FRST.txt je moc velký rozděluju ho na 2 častí.
1. část:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Dalibor (administrator) on DEKSTOP-PC (26-01-2017 22:07:41)
Running from C:\Users\dalib\Desktop
Loaded Profiles: Dalibor (Available Profiles: defaultuser0 & Dalibor)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19335680 2016-12-29] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.0.10
Tcpip\..\Interfaces\{98028755-8020-4169-a811-2f5f1f850a95}: [DhcpNameServer] 10.0.0.1 10.0.0.10
Internet Explorer:
==================
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
hxxp://www.msn.com/?ocid=iehpSearchScopes: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] ()
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [99000 2016-12-16] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6758568 2016-12-28] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876088 2016-12-28] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys [26568856 2016-10-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys [536592 2016-10-26] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [40952 2016-12-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828360 2016-12-16] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [50288 2016-12-16] (COMODO)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-26] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-26 22:07 - 2017-01-26 22:07 - 00008816 _____ C:\Users\dalib\Desktop\FRST.txt
2017-01-26 22:06 - 2017-01-26 22:07 - 00000000 ____D C:\FRST
2017-01-26 19:48 - 2017-01-26 19:48 - 00000000 ____D C:\Users\dalib\AppData\Local\PeerDistRepub
2017-01-26 12:40 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-26 12:40 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-25 23:48 - 2017-01-25 23:48 - 00005602 _____ C:\Users\dalib\Desktop\zoek-results.txt
2017-01-25 23:47 - 2017-01-25 22:47 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-25 22:47 - 2017-01-25 23:38 - 00000000 ____D C:\zoek_backup
2017-01-25 22:47 - 2017-01-25 22:47 - 00007862 _____ C:\Users\dalib\Desktop\rog.txt
2017-01-25 22:15 - 2017-01-26 22:06 - 02420736 _____ (Farbar) C:\Users\dalib\Desktop\FRST64.exe
2017-01-25 22:15 - 2017-01-25 22:47 - 01309184 _____ C:\Users\dalib\Desktop\zoek.exe
2017-01-25 22:15 - 2017-01-25 22:15 - 00000091 _____ C:\Users\dalib\Desktop\Nový textový dokument (3).txt
2017-01-21 15:35 - 2017-01-21 15:35 - 00007740 _____ C:\Users\dalib\Desktop\Rogue.txt
2017-01-21 14:27 - 2017-01-25 22:16 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-21 14:26 - 2017-01-21 15:35 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-21 11:31 - 2017-01-21 11:31 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-21 11:31 - 2017-01-21 11:31 - 00000000 ____D C:\ProgramData\Sophos
2017-01-21 11:31 - 2017-01-21 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-21 11:30 - 2017-01-21 11:30 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-21 11:26 - 2017-01-21 11:26 - 00000623 _____ C:\Users\dalib\Desktop\JRT.txt
2017-01-21 11:22 - 2017-01-21 11:22 - 00002891 _____ C:\Users\dalib\Desktop\AdwCleaner[C0].txt
2017-01-21 11:19 - 2017-01-21 11:19 - 00000000 ___HD C:\VTRoot
2017-01-21 11:17 - 2017-01-26 22:06 - 00006322 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-01-21 11:01 - 2017-01-22 09:45 - 00000009 _____ C:\Users\dalib\Desktop\Nový textový dokument.txt
2017-01-21 11:01 - 2017-01-21 12:40 - 25947720 _____ C:\Users\dalib\Desktop\RogueKillerX64.exe
2017-01-21 11:01 - 2017-01-21 11:30 - 155417832 _____ (Sophos Limited) C:\Users\dalib\Desktop\Sophos Virus Removal Tool.exe
2017-01-21 11:00 - 2017-01-21 11:23 - 01663040 _____ (Malwarebytes) C:\Users\dalib\Desktop\JRT.exe
2017-01-21 10:40 - 2017-01-26 22:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-01-21 10:40 - 2017-01-21 10:40 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-01-21 10:40 - 2017-01-21 10:40 - 00000000 ____D C:\Program Files\COMODO
2017-01-21 10:39 - 2017-01-21 10:39 - 00000000 ____D C:\ProgramData\Comodo
2017-01-21 10:33 - 2017-01-21 11:30 - 00001405 _____ C:\Users\dalib\Desktop\MB.txt
2017-01-21 10:31 - 2017-01-21 10:31 - 00002854 _____ C:\Users\dalib\Desktop\AdwCleaner[S0].txt
2017-01-21 10:25 - 2017-01-21 11:21 - 00000000 ____D C:\AdwCleaner
2017-01-21 10:24 - 2017-01-21 10:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\dalib\Desktop\HijackThis.exe
2017-01-21 10:21 - 2017-01-26 21:45 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-21 10:21 - 2017-01-25 23:48 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-21 10:21 - 2017-01-21 10:21 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-21 10:21 - 2017-01-21 10:21 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 10:21 - 2017-01-21 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 10:20 - 2017-01-21 10:24 - 03988944 _____ C:\Users\dalib\Desktop\adwcleaner_6.042.exe
2017-01-21 10:20 - 2017-01-21 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 10:20 - 2017-01-21 10:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 10:20 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-21 10:17 - 2017-01-21 10:21 - 00050688 _____ (Atribune.org) C:\Users\dalib\Desktop\ATF-Cleaner.exe
2017-01-21 10:17 - 2017-01-21 10:20 - 00448512 _____ (OldTimer Tools) C:\Users\dalib\Desktop\TFC.exe
2017-01-20 21:12 - 2017-01-20 21:12 - 02160656 _____ C:\Users\dalib\Downloads\wrar540cz.exe
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Users\dalib\AppData\Roaming\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-20 21:12 - 2017-01-20 21:12 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-01-20 21:07 - 2017-01-20 21:10 - 18814198 _____ C:\Users\dalib\Downloads\Mirillis.Action.2.1.0.0.rar
2017-01-20 21:01 - 2017-01-20 21:04 - 19167064 _____ (Mirillis Ltd.) C:\Users\dalib\Downloads\action_2_1_0_setup.exe
