\system32\cdd.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-10-10 13:38:18 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\webcheck.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\UtcResources.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\smss.exe
2018-10-10 13:38:18 ----A---- C:\Windows\system32\rpcrt4.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\occache.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\msrating.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\mshtmled.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\lsasrv.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\kerberos.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\jsproxy.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\jscript9diag.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\ieui.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\ieapfltr.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\dxtrans.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\dxtmsft.dll
2018-10-10 13:38:18 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-10-10 13:38:17 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\wow64win.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\winsrv.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\srcore.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\spwmp.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\ncrypt.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\msv1_0.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\kernel32.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\inseng.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\ieUnatt.exe
2018-10-10 13:38:17 ----A---- C:\Windows\system32\iesetup.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\iernonce.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-10-10 13:38:17 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-10-10 13:38:17 ----A---- C:\Windows\system32\ie4uinit.exe
2018-10-10 13:38:17 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-10-10 13:38:17 ----A---- C:\Windows\system32\advapi32.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\itircl.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-10-10 13:38:16 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\wow64cpu.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\wow64.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\wdigest.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\TSpkg.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\sspisrv.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\sspicli.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\srclient.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\secur32.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\rstrui.exe
2018-10-10 13:38:16 ----A---- C:\Windows\system32\rpchttp.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\ntvdm64.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\lsass.exe
2018-10-10 13:38:16 ----A---- C:\Windows\system32\itircl.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\dxmasf.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\drivers\processr.sys
2018-10-10 13:38:16 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-10-10 13:38:16 ----A---- C:\Windows\system32\drivers\appid.sys
2018-10-10 13:38:16 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-10-10 13:38:16 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-10-10 13:38:16 ----A---- C:\Windows\system32\csrsrv.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\cryptbase.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\credssp.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\conhost.exe
2018-10-10 13:38:16 ----A---- C:\Windows\system32\bcrypt.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\appidsvc.dll
2018-10-10 13:38:16 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-10-10 13:38:16 ----A---- C:\Windows\system32\appidapi.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 13:38:15 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\user.exe
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-10-10 13:38:15 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-10-10 13:38:15 ----A---- C:\Windows\system32\wmploc.DLL
2018-10-10 13:38:15 ----A---- C:\Windows\system32\auditpol.exe
2018-10-10 13:38:15 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-10-10 13:38:15 ----A---- C:\Windows\system32\apisetschema.dll
2018-10-10 13:38:15 ----A---- C:\Windows\system32\aeinv.dll
2018-10-10 13:38:14 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2018-10-10 13:38:14 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-10-10 13:38:14 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-10-10 13:38:14 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-10-10 13:38:14 ----A---- C:\Windows\system32\msxml6r.dll
2018-10-10 13:38:14 ----A---- C:\Windows\system32\msobjs.dll
2018-10-10 13:38:14 ----A---- C:\Windows\system32\msaudite.dll
2018-10-10 13:38:14 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-10-10 13:38:14 ----A---- C:\Windows\system32\adtschema.dll
2018-10-09 16:08:58 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2018-10-09 16:08:57 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2018-10-08 21:26:05 ----DC---- C:\Windows\system32\DRVSTORE

======List of files/folders modified in the last 1 month======

2018-11-04 22:53:12 ----D---- C:\Windows\Prefetch
2018-11-04 22:53:08 ----RD---- C:\Program Files
2018-11-04 22:52:25 ----D---- C:\Windows\Temp
2018-11-04 22:52:22 ----D---- C:\Windows
2018-11-04 22:38:59 ----D---- C:\Windows\System32
2018-11-04 22:38:59 ----D---- C:\Windows\inf
2018-11-04 22:38:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-11-04 22:33:56 ----D---- C:\Windows\system32\drivers
2018-11-04 17:47:51 ----D---- C:\Windows\system32\config
2018-11-04 10:54:25 ----SHD---- C:\System Volume Information
2018-11-02 12:13:47 ----D---- C:\Windows\system32\catroot2
2018-11-01 18:27:32 ----RD---- C:\Program Files (x86)
2018-11-01 14:00:18 ----D---- C:\Program Files\Mozilla Firefox
2018-11-01 14:00:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-31 12:07:24 ----D---- C:\Windows\winsxs
2018-10-31 11:17:37 ----SHD---- C:\Windows\Installer
2018-10-31 11:17:37 ----SHD---- C:\Config.Msi
2018-10-31 11:17:37 ----SD---- C:\Users\Tomas\AppData\Roaming\Microsoft
2018-10-30 13:04:20 ----D---- C:\Windows\Minidump
2018-10-29 19:03:07 ----D---- C:\Windows\system32\wdi
2018-10-28 11:12:47 ----D---- C:\Windows\system32\Tasks
2018-10-28 11:11:58 ----D---- C:\Program Files\Common Files
2018-10-28 11:10:14 ----HD---- C:\ProgramData
2018-10-27 18:06:41 ----D---- C:\Users\Tomas\AppData\Roaming\vlc
2018-10-25 15:44:01 ----D---- C:\Windows\system32\catroot
2018-10-25 15:41:05 ----D---- C:\Program Files\AMD
2018-10-25 15:40:52 ----D---- C:\Windows\SysWOW64
2018-10-25 15:40:43 ----D---- C:\Program Files (x86)\AMD
2018-10-25 15:39:11 ----D---- C:\Windows\system32\DriverStore
2018-10-25 15:38:24 ----D---- C:\Program Files (x86)\VulkanRT
2018-10-25 15:38:15 ----D---- C:\ProgramData\Package Cache
2018-10-25 15:35:57 ----D---- C:\AMD
2018-10-25 15:35:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-10-25 15:35:21 ----D---- C:\Windows\system32\Macromed
2018-10-25 15:35:20 ----D---- C:\Windows\SYSWOW64\Macromed
2018-10-18 22:30:16 ----D---- C:\Users\Tomas\AppData\Roaming\VDownloader
2018-10-17 19:17:58 ----A---- C:\Windows\system32\atio6axx.dll
2018-10-17 18:59:36 ----A---- C:\Windows\system32\atidxx64.dll
2018-10-17 18:59:28 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2018-10-17 18:59:22 ----A---- C:\Windows\system32\aticfx64.dll
2018-10-17 18:59:20 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2018-10-17 18:52:52 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2018-10-17 18:52:50 ----A---- C:\Windows\system32\atiuxp64.dll
2018-10-17 18:51:44 ----A---- C:\Windows\system32\atig6txx.dll
2018-10-17 18:51:42 ----A---- C:\Windows\system32\atig6pxx.dll
2018-10-17 18:51:20 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2018-10-17 18:51:18 ----A---- C:\Windows\system32\atiadlxx.dll
2018-10-17 12:55:01 ----RSD---- C:\Windows\assembly
2018-10-17 12:54:59 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-10-17 12:54:06 ----D---- C:\Program Files\Microsoft Office 15
2018-10-15 22:48:26 ----N---- C:\Windows\system32\MpSigStub.exe
2018-10-14 19:07:54 ----D---- C:\ProgramData\Adobe
2018-10-11 13:45:59 ----D---- C:\Windows\rescache
2018-10-11 12:53:48 ----D---- C:\Program Files\Internet Explorer
2018-10-11 12:53:47 ----D---- C:\Program Files\Windows Media Player
2018-10-11 12:53:47 ----D---- C:\Program Files (x86)\Internet Explorer
2018-10-11 12:53:46 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-10-11 12:53:46 ----D---- C:\Windows\SYSWOW64\en-US
2018-10-11 12:53:46 ----D---- C:\Program Files (x86)\Windows Media Player
2018-10-11 12:53:43 ----D---- C:\Windows\system32\sk-SK
2018-10-11 12:53:43 ----D---- C:\Windows\system32\en-US
2018-10-11 12:53:40 ----D---- C:\Windows\AppPatch
2018-10-11 12:53:37 ----D---- C:\Windows\system32\Boot
2018-10-10 21:45:44 ----D---- C:\Windows\system32\MRT
2018-10-10 21:44:31 ----AC---- C:\Windows\system32\MRT.exe
2018-10-09 14:24:09 ----D---- C:\Program Files (x86)\Common Files
2018-10-09 14:24:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-10-08 21:18:15 ----D---- C:\Users\Tomas\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-04-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2018-06-21 15232]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2018-10-15 984512]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [2018-10-15 223000]
R1 VBoxUSBMon;VirtualBox USB Monitor Service; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2018-10-15 168824]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 32544]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2018-10-17 47489928]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2018-10-17 580488]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2018-09-26 104840]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2016-11-09 5437960]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 786416]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-26 805088]
R3 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2018-10-15 213216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20); C:\Windows\system32\DRIVERS\RtTeam620.sys [2012-07-03 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan620.sys [2012-09-01 32400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2018-10-17 498568]
R2 AUEPLauncher;AMD User Experience Program Launcher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [2018-10-17 43008]
R2 ClickToRunSvc;Služba Klikni a spusti balíka Microsoft Office; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2017-12-12 3058392]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2018-05-27 5132888]
S2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [2018-06-21 382424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-08-30 103552]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-08-30 124024]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-25 335872]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-09-18 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-01 216528]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-07-18 160960]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2018-06-21 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-08-30 50808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-08-30 139896]

-----------------EOF-----------------

Prikladám Logy z programu FRST.

#2 Příspěvek od **Conder** » 04 lis 2018 23:17

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

7777 · #3 Příspěvek od **7777** » 04 lis 2018 23:25

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-04-2018
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\DriverAgent Plus

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1283 octets] - [04/11/2018 23:20:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 05 lis 2018 01:42

Poprosim o obidva nove logy z FRST.

7777 · #5 Příspěvek od **7777** » 05 lis 2018 09:19

Log FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Tomas (administrator) on TOMAS-PC (05-11-2018 09:13:57)
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas & (Available Profiles: Tomas & Mama)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(f.lux Software LLC) C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\...\Run: [VDownloader] => C:\Program Files\VDownloader\Vdownloader4.exe [13982720 2018-07-27] (Vitzo)
HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\...\Run: [f.lux] => C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\...\Run: [VDownloader] => C:\Program Files\VDownloader\Vdownloader4.exe [13982720 2018-07-27] (Vitzo)
HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\...\Run: [f.lux] => C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-10-31]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2018-11-05]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{33F439EF-F952-4479-AB65-58864DBB94ED}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2543206313-2728872151-1076819596-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033310 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-06-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-06-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-06-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2018-06-22] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-06-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: viea99ai.default
FF ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\viea99ai.default [2018-11-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-06-22] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2018-06-21] (ASUSTeK Computer Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2018-10-17] (AMD) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-06-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-11-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63768 2018-11-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [101200 2018-11-05] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [213216 2018-10-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [223000 2018-10-15] (Oracle Corporation)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 09:09 - 2018-11-05 09:10 - 000101200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-11-05 09:09 - 2018-11-05 09:09 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-05 09:09 - 2018-11-05 09:09 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-11-05 09:09 - 2018-11-05 09:09 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-11-04 23:22 - 2018-11-04 23:22 - 000003304 ____N C:\bootsqm.dat
2018-11-04 23:19 - 2018-11-04 23:20 - 000000000 ____D C:\AdwCleaner
2018-11-04 23:19 - 2018-11-04 23:19 - 007592144 _____ (Malwarebytes) C:\Users\Tomas\Desktop\adwcleaner_7.2.4.0.exe
2018-11-04 23:13 - 2018-11-04 23:13 - 000000000 ____D C:\Users\Tomas\AppData\Local\mbam
2018-11-04 23:12 - 2018-11-04 23:12 - 078919240 _____ (Malwarebytes ) C:\Users\Tomas\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7689.exe
2018-11-04 23:12 - 2018-11-04 23:12 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-11-04 23:12 - 2018-11-04 23:12 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-04 23:12 - 2018-11-04 23:12 - 000000000 ____D C:\Users\Tomas\AppData\Local\mbamtray
2018-11-04 23:12 - 2018-11-04 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-04 23:12 - 2018-11-04 23:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-04 23:12 - 2018-11-04 23:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-04 23:12 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 23:09 - 2018-11-04 23:10 - 018072104 _____ (Piriform Ltd) C:\Users\Tomas\Downloads\ccsetup548.exe
2018-11-04 22:53 - 2018-11-04 22:53 - 000000000 ____D C:\rsit
2018-11-04 22:53 - 2018-11-04 22:53 - 000000000 ____D C:\Program Files\trend micro
2018-11-04 22:52 - 2018-11-04 22:52 - 001222144 _____ C:\Users\Tomas\Desktop\RSITx64.exe
2018-11-04 22:52 - 2018-11-04 22:52 - 000024152 _____ C:\Users\Tomas\Desktop\Addition.txt
2018-11-04 22:51 - 2018-11-05 09:14 - 000010930 _____ C:\Users\Tomas\Desktop\FRST.txt
2018-11-04 22:51 - 2018-11-05 09:13 - 000000000 ____D C:\FRST
2018-11-04 22:50 - 2018-11-04 22:50 - 002414592 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe
2018-11-04 22:41 - 2018-11-04 22:47 - 000007656 _____ C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2018-11-04 22:31 - 2018-11-04 22:31 - 010081256 _____ (AVAST Software) C:\Users\Tomas\Downloads\avastclear.exe
2018-11-01 18:27 - 2018-11-01 18:27 - 000000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2018-11-01 18:27 - 2018-11-01 18:27 - 000000000 ____D C:\Program Files (x86)\NirSoft
2018-10-31 14:45 - 2018-10-31 14:45 - 006220854 _____ C:\Users\Tomas\Desktop\Nová bitová mapa (6).bmp
2018-10-31 11:17 - 2018-10-31 11:17 - 000001166 _____ C:\Users\Tomas\Desktop\Facebook Gameroom.lnk
2018-10-31 11:17 - 2018-10-31 11:17 - 000000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2018-10-31 11:17 - 2018-10-31 11:17 - 000000000 ____D C:\Users\Tomas\AppData\Local\Facebook
2018-10-28 15:27 - 2018-10-28 15:27 - 000000000 ____D C:\Users\Mama\AppData\Local\CEF
2018-10-28 11:13 - 2018-11-04 22:33 - 000000000 ____D C:\Users\Tomas\AppData\Local\AVAST Software
2018-10-28 11:12 - 2018-11-04 17:37 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-10-28 11:12 - 2018-11-02 15:12 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-10-28 11:11 - 2018-11-04 22:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-10-28 11:10 - 2018-11-04 22:33 - 000000000 ____D C:\ProgramData\AVAST Software
2018-10-25 18:37 - 2018-11-04 17:37 - 000003212 _____ C:\Windows\System32\Tasks\{FD71D871-62FF-4A16-8846-FC7C50C3B902}
2018-10-25 15:56 - 2018-11-04 17:37 - 000002962 _____ C:\Windows\System32\Tasks\{DE625553-497B-4B8C-9831-81C351E8F5B1}
2018-10-25 15:41 - 2018-10-25 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-10-25 15:40 - 2018-11-04 17:37 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-10-25 15:40 - 2018-11-04 17:37 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-10-19 20:31 - 2018-11-04 17:37 - 000003164 _____ C:\Windows\System32\Tasks\{6AFF36D5-8D42-4A45-80CE-07ADAC689743}
2018-10-19 20:31 - 2018-10-19 20:31 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-10-19 20:31 - 2018-10-19 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-10-19 20:31 - 2018-10-19 20:31 - 000000000 ____D C:\Program Files\Oracle
2018-10-19 19:55 - 2018-10-19 19:55 - 000000005 _____ C:\Users\Tomas\Desktop\Nový textový dokument (9).txt
2018-10-19 19:51 - 2018-10-19 19:51 - 000000005 _____ C:\Users\Tomas\Desktop\Nový textový dokument (8).txt
2018-10-17 19:21 - 2018-10-17 19:21 - 000330120 _____ C:\Windows\system32\clinfo.exe
2018-10-17 19:21 - 2018-10-17 19:21 - 000169352 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-10-17 19:21 - 2018-10-17 19:21 - 000145288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-10-17 19:20 - 2018-10-17 19:20 - 060227976 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2018-10-17 19:20 - 2018-10-17 19:20 - 026472840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2018-10-17 19:20 - 2018-10-17 19:20 - 021152136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2018-10-17 19:19 - 2018-10-17 19:19 - 049507720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2018-10-17 19:18 - 2018-10-17 19:18 - 031442312 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2018-10-17 19:10 - 2018-10-17 19:10 - 001578376 _____ (AMD) C:\Windows\system32\coinst_18.40.dll
2018-10-17 19:03 - 2018-10-17 19:03 - 012050680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdvt.dll
2018-10-17 19:03 - 2018-10-17 19:03 - 000166240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2018-10-17 19:03 - 2018-10-17 19:03 - 000140448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 012673824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6t.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 012586280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 011979592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000188112 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000162368 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000134040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000113952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2018-10-17 19:02 - 2018-10-17 19:02 - 000102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2018-10-17 19:01 - 2018-10-17 19:01 - 047489928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-10-17 19:01 - 2018-10-17 19:01 - 016635272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2018-10-17 19:01 - 2018-10-17 19:01 - 003699080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2018-10-17 19:01 - 2018-10-17 19:01 - 003327368 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2018-10-17 19:01 - 2018-10-17 19:01 - 000150408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2018-10-17 19:01 - 2018-10-17 19:01 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2018-10-17 19:01 - 2018-10-17 19:01 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-10-17 19:00 - 2018-10-17 19:00 - 014363016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2018-10-17 19:00 - 2018-10-17 19:00 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2018-10-17 19:00 - 2018-10-17 19:00 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2018-10-17 19:00 - 2018-10-17 19:00 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2018-10-17 19:00 - 2018-10-17 19:00 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2018-10-17 18:59 - 2018-10-17 18:59 - 000561544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2018-10-17 18:59 - 2018-10-17 18:59 - 000472456 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2018-10-17 18:59 - 2018-10-17 18:59 - 000036744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2018-10-17 18:59 - 2018-10-17 18:59 - 000033672 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 014674824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 012417928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000910728 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000741256 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2018-10-17 18:58 - 2018-10-17 18:58 - 000174984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000153480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000143752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000128904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2018-10-17 18:58 - 2018-10-17 18:58 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2018-10-17 18:52 - 2018-10-17 18:52 - 012931824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 010528288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 000482696 _____ C:\Windows\system32\dgtrayicon.exe
2018-10-17 18:52 - 2018-10-17 18:52 - 000467336 _____ C:\Windows\system32\GameManager64.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 000372104 _____ C:\Windows\SysWOW64\GameManager32.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 000188624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 000154128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2018-10-17 18:52 - 2018-10-17 18:52 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 001182600 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 000743816 _____ (AMD) C:\Windows\system32\atieclxx.exe
2018-10-17 18:51 - 2018-10-17 18:51 - 000580488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2018-10-17 18:51 - 2018-10-17 18:51 - 000498568 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2018-10-17 18:51 - 2018-10-17 18:51 - 000488840 _____ (AMD) C:\Windows\system32\atitmm64.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 000422792 _____ C:\Windows\system32\atieah64.exe
2018-10-17 18:51 - 2018-10-17 18:51 - 000339848 _____ C:\Windows\SysWOW64\atieah32.exe
2018-10-17 18:51 - 2018-10-17 18:51 - 000208776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 000134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 000134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2018-10-17 18:51 - 2018-10-17 18:51 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2018-10-17 18:50 - 2018-10-17 18:50 - 000456072 _____ C:\Windows\system32\amdgfxinfo64.dll
2018-10-17 18:50 - 2018-10-17 18:50 - 000368008 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2018-10-17 18:50 - 2018-10-17 18:50 - 000223624 _____ C:\Windows\system32\Drivers\amdacpksd.sys
2018-10-17 18:48 - 2018-10-17 18:48 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2018-10-17 18:48 - 2018-10-17 18:48 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2018-10-17 18:39 - 2018-10-17 18:39 - 000899920 _____ C:\Windows\SysWOW64\atiapfxx.blb
2018-10-17 18:39 - 2018-10-17 18:39 - 000899920 _____ C:\Windows\system32\atiapfxx.blb
2018-10-17 12:58 - 2018-10-17 12:58 - 000166728 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2018-10-17 12:58 - 2018-10-17 12:58 - 000137888 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2018-10-17 11:25 - 2018-10-17 11:25 - 000000000 ____D C:\Users\Mama\.VirtualBox
2018-10-15 10:26 - 2018-10-15 10:26 - 000223000 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2018-10-15 10:26 - 2018-10-15 10:26 - 000213216 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2018-10-14 19:08 - 2018-10-24 15:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-14 19:08 - 2018-10-14 19:08 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-10-14 19:08 - 2018-10-14 19:08 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-11 19:19 - 2018-10-11 19:20 - 000000017 _____ C:\Users\Tomas\Documents\Nový textový dokument.txt
2018-10-11 19:16 - 2018-10-11 19:17 - 000000025 _____ C:\Users\Tomas\Desktop\Nový textový dokument (7).txt
2018-10-11 19:14 - 2018-10-11 20:30 - 000000000 ___RD C:\Users\Tomas\Desktop\Nový priečinok - kópia (3)
2018-10-11 19:14 - 2018-10-11 20:30 - 000000000 ___RD C:\Users\Tomas\Desktop\Nový priečinok - kópia (2)
2018-10-11 19:14 - 2018-10-11 20:29 - 000000000 ___RD C:\Users\Tomas\Desktop\Nový priečinok - kópia (10)
2018-10-11 19:11 - 2018-10-12 16:21 - 000000000 ___RD C:\Users\Tomas\Documents\Praca
2018-10-11 18:54 - 2018-10-11 18:54 - 000000000 ____D C:\Users\Tomas\AppData\LocalLow\Temp
2018-10-10 16:27 - 2018-11-04 17:37 - 000003164 _____ C:\Windows\System32\Tasks\{B5397D5B-8499-4D69-BFFA-08B9FA38FEAD}
2018-10-10 13:38 - 2018-09-19 09:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-10 13:38 - 2018-09-18 20:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-10 13:38 - 2018-09-18 19:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-10 13:38 - 2018-09-18 06:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-10 13:38 - 2018-09-18 06:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-10 13:38 - 2018-09-18 06:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-10 13:38 - 2018-09-18 06:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-10 13:38 - 2018-09-18 06:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-10 13:38 - 2018-09-18 06:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-10 13:38 - 2018-09-18 06:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-10 13:38 - 2018-09-18 06:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-10 13:38 - 2018-09-18 06:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-10 13:38 - 2018-09-18 06:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-10 13:38 - 2018-09-18 06:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-10 13:38 - 2018-09-18 06:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-10 13:38 - 2018-09-18 06:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-10 13:38 - 2018-09-18 06:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-10 13:38 - 2018-09-18 06:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-10 13:38 - 2018-09-18 06:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-10 13:38 - 2018-09-18 06:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-10 13:38 - 2018-09-18 06:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-10 13:38 - 2018-09-18 06:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-10 13:38 - 2018-09-18 06:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-10 13:38 - 2018-09-18 06:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-10 13:38 - 2018-09-18 06:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-10 13:38 - 2018-09-18 05:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-10 13:38 - 2018-09-18 05:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-10 13:38 - 2018-09-18 05:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-10 13:38 - 2018-09-18 05:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-10 13:38 - 2018-09-18 05:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-10 13:38 - 2018-09-18 05:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-10 13:38 - 2018-09-18 05:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-10 13:38 - 2018-09-18 05:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-10 13:38 - 2018-09-18 05:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-10 13:38 - 2018-09-18 05:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-10 13:38 - 2018-09-18 05:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-10 13:38 - 2018-09-18 05:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-10 13:38 - 2018-09-18 05:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-10 13:38 - 2018-09-18 05:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-10 13:38 - 2018-09-18 05:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-10 13:38 - 2018-09-18 05:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-10 13:38 - 2018-09-18 05:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-10 13:38 - 2018-09-18 05:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-10 13:38 - 2018-09-18 05:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-10 13:38 - 2018-09-18 05:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-10 13:38 - 2018-09-18 05:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-10 13:38 - 2018-09-18 05:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-10 13:38 - 2018-09-18 05:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-10 13:38 - 2018-09-18 05:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-10 13:38 - 2018-09-18 05:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-10 13:38 - 2018-09-18 05:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-10 13:38 - 2018-09-18 05:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-10 13:38 - 2018-09-18 05:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-10 13:38 - 2018-09-18 05:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-10 13:38 - 2018-09-18 05:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-10 13:38 - 2018-09-18 05:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-10 13:38 - 2018-09-18 05:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-10 13:38 - 2018-09-18 04:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-10 13:38 - 2018-09-18 04:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-10 13:38 - 2018-09-18 04:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-10 13:38 - 2018-09-18 04:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-10 13:38 - 2018-09-18 04:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-10 13:38 - 2018-09-18 04:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-10 13:38 - 2018-09-18 04:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-10 13:38 - 2018-09-18 04:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-10 13:38 - 2018-09-18 04:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-10 13:38 - 2018-09-18 04:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-10 13:38 - 2018-09-18 04:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-10 13:38 - 2018-09-18 04:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-10 13:38 - 2018-09-11 19:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-10 13:38 - 2018-09-11 19:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-10 13:38 - 2018-09-11 19:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-10 13:38 - 2018-09-09 02:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-10 13:38 - 2018-09-09 02:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-10 13:38 - 2018-09-09 02:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-10 13:38 - 2018-09-09 02:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-10 13:38 - 2018-09-09 02:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-10 13:38 - 2018-09-09 02:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-10 13:38 - 2018-09-09 02:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-10 13:38 - 2018-09-09 02:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-10 13:38 - 2018-09-09 02:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-10 13:38 - 2018-09-09 02:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-10 13:38 - 2018-09-09 01:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-10 13:38 - 2018-09-09 01:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-10 13:38 - 2018-09-09 01:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-10 13:38 - 2018-09-09 01:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-10 13:38 - 2018-09-09 01:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-10 13:38 - 2018-09-09 01:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-10 13:38 - 2018-09-09 01:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-10 13:38 - 2018-09-09 01:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-10 13:38 - 2018-09-09 01:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-10 13:38 - 2018-09-09 01:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-10 13:38 - 2018-09-09 01:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-10 13:38 - 2018-09-09 01:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-10 13:38 - 2018-09-09 01:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-10 13:38 - 2018-09-09 01:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-10 13:38 - 2018-09-09 01:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-10 13:38 - 2018-09-09 01:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-10 13:38 - 2018-09-09 01:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-10 13:38 - 2018-09-09 01:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-10 13:38 - 2018-09-09 01:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-10 13:38 - 2018-09-09 01:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-10 13:38 - 2018-09-09 01:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-10 13:38 - 2018-09-09 01:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-10 13:38 - 2018-09-09 01:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-10 13:38 - 2018-09-09 01:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-10 13:38 - 2018-09-09 01:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-10 13:38 - 2018-09-09 01:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 13:38 - 2018-09-09 01:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-10 13:38 - 2018-08-28 07:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-10 13:38 - 2018-08-28 07:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-10 13:38 - 2018-08-28 07:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-10 13:38 - 2018-08-28 07:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-10 13:38 - 2018-08-28 07:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-10 13:38 - 2018-08-28 07:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-10 13:38 - 2018-08-28 07:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-10 13:38 - 2018-08-28 06:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-10 13:38 - 2018-08-28 06:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-10 13:38 - 2018-08-28 06:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-10 13:38 - 2018-08-16 03:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-10 13:38 - 2018-08-13 22:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-10 13:38 - 2018-08-13 16:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-10 13:38 - 2018-08-12 21:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-10 13:38 - 2018-08-12 21:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-10 13:38 - 2018-08-08 16:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-10 13:38 - 2018-08-08 16:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-10 13:38 - 2018-08-08 16:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-10 13:38 - 2018-08-08 16:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-10-09 16:08 - 2018-10-15 10:27 - 000168824 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2018-10-09 16:08 - 2018-10-15 10:26 - 000984512 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2018-10-08 21:37 - 2018-10-08 21:37 - 000000000 ____D C:\Users\Tomas\VirtualBox VMs
2018-10-08 21:26 - 2018-10-31 18:00 - 000000000 ____D C:\Users\Tomas\.VirtualBox
2018-10-07 11:02 - 2018-10-07 11:02 - 006220854 _____ C:\Users\Tomas\Desktop\Nová bitová mapa (5).bmp
2018-10-07 10:59 - 2018-10-07 10:59 - 006220854 _____ C:\Users\Tomas\Desktop\Nová bitová mapa (4).bmp
2018-10-07 10:51 - 2018-10-07 10:51 - 006220854 _____ C:\Users\Tomas\Desktop\Nová bitová mapa (3).bmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 09:13 - 2018-06-21 19:21 - 000000000 ____D C:\Users\Tomas\AppData\LocalLow\Mozilla
2018-11-05 09:13 - 2009-07-14 06:13 - 000782578 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-05 09:13 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-11-05 09:08 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-04 23:42 - 2018-06-21 20:00 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-11-04 23:31 - 2009-07-14 05:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-04 23:31 - 2009-07-14 05:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-04 17:37 - 2018-09-29 14:10 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-04 17:37 - 2018-07-17 19:38 - 000003146 _____ C:\Windows\System32\Tasks\{737BA6CD-039B-4693-8597-2B7184E94CB4}
2018-11-04 17:37 - 2018-07-13 21:39 - 000003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3520 series
2018-11-04 17:37 - 2018-07-05 18:02 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-04 17:37 - 2018-07-05 18:02 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-04 17:37 - 2018-06-21 22:38 - 000003342 _____ C:\Windows\System32\Tasks\{F91B1BC8-4F4C-4072-83C8-9CB25F2E0BA0}
2018-11-03 14:45 - 2018-06-24 14:36 - 000000000 ____D C:\Users\Mama\AppData\LocalLow\Mozilla
2018-11-01 14:00 - 2018-06-21 19:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-01 14:00 - 2018-06-21 19:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-31 11:49 - 2018-06-21 22:47 - 000000000 ____D C:\Users\Tomas\AppData\LocalLow\AMD
2018-10-30 13:04 - 2018-09-25 17:31 - 000000000 ____D C:\Windows\Minidump
2018-10-28 15:16 - 2018-06-24 14:36 - 000106592 _____ C:\Users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-27 18:06 - 2018-06-21 19:53 - 000000000 ____D C:\Users\Tomas\AppData\Roaming\vlc
2018-10-25 15:44 - 2009-07-14 05:45 - 000476040 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-25 15:42 - 2018-06-21 19:11 - 000106592 _____ C:\Users\Tomas\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-25 15:41 - 2018-06-21 19:47 - 000000000 ____D C:\Program Files\AMD
2018-10-25 15:40 - 2018-07-15 07:46 - 000000000 ____D C:\Program Files (x86)\AMD
2018-10-25 15:38 - 2018-06-21 19:52 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-10-25 15:38 - 2018-06-21 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-25 15:37 - 2018-07-15 07:36 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-10-25 15:35 - 2018-07-05 18:02 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-25 15:35 - 2018-07-05 18:02 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-25 15:35 - 2018-07-05 18:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-25 15:35 - 2018-07-05 18:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-25 15:35 - 2018-07-05 18:01 - 000000000 ____D C:\Users\Tomas\AppData\Local\Adobe
2018-10-25 15:35 - 2018-06-21 19:13 - 000000000 ____D C:\AMD
2018-10-18 22:30 - 2018-07-12 16:47 - 000000000 ____D C:\Users\Tomas\AppData\Roaming\VDownloader
2018-10-18 22:02 - 2018-07-12 16:10 - 000000000 ____D C:\Users\Tomas\AppData\Local\VDownloader
2018-10-18 19:38 - 2018-09-23 21:32 - 000000000 ____D C:\Users\Tomas\AppData\LocalLow\Adobe
2018-10-17 19:17 - 2018-06-07 12:42 - 038328200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2018-10-17 18:59 - 2018-06-07 12:43 - 016039816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2018-10-17 18:59 - 2018-06-07 12:43 - 013411280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2018-10-17 18:59 - 2018-06-07 12:43 - 001926240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2018-10-17 18:59 - 2018-06-07 12:43 - 001568288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2018-10-17 18:52 - 2018-06-07 12:46 - 000204616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2018-10-17 18:52 - 2018-06-07 12:46 - 000172144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2018-10-17 18:51 - 2018-07-11 19:01 - 001182600 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2018-10-17 18:51 - 2018-06-07 12:45 - 000240008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2018-10-17 18:51 - 2018-06-07 12:45 - 000158088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2018-10-17 18:51 - 2018-06-07 12:44 - 001619848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-10-17 12:54 - 2018-06-22 11:11 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-17 12:54 - 2018-06-22 11:10 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-10-17 11:25 - 2018-06-24 14:35 - 000000000 ____D C:\Users\Mama
2018-10-16 16:23 - 2018-08-06 15:51 - 000000000 ____D C:\Users\Mama\AppData\Roaming\vlc
2018-10-15 22:48 - 2010-11-21 04:27 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-14 19:07 - 2018-08-12 11:57 - 000000000 ____D C:\ProgramData\Adobe
2018-10-11 13:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-10-10 21:45 - 2018-06-21 20:53 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 21:44 - 2018-06-21 20:53 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-09 14:24 - 2018-06-21 19:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-08 21:37 - 2018-06-21 19:10 - 000000000 ____D C:\Users\Tomas
2018-10-08 21:18 - 2018-06-21 21:49 - 000000000 ____D C:\Users\Tomas\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2018-11-04 22:41 - 2018-11-04 22:47 - 000007656 _____ () C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-04 11:53

==================== End of FRST.txt ============================

Log Z ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Tomas (05-11-2018 09:14:31)
Running from C:\Users\Tomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-06-21 18:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2543206313-2728872151-1076819596-500 - Administrator - Disabled)
Guest (S-1-5-21-2543206313-2728872151-1076819596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2543206313-2728872151-1076819596-1002 - Limited - Enabled)
Mama (S-1-5-21-2543206313-2728872151-1076819596-1003 - Limited - Enabled) => C:\Users\Mama
Tomas (S-1-5-21-2543206313-2728872151-1076819596-1000 - Administrator - Enabled) => C:\Users\Tomas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.10.1 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Battle for Wesnoth 1.14.4 (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\...\Battle for Wesnoth 1.14.4) (Version: 1.14.4 - )
Battle for Wesnoth 1.14.4 (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\...\Battle for Wesnoth 1.14.4) (Version: 1.14.4 - )
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
f.lux (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\...\Flux) (Version: - f.lux Software LLC)
f.lux (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\...\Flux) (Version: - f.lux Software LLC)
Facebook Gameroom 1.21.6876.32656 (HKLM-x32\...\{A94D2051-8788-491C-801D-3965026D2718}) (Version: 1.21.6876.32656 - Facebook)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
LibreOffice 6.0.3.2 (HKLM-x32\...\{B9CD6885-2F5E-4C82-A2DC-B644D0929878}) (Version: 6.0.3.2 - The Document Foundation)
Malwarebytes verzia 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2013 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 15.0.5075.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{0E8D886F-3205-4472-848E-990F400FF218}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{68ADAEAA-DABD-45C1-9CC2-F995407549CD}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
Mozilla Firefox 63.0.1 (x64 sk) (HKLM\...\Mozilla Firefox 63.0.1 (x64 sk)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Northland: Cesta na sever 1.04 (HKLM-x32\...\Northland: Cesta na sever_is1) (Version: - Cinemax, s.r.o. & Hype, s.r.o.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.7 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.2.20 (HKLM\...\{B7EC6E32-AA9F-4EC8-ACE6-1DCECE6E4C08}) (Version: 5.2.20 - Oracle Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.6 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 9.0a - Ghisler Software GmbH)
VDownloader 4.5.2973 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\...\WinDirStat) (Version: - )
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-06-30] ()
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0FBE8F-5D33-4A5D-8D1D-F68B1DB8EEAE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {13BD40ED-78C4-44CC-8E6E-7901D5952CE4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {1625F5AB-AF14-4A99-B4B1-F2CD8AFB1DFB} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-10-17] (Advanced Micro Devices, Inc.)
Task: {16615618-0CBE-4065-8F6C-CBBF81BAC252} - System32\Tasks\{FD71D871-62FF-4A16-8846-FC7C50C3B902} => C:\Windows\system32\pcalua.exe -a D:\Tento_PC\Software\Hry\Facebook_Gameroom\FacebookGameroom.exe -d D:\Tento_PC\Software\Hry\Facebook_Gameroom
Task: {1BC4F091-D784-496B-A23C-D5D77F9E8B32} - System32\Tasks\{B5397D5B-8499-4D69-BFFA-08B9FA38FEAD} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\VirtualBox-5.2.18-124319-Win.exe -d C:\Users\Tomas\Downloads
Task: {25377908-9B5C-441A-8363-D9B75858B774} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {38F18165-DD4E-4FBD-94D6-6ABD231AE14A} - System32\Tasks\{737BA6CD-039B-4693-8597-2B7184E94CB4} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\FacebookGameroom(1).exe -d C:\Users\Tomas\Downloads
Task: {4A541BBA-2550-488B-9E64-BB22239EB4A9} - System32\Tasks\{F91B1BC8-4F4C-4072-83C8-9CB25F2E0BA0} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\ISCT_Win7-8-8-1_VER42412549\ISCT_Win7-8-8-1_VER42412549\Setup.exe -d C:\Users\Tomas\Downloads\ISCT_Win7-8-8-1_VER42412549\ISCT_Win7-8-8-1_VER42412549
Task: {633ABE71-A9C2-4BA7-A703-1A9F34605F42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {7A6F9858-C2B2-4FEF-BCF2-6FFC1E318A4D} - System32\Tasks\{6AFF36D5-8D42-4A45-80CE-07ADAC689743} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\VirtualBox-5.2.20-125813-Win.exe -d C:\Users\Tomas\Downloads
Task: {812FF5C5-2F18-4CB0-B53A-29B425EEEBB8} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8B187DDC-F9A7-4344-B618-5C736AB8F65E} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-10-17] (Advanced Micro Devices, Inc.)
Task: {8EC30914-F08A-441F-B9BB-4C50EB4BE5CB} - System32\Tasks\{DE625553-497B-4B8C-9831-81C351E8F5B1} => C:\Users\Tomas\Downloads\FacebookGameroom(1).exe
Task: {994F1ED9-389A-4E69-8DC6-D61171999248} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-25] (Adobe Systems Incorporated)
Task: {A035F8C7-2FD0-4FED-AE7C-AE778AB1E29D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-25] (Adobe Systems Incorporated)
Task: {B2259D70-C312-44E8-90BB-87553DB5D2D8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {C0BAC22D-7779-4522-A519-4D675C43DC42} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {DA554092-45F1-4143-8A36-E566444E41B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {FE323380-B646-4538-9DEB-499F1D3DC1EB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-06-22 11:10 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-11-04 23:12 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-04 23:12 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-30 13:51 - 2018-06-30 13:51 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () C:\Program Files\AMD\Performance Profile Client\Platform.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () C:\Program Files\AMD\Performance Profile Client\Device.dll
2018-06-21 22:36 - 2013-09-16 11:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2543206313-2728872151-1076819596-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2543206313-2728872151-1076819596-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033076\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2543206313-2728872151-1076819596-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11052018091033310\Control Panel\Desktop\\Wallpaper -> C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{238D960E-5117-43B0-B749-67BBD4E2E8D6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9CB604DA-C074-491B-8611-A8FCAC03EE98}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{58CEEE4D-B0B5-4C13-9BC7-CF9BB832B903}] => (Allow) C:\Users\Tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{F7BDB002-C121-43E0-8938-0C4DD898C83A}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{6DA02FD5-B09B-4534-9BF1-E3A4657A5028}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1A2C6195-C5B2-40F9-A173-27DF0549C87B}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{917CDB08-4DA5-40FE-9EFF-52759E1EB6CE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{CB01E08A-2974-4626-9E33-F2D105D258EA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

04-11-2018 10:54:06 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2018 09:13:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/05/2018 09:13:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/05/2018 09:10:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/04/2018 11:28:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/04/2018 11:28:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/04/2018 11:25:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/04/2018 10:38:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/04/2018 10:38:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

System errors:
=============
Error: (11/05/2018 09:09:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
and APPID
{63882250-25AD-4ED6-8003-B9AD33F1FC33}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/05/2018 09:09:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby ASUS Com Service bol dosiahnutý časový limit (30000 ms).

Error: (11/04/2018 11:42:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD User Experience Program Launcher sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/04/2018 11:23:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
and APPID
{63882250-25AD-4ED6-8003-B9AD33F1FC33}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 11:23:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby ASUS Com Service bol dosiahnutý časový limit (30000 ms).

Error: (11/04/2018 11:20:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Media Player - služba zdieľania v sieti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/04/2018 11:20:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/04/2018 11:20:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 31%
Total physical RAM: 7634.09 MB
Available physical RAM: 5221.69 MB
Total Virtual: 15266.33 MB
Available Virtual: 11890.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.73 GB) (Free:37.16 GB) NTFS
Drive d: (Nový zväzok) (Fixed) (Total:833.85 GB) (Free:479.47 GB) NTFS

\\?\Volume{323f9e4d-757d-11e8-9ac8-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{323f9e4f-757d-11e8-9ac8-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 22A29EFF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6 Příspěvek od **Conder** » 05 lis 2018 20:48

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
File: C:\Users\Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe
File: C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Windows\system32\clinfo.exe
File: C:\Windows\system32\dgtrayicon.exe

GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U1 aswbdisk; no ImagePath
2018-11-04 22:53 - 2018-11-04 22:53 - 000000000 ____D C:\rsit
2018-11-04 22:53 - 2018-11-04 22:53 - 000000000 ____D C:\Program Files\trend micro
2018-11-04 22:52 - 2018-11-04 22:52 - 001222144 _____ C:\Users\Tomas\Desktop\RSITx64.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {1BC4F091-D784-496B-A23C-D5D77F9E8B32} - System32\Tasks\{B5397D5B-8499-4D69-BFFA-08B9FA38FEAD} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\VirtualBox-5.2.18-124319-Win.exe -d C:\Users\Tomas\Downloads
Task: {38F18165-DD4E-4FBD-94D6-6ABD231AE14A} - System32\Tasks\{737BA6CD-039B-4693-8597-2B7184E94CB4} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\FacebookGameroom(1).exe -d C:\Users\Tomas\Downloads
Task: {4A541BBA-2550-488B-9E64-BB22239EB4A9} - System32\Tasks\{F91B1BC8-4F4C-4072-83C8-9CB25F2E0BA0} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\ISCT_Win7-8-8-1_VER42412549\ISCT_Win7-8-8-1_VER42412549\Setup.exe -d C:\Users\Tomas\Downloads\ISCT_Win7-8-8-1_VER42412549\ISCT_Win7-8-8-1_VER42412549
Task: {7A6F9858-C2B2-4FEF-BCF2-6FFC1E318A4D} - System32\Tasks\{6AFF36D5-8D42-4A45-80CE-07ADAC689743} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\VirtualBox-5.2.20-125813-Win.exe -d C:\Users\Tomas\Downloads
Task: {8EC30914-F08A-441F-B9BB-4C50EB4BE5CB} - System32\Tasks\{DE625553-497B-4B8C-9831-81C351E8F5B1} => C:\Users\Tomas\Downloads\FacebookGameroom(1).exe

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

7777 · #7 Příspěvek od **7777** » 06 lis 2018 17:57

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Tomas (06-11-2018 12:37:58) Run:1
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas & Mama)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
File: C:\Users\Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe
File: C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Windows\system32\clinfo.exe
File: C:\Windows\system32\dgtrayicon.exe

GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U1 aswbdisk; no ImagePath
2018-11-04 22:53 - 2018-11-04 22:53 - 000000000 ____D C:\rsit
2018-11-04 22:53 - 2018-11-04 22:53 - 000000000 ____D C:\Program Files\trend micro
2018-11-04 22:52 - 2018-11-04 22:52 - 001222144 _____ C:\Users\Tomas\Desktop\RSITx64.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {1BC4F091-D784-496B-A23C-D5D77F9E8B32} - System32\Tasks\{B5397D5B-8499-4D69-BFFA-08B9FA38FEAD} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\VirtualBox-5.2.18-124319-Win.exe -d C:\Users\Tomas\Downloads
Task: {38F18165-DD4E-4FBD-94D6-6ABD231AE14A} - System32\Tasks\{737BA6CD-039B-4693-8597-2B7184E94CB4} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\FacebookGameroom(1).exe -d C:\Users\Tomas\Downloads
Task: {4A541BBA-2550-488B-9E64-BB22239EB4A9} - System32\Tasks\{F91B1BC8-4F4C-4072-83C8-9CB25F2E0BA0} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\ISCT_Win7-8-8-1_VER42412549\ISCT_Win7-8-8-1_VER42412549\Setup.exe -d C:\Users\Tomas\Downloads\ISCT_Win7-8-8-1_VER42412549\ISCT_Win7-8-8-1_VER42412549
Task: {7A6F9858-C2B2-4FEF-BCF2-6FFC1E318A4D} - System32\Tasks\{6AFF36D5-8D42-4A45-80CE-07ADAC689743} => C:\Windows\system32\pcalua.exe -a C:\Users\Tomas\Downloads\VirtualBox-5.2.20-125813-Win.exe -d C:\Users\Tomas\Downloads
Task: {8EC30914-F08A-441F-B9BB-4C50EB4BE5CB} - System32\Tasks\{DE625553-497B-4B8C-9831-81C351E8F5B1} => C:\Users\Tomas\Downloads\FacebookGameroom(1).exe

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 47
Average :
Sum : 92368433
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe ========================

C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
File not signed
MD5: 428CA8C0835372200535C6491820DEF1
Creation and modification date: 2018-10-17 12:40 - 2018-10-17 12:40
Size: 000561152
Attributes: ----A
Company Name: AMD
Internal Name: AUEPMaster.exe
Original Name: AUEPMaster.exe
Product: AUEPMaster
Description: AMD User Experience Program Master
File Version: 1840.03.01.1017
Product Version: 1840.03.01.1017
Copyright: Copyright (C) 2017
VirusTotal: https://www.virustotal.com/file/fd9fde8 ... 541013476/

====== End of File: ======

========================= File: C:\Users\Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe ========================

C:\Users\Tomas\AppData\Local\Facebook\Games\FacebookGameroom.exe
File is digitally signed
MD5: 6DEA30AB5E4389F33026CD9C81AC84C5
Creation and modification date: 2018-10-29 18:09 - 2018-10-29 18:09
Size: 000574152
Attributes: ----A
Company Name: Facebook
Internal Name: FacebookGameroom.exe
Original Name: FacebookGameroom.exe
Product: FacebookGameroom
Description: FacebookGameroom
File Version: 1.21.6876.32656
Product Version: 1.21.6876.32656
Copyright: Copyright © 2016
VirusTotal: https://www.virustotal.com/file/7d78b98 ... 541357109/

====== End of File: ======

========================= File: C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe ========================

C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
File not signed
MD5: 5D550072D5FCD37EC7A5152E1B7C688B
Creation and modification date: 2018-10-17 12:40 - 2018-10-17 12:40
Size: 000043008
Attributes: ----A
Company Name: AMD
Internal Name: AUEPLauncher
Original Name: AUEPLauncher
Product: AUEPLauncher
Description: AMD User Experience Program Launcher
File Version: 1.0.0.1
Product Version: 1.0.0.1
Copyright: Copyright (C) 2018
VirusTotal: https://www.virustotal.com/file/2cbdf90 ... 540046199/

====== End of File: ======

========================= File: C:\Program Files\Intel\iCLS Client\HeciServer.exe ========================

C:\Program Files\Intel\iCLS Client\HeciServer.exe
File not signed
MD5: DAE6C3099D291EED8922A65C29ABCF52
Creation and modification date: 2013-08-27 13:32 - 2013-08-27 13:32
Size: 000747520
Attributes: ----A
Company Name: Intel(R) Corporation
Internal Name: HeciServer
Original Name: HeciServer.exe
Product: Intel(R) Capability Licensing Service Interface
Description: Intel(R) Capability Licensing Service Interface
File Version: 1.31.8.1 sys_sysscbld
Product Version: 1,31,8,1
Copyright: (C) Copyright Intel(R) Corporation
VirusTotal: https://www.virustotal.com/file/ad0a932 ... 540537083/

====== End of File: ======

========================= File: C:\Windows\system32\clinfo.exe ========================

C:\Windows\system32\clinfo.exe
File is digitally signed
MD5: D920C4B01471274BCE1BCCA95B61DE0F
Creation and modification date: 2018-10-17 19:21 - 2018-10-17 19:21
Size: 000330120
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

========================= File: C:\Windows\system32\dgtrayicon.exe ========================

C:\Windows\system32\dgtrayicon.exe
File is digitally signed
MD5: 577C57421BAD6ECBCCD8B70D98FC8CEA
Creation and modification date: 2018-10-17 18:52 - 2018-10-17 18:52
Size: 000482696
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Tomas\Desktop\RSITx64.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BC4F091-D784-496B-A23C-D5D77F9E8B32}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BC4F091-D784-496B-A23C-D5D77F9E8B32}" => removed successfully
C:\Windows\System32\Tasks\{B5397D5B-8499-4D69-BFFA-08B9FA38FEAD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B5397D5B-8499-4D69-BFFA-08B9FA38FEAD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F18165-DD4E-4FBD-94D6-6ABD231AE14A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F18165-DD4E-4FBD-94D6-6ABD231AE14A}" => removed successfully
C:\Windows\System32\Tasks\{737BA6CD-039B-4693-8597-2B7184E94CB4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{737BA6CD-039B-4693-8597-2B7184E94CB4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A541BBA-2550-488B-9E64-BB22239EB4A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A541BBA-2550-488B-9E64-BB22239EB4A9}" => removed successfully
C:\Windows\System32\Tasks\{F91B1BC8-4F4C-4072-83C8-9CB25F2E0BA0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F91B1BC8-4F4C-4072-83C8-9CB25F2E0BA0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A6F9858-C2B2-4FEF-BCF2-6FFC1E318A4D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A6F9858-C2B2-4FEF-BCF2-6FFC1E318A4D}" => removed successfully
C:\Windows\System32\Tasks\{6AFF36D5-8D42-4A45-80CE-07ADAC689743} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6AFF36D5-8D42-4A45-80CE-07ADAC689743}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EC30914-F08A-441F-B9BB-4C50EB4BE5CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EC30914-F08A-441F-B9BB-4C50EB4BE5CB}" => removed successfully
C:\Windows\System32\Tasks\{DE625553-497B-4B8C-9831-81C351E8F5B1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE625553-497B-4B8C-9831-81C351E8F5B1}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13360178 B
Java, Flash, Steam htmlcache => 219276 B
Windows/system/drivers => 182734860 B
Edge => 0 B
Chrome => 0 B
Firefox => 1098445021 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 547392 B
Tomas => 231019934 B
Mama => 19446135 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:40:29 ====

#8 Příspěvek od **Conder** » 06 lis 2018 23:02

Vyzera to OK. Nastala nejaka zmena alebo su este nejake problemy?

Co sa tyka suboru "AUEPMASTER.EXE", to je by mala byt legitimna sucast AMD ovladacov. Ak tento proces vytazuje PC, tak to bude zrejme bug, skus aktualizovat AMD ovladace

7777 · #9 Příspěvek od **7777** » 07 lis 2018 15:42

Doplnok, nielenže vyťažuje 2,6 GB pamäte ale neustále spotrebováva aj internetové pripojenie, takmer permamentne 120 Mbps/s

#10 Příspěvek od **Conder** » 07 lis 2018 17:59

Pozri cez spravcu uloh, ci sa ten program "AUEPMASTER.EXE" nachadza v umiestneni "C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe".

7777 · #11 Příspěvek od **7777** » 09 lis 2018 10:52

Áno, nachádza sa tam ale prečo vyťažuje toľko systémových prostriedkov?

#12 Příspěvek od **Conder** » 09 lis 2018 20:02

Prave tento subor som nechal cez fixlist skontrolovat a sice nie je digitalne podpisany, ale ziadny antivirus (VirusTotal analyza) ho nedetekuje ako hrozbu, takze by to mala byt legitimna sucast AMD ovladacov. Ako som pisal, to vytazovanie RAM bude zrejme nejaky bug, tak vyskusaj aktualizovat AMD ovladace. Predpokladam, ze v PC je graficka karta AMD, tak skus stiahnut a nainstalovat aktualnu verziu ovladacov pre danu graficku kartu z amd.com.

Preventivne mozes este urobit sken PC cez Malwarebytes (podla logov je nainstalovany).

VIRY.CZ

Na mojom počítači sa objavil tajomný program AUEPMASTER.EXE?

Na mojom počítači sa objavil tajomný program AUEPMASTER.EXE?

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.

Re: Na mojom počítači sa objavil tajomný program AUEPMASTER.