2017-01-20 20:55 - 2017-01-20 21:06 - 00002114 _____ C:\Users\Public\Desktop\Action!.lnk
2017-01-20 20:55 - 2017-01-20 21:06 - 00000000 ____D C:\Program Files (x86)\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Users\dalib\AppData\Local\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\ProgramData\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2017-01-20 20:55 - 2017-01-20 20:55 - 00000000 ____D C:\Action!
2017-01-20 20:41 - 2017-01-25 23:35 - 00004206 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{98951693-2B9B-4DA2-8C5E-F74ED5F78423}
2017-01-12 18:53 - 2017-01-12 18:53 - 00000661 _____ C:\Users\dalib\Downloads\userconfig.cfg
2017-01-12 18:37 - 2017-01-12 18:37 - 00000218 _____ C:\Users\dalib\Desktop\Counter-Strike.url
2017-01-11 18:49 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 18:49 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 18:49 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 18:49 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 18:49 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 18:49 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 18:49 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 18:49 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 18:49 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 18:49 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 18:49 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 18:49 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 18:49 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 18:49 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 18:49 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 18:49 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 18:49 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 18:49 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 18:49 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 18:49 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 18:49 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 18:49 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 18:49 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 18:49 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 18:49 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 18:49 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 18:49 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 18:49 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 18:49 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 18:49 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 18:49 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 18:49 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 18:49 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 18:49 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 18:49 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 18:49 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 18:49 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 18:49 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 18:49 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 18:49 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 18:49 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 18:49 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 18:49 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 18:49 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 18:49 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 18:49 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 18:49 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 18:49 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 18:49 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 18:49 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 18:49 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 18:49 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 18:49 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 18:49 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 18:49 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 18:49 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 18:49 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 18:49 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 18:49 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 18:49 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 18:49 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 18:49 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-01-11 18:49 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-01-11 18:49 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 18:49 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 18:49 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 18:49 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 18:49 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 18:49 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 18:49 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 18:49 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 18:49 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 18:49 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 18:49 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 18:49 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 18:49 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 18:49 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 18:49 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 18:49 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 18:49 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 18:49 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 18:49 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll