Preventivka

Mirajs · Příspěvekod **Mirajs** » 10 kvě 2016 13:17

Dobrý den,
prosím o preventivní kontrolu logu. Potíže žádné.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:15:59, on 10.05.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)

Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\Mirajs\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: iReboot 2.0.lnk = C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Alcohol Virtual AHCI Controller Management Service (AxVirtualAHCISrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iReboot Background Service (iReboot) - NeoSmart Technologies - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11128 bytes

Reklama

Příspěvekod **jaro3** » 10 kvě 2016 18:55

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Mirajs · Příspěvekod **Mirajs** » 10 kvě 2016 21:06

# AdwCleaner v5.116 - Log soubor vytvořen 10/05/2016 o 20:45:35
# Aktualizováno 09/05/2016 by Xplode
# Databáze : 2016-05-09.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Jméno uživatele : Mirajs - DESKTOP-MKIG306
# Spuštěno z : C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
# Volba : Skenovat
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

Složka nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
Složka nalezeno : C:\Program Files (x86)\SereneScreen

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úkoly ] *****

***** [ Registr ] *****

Klávesa nalezeno : HKCU\Software\SereneScreen
Klávesa nalezeno : HKLM\SOFTWARE\SereneScreen
Klávesa nalezeno : HKU\S-1-5-21-2773746883-3701683770-2231874595-1001\Software\SereneScreen

***** [ Webové prohlížeče ] *****

[C:\Users\Mirajs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] nalezeno : alcohol-120.en.softonic.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1134 bytes] - [10/05/2016 20:45:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1207 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10.05.2016
Čas skenování: 20:55
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.10.05
Databáze rootkitů: v2016.05.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Mirajs

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 305673
Uplynulý čas: 7 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 10 kvě 2016 21:43

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Mirajs · Příspěvekod **Mirajs** » 11 kvě 2016 07:58

RogueKiller V12.2.0.0 (x64) [May 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Mirajs [Práva správce]
Started from : C:\Users\Mirajs\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 05/11/2016 07:56:16

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path|VT.Unknown] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7697\Microsoft\Windows\CurrentVersion\Run | EPSON Stylus DX3800 : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S1AC6.tmp" /EF "HKLM" [7][x][x][x][x] -> Nalezeno
[Suspicious.Path|VT.Unknown] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_7697\Microsoft\Windows\CurrentVersion\Run | EPSON Stylus DX3800 : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S1AC6.tmp" /EF "HKLM" [7][x][x][x][x] -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\RK_Miruna_ON_D_B6B8\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\RK_Miruna_ON_D_B6B8\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 45c3f1eb8b5b2382cedfeb57ae801efd
[BSP] bb0a287424527c9c169fd65b97d726c2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 294791 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 603734016 | Size: 450 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604655616 | Size: 10000 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: INTEL SSDSC2BW120A4 ATA Device +++++
--- User ---
[MBR] 067035fde482f844e4baf9f23e3eb8ef
[BSP] 1dd129f57d792ec7d37ad59809fb7078 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64
Ran by Mirajs (Administrator) on 11.05.2016 at 7:31:24,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.05.2016 at 7:34:54,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.116 - Log soubor vytvořen 11/05/2016 o 07:25:42
# Aktualizováno 09/05/2016 by Xplode
# Databáze : 2016-05-09.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Jméno uživatele : Mirajs - DESKTOP-MKIG306
# Spuštěno z : C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
[-] Složka smazáno : C:\Program Files (x86)\SereneScreen

***** [ Soubory ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úkoly ] *****

***** [ Registr ] *****

[-] Klávesa smazáno : HKCU\Software\SereneScreen
[-] Klávesa smazáno : HKLM\SOFTWARE\SereneScreen

***** [ Webové prohlížeče ] *****

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1032 bytes] - [11/05/2016 07:25:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1286 bytes] - [10/05/2016 20:45:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [1228 bytes] - [11/05/2016 07:20:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1251 bytes] ##########

Příspěvekod **jaro3** » 11 kvě 2016 08:47

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT

Mirajs · Příspěvekod **Mirajs** » 11 kvě 2016 12:57

RogueKiller V12.2.0.0 (x64) [May 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : Mirajs [Práva správce]
Started from : C:\Users\Mirajs\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 05/11/2016 12:01:33

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path|VT.Unknown] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_5B8A\Microsoft\Windows\CurrentVersion\Run | EPSON Stylus DX3800 : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S1AC6.tmp" /EF "HKLM" [7][x][x][x][x] -> Smazáno
[Suspicious.Path|VT.Unknown] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_5B8A\Microsoft\Windows\CurrentVersion\Run | EPSON Stylus DX3800 : C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S1AC6.tmp" /EF "HKLM" [7][x][x][x][x] -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\RK_Miruna_ON_D_CE85\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Miruna_ON_D_CE85\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Smazáno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 45c3f1eb8b5b2382cedfeb57ae801efd
[BSP] bb0a287424527c9c169fd65b97d726c2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 294791 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 603734016 | Size: 450 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604655616 | Size: 10000 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD5003ABYX-01WERA2 ATA Device +++++
--- User ---
[MBR] 7da8aa0deaddad36b7e3df19b9951ca9
[BSP] 7ca185f13bb5762363b519487baf2969 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: INTEL SSDSC2BW120A4 ATA Device +++++
--- User ---
[MBR] 067035fde482f844e4baf9f23e3eb8ef
[BSP] 1dd129f57d792ec7d37ad59809fb7078 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

Mirajs · Příspěvekod **Mirajs** » 11 kvě 2016 12:57

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mirajs on 11.05.2016 at 12:06:16,62.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mirajs\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

11.05.2016 12:08:03 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\Mirajs\AppData\Local\ActiveSync deleted successfully
C:\Users\Mirajs\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~3\EPSON deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-05-10 19:22:53 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Mirajs\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-05-10 19:29:07 FA7D63CF73A4D2417F10264B3C0772AB 829944 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-10 19:29:07 574539035D542491404203E7205E2532 176632 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 19:24:03 DFB54165665C7E369A59B273C91B90B0 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 19:24:03 40591C3BEBAEA638423B10863315D93F 87040 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 19:24:03 1159023FAA938BF54C7C033D2BC643BE 59904 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 19:24:02 52FEDEA32F2BBFCD3AAA83FD39852C1A 2061824 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 19:24:02 3A1BD59AF5A0D20438D1E44FCF5EA4E8 349696 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 19:24:01 3AEDE16F62921F443DDE37440C84B6F1 5205504 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 19:23:48 0561104CC8619EC5A53848F642434235 13018112 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 19:23:44 98DA2DE9A1AC739DF3750F7DABECC9CF 6295552 ----a-w- C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 19:23:44 6BC0E961EA78AFD90348C8E05896A7DC 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 19:23:44 0188F4F7264EE585DE518FD02DDD9F79 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 19:23:42 15F732C297CE4B169D85214A96A16559 792064 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 19:23:39 22120EE8EC8AC405618FEA768071E267 19344384 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 19:23:30 3A5C07D5517087143701DBEB749F0EF1 18676224 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 19:23:16 B6506139C8A4CE3BDD3B4EFDF63A87B5 348672 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 19:23:13 9CD20753821A4F28AA797B5C9A24050F 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 19:23:05 5D9BB3289D25FDEA1B2DD491C9771778 21123320 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 19:23:03 468AA89AF32BEE9D6B0ABBDF7C88CF20 5240960 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 19:23:02 9F6F693FD7738B8DA4B420E46E973F35 2919832 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 19:23:01 5A77C7C30E117F60ACCEF43E2EA6841D 12125696 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 19:23:00 A404EA688829EF2657431CB34D0C72DF 5660160 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 19:23:00 85ED26DB17B3270944C344E0E5B7C34A 1542816 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 19:22:59 FB01CB67364FF3AA677F0CFD8C958E50 5324288 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 19:22:50 FA6CCFE5305E3D276F06A104EAA83029 4759040 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 19:22:49 80785EA474D952CC0CB2CF936E36DDE0 3666432 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 19:22:49 692E62EA6039478321AE5D24A68E1FE2 4074160 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 19:22:48 717DDEC1ABA5678EDC9F2AF1044BAA69 2000896 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 19:22:40 4B71644224F39A390B6DCC482B3D582A 639488 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 19:22:40 2942FB92C23B77D3BD9D38117AF3663B 1557768 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 19:22:40 1D04327817511268754ED6F177DAD3E8 754176 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 19:22:38 1F90253211F8E102D814F4DE4D550B85 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 19:22:37 362C9AA8696C74CD38F1416FF866C25C 522176 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 19:22:36 35E635469515D564CE418DDCC7B7BC96 1500160 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 19:22:36 32A696B0A48CCCCE5FC8E8E572FD4E90 434688 ----a-w- C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 19:22:36 2CE163D00A7DA251D77F7B39E267382B 925064 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 19:22:35 E48F0A089D9BAE356BF14FE3A16B1147 489984 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 19:22:35 03B7C4D05DB7FF060E49FA900FCE627E 451928 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 19:22:34 25E42F5C3FDE0E96BF3C16814DC7A688 1372304 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 19:22:33 B91176A909798C7EAC28AB4FE786CA53 705536 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 19:22:33 30E3DC9ED2C6641709AC961CB7CE72BB 647680 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 19:22:32 4AE45F3077E79A3E3B22996F80DA9E7A 354304 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 19:22:31 D408D20295BA135DC1B9B181FADF78DD 255168 ----a-w- C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 19:22:30 4ECC2FAF9F29066636E06253C0D7FA06 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 19:22:29 318E2A6EC26C9703A5B273B015672660 388608 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 19:22:28 CD36155EE56E94B4E8830FA90822511F 503296 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 19:22:27 89C74675E6DE7888153B1F6644772774 1536088 ----a-w- C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 19:22:27 1B26C71109A2EA27DD6684719BF493EC 188256 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 19:22:26 9CAC58EBAFB3E32711920568810CDCD7 307200 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 19:22:26 122F8F0FAF690B88FBDE2DB097740AB6 569744 ----a-w- C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 19:22:25 10564E7A7EE807FF580E34A94ACF5590 1522152 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 19:22:24 8E8FBA400CD678AB46D46BB24921A051 342528 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 19:22:24 1587235261E629DFFAA0C39A72CAD1A6 667648 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 19:22:23 A825405D442EB9A2526468E16296DD58 513368 ----a-w- C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 19:22:23 9E6DBA611E99BE75589D6A358F54364F 137728 ----a-w- C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 19:22:22 E7BD4D15CDC5A1E162256CFADCA92344 1337240 ----a-w- C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 19:22:21 525FC35182F9660E2A7DCC75607535DC 707608 ----a-w- C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 19:22:20 A1A9DDD5C6A335C0B97423A2F75C9299 453472 ----a-w- C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 19:22:20 30F680D95B0CCABE46C775672C912C0A 306832 ----a-w- C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 19:22:19 9F8A026A9643F89B4E451539A7AAC0C9 50176 ----a-w- C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 19:22:19 5AEDC6D333BC8D8B1DE5928FCE2150DB 400896 ----a-w- C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 19:22:19 460CDD92C5283DCB9E35AF2B8DB7F200 461824 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 19:22:18 FAD56D0A789345614220D9B770DF400A 465760 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 19:22:17 25B0BAA64D6D62873FAA7719DB64015C 183904 ----a-w- C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 19:22:15 AB48B90C4DB88D2F31D1A6F460F76D29 241664 ----a-w- C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 19:22:14 E9E7FA1FC796ADC16A1169736EFC7AF3 84480 ----a-w- C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 19:22:14 96101F3B90BDE894A862CDF1B808A03F 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 19:22:13 DA97C8A8C517210E4ACA90E45C836E80 80896 ----a-w- C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 19:22:13 AA7CBB3B7A7BFC41E9EC4EF645797DFA 502104 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 19:22:13 0D19695F93813C63B4656E42536892FA 47104 ----a-w- C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 19:22:12 98DA8D97E83C73E7AD7A142A801E1898 2193408 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 19:22:11 F5814ED9E8B83F872FBDCB139B001C8A 23552 ----a-w- C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 19:22:11 89C06DA6E3B3C06F69E2CAFB3431CAF5 31232 ----a-w- C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 19:22:11 359765C7C700F7CED909A69C5DBBD943 140800 ----a-w- C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 19:22:11 3166A46AA132AACD035C7163108F2DA1 103936 ----a-w- C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 19:22:07 CD94405BB0A90B179E94BE23F4D2B79D 39424 ----a-w- C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 19:22:07 486919689633D1C0DADA718DF1A3E7FB 219648 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 19:22:06 8450005F7BA8662A64E3FB7B0C3EE836 51712 ----a-w- C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 19:22:06 51DF6FC12B5EF8CA87414D79C98CBC7A 395264 ----a-w- C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 19:22:06 3D3BBD2DA5660B0B6C9F6A8B9401648C 337920 ----a-w- C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 19:22:01 9B034D049D1C6EC9BED55D2F27D86ED9 2186 ----a-w- C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-09 14:40:11 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-05-09 14:40:11 BF9CAA33ADD4C21C118148B5CFC5494B 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-05-09 14:40:11 6F391E9286733CC6B34FC0FAB23B8DF3 103120 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-05-09 14:02:29 83EBA442F07AAB8D6375D2EEC945C46C 1868128 ----a-w- C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-05-09 14:02:21 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-05-10 20:12:44 DE4FA2E0FBF5D7CAF54977DE21949EC2 15703 ----a-w- C:\WINDOWS\Sysnative\OEMDefaultAssociations.xml
2016-05-10 19:24:02 FD60606E2E7F74D7104A5DA1210D38E6 460800 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll
2016-05-10 19:24:01 F1CC271FBAD94FBD3D69BC6BE443C33B 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll
2016-05-10 19:24:01 E4B5C9FEF4C8978CF75B584188868AF8 2582016 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2016-05-10 19:24:01 78A9EBBAC348ACD9AF5B72ECF90944A7 853504 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll
2016-05-10 19:24:00 1B8A57EC632457E909A06957CB216806 7200256 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll
2016-05-10 19:23:58 D2EF3FDF915BBA7C9832FA890DD4D85A 16984576 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2016-05-10 19:23:45 FA05A804701A1BF900577A0F7C14B59E 24604672 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2016-05-10 19:23:43 99DDB4A100F6013E6B6B269880F0C936 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll
2016-05-10 19:23:43 5FD7FDCE260C2ADE6CFFBC141657E8C0 939520 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll
2016-05-10 19:23:42 614EF7EFFE6896791CC8E4D045F37579 7977472 ----a-w- C:\WINDOWS\Sysnative\mos.dll
2016-05-10 19:23:41 A1144CA95D4C30449331D3DF39F295F9 970752 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll
2016-05-10 19:23:41 3602BE2186C15362DF2B5C489AC1B1D1 22379008 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2016-05-10 19:23:26 79BF53E386256057C30EF606DC3CFDFB 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll
2016-05-10 19:23:25 0BECECA1B6DA7B022FC9502D22B9E9B3 22561256 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2016-05-10 19:23:24 DBD087566420D945303C278A4FD90E60 440320 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll
2016-05-10 19:23:23 75A22EF6AC813D4FE63E30C3C292F871 11545088 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2016-05-10 19:23:19 24F2141493C1A2F6FDEC8C3FA5A95CDE 6605504 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2016-05-10 19:23:17 8F225A78F60DB08D4691C1C27CF644F2 6974464 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2016-05-10 19:23:12 5EED294E19B8293E4F0845CED31489BA 13383168 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2016-05-10 19:23:06 62D33462C8781DA354519488A571A9AD 7832576 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2016-05-10 19:23:03 5BDA53E18911DEAB35F03AA1C3213A78 3673424 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2016-05-10 19:23:00 03DE6DE0019FFC0DE60759A893BD8B3F 1819208 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2016-05-10 19:22:59 89FE1A65D15DE2AA9CBF86AA6A731557 7474528 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-05-10 19:22:57 F6718A9F2B5BFA1A42618F63BC890713 5502976 ----a-w- C:\WINDOWS\Sysnative\d2d1.dll
2016-05-10 19:22:55 7E500CCA3EC66C419F2E4BBDE8617647 4894208 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2016-05-10 19:22:52 F83E3BAEF5931399978A31753B22D0BE 713920 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll
2016-05-10 19:22:52 7539A3BF1DC12C53D6DDE078BE888951 190144 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe
2016-05-10 19:22:52 3F943A9A21814C6A394FBB8F1D4E622D 1401024 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll
2016-05-10 19:22:50 2A643E48326E427C6A43005EC29F314D 2444288 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2016-05-10 19:22:48 8A88DBA247BFF23BD284C2189F41FDA5 2280960 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2016-05-10 19:22:46 0BF8D8C7EC9FB15D6480A12101E88B71 606720 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll
2016-05-10 19:22:45 1A944DC7982279E73C4181DD5D50E021 3591168 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2016-05-10 19:22:45 19D88BF131158F4286294C372B4410B3 1946112 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2016-05-10 19:22:45 087FBBC026DCC0F693E91079B9901B7E 2166784 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2016-05-10 19:22:44 DE1C434F0F89C37687D34FB8A8E77B46 120320 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll
2016-05-10 19:22:44 B28EA19205448B34303D006D50E9E65A 74752 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll
2016-05-10 19:22:44 7DDC2D8133CC1CA646134CC450C02C15 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll
2016-05-10 19:22:44 77DE2FC672F423C2DFCF2A12DB74197C 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll
2016-05-10 19:22:44 56B24B359838BE86B013C2CFD38BDFC4 72704 ----a-w- C:\WINDOWS\Sysnative\moshost.dll
2016-05-10 19:22:44 489EDA0C433F5B0AA54033F523F2C80E 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll
2016-05-10 19:22:43 C57CBD3D0A4B832F3DC18250FC02C3DE 46784 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe
2016-05-10 19:22:43 AB17E08B47FECDAF0E1349797A6C41A4 1184960 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll
2016-05-10 19:22:42 F172E5709824756634091047826E7A9F 1319424 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2016-05-10 19:22:42 A8ECAFE7C58ABABA7CB1C377B7A7E309 984576 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2016-05-10 19:22:42 082DC7D3704A17FF022D70C577785254 2066432 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2016-05-10 19:22:41 191A50C760243B5B8E08E0A1CA0B1F7C 821760 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2016-05-10 19:22:40 A5C14F8FE076B41778C56F2414F5D246 650304 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2016-05-10 19:22:40 0C8655AAC4EA262F62B00DCDA4639819 2598912 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2016-05-10 19:22:39 DA5108028A00B865BBECB1980EB05EB8 1997328 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2016-05-10 19:22:39 C1D51970E74AB5FFE46FE624BFE900C6 1731072 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2016-05-10 19:22:39 6D8365722FBB3E58FC2B10FEA00BE840 514752 ----a-w- C:\WINDOWS\Sysnative\devinv.dll
2016-05-10 19:22:38 F75A1710366B5C6B02D3C061DAA4C578 529920 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll
2016-05-10 19:22:38 54D6AEA7933377556BBBEC5F45539922 673280 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2016-05-10 19:22:38 090AAD83736B45769D2688E3BC1AB80A 1092464 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll
2016-05-10 19:22:37 5C156EC4E44E30331BCC865A3B61D839 585728 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe
2016-05-10 19:22:37 0B28F2ACE5103586D322AD98FAA01309 870912 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll
2016-05-10 19:22:37 00A8CD22CCF7FA34501038C3C35186BD 498960 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2016-05-10 19:22:36 EBE067467C144B097CEF5F609F6ABF43 865792 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll
2016-05-10 19:22:36 D5D0D1345DEAC9D08A6A5B146A29ADBE 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2016-05-10 19:22:35 2453622FF2CCB1BA1DFA588207E9C7A4 294592 ----a-w- C:\WINDOWS\Sysnative\invagent.dll
2016-05-10 19:22:35 0676A6C9A6EECA48E14B9AE13B0E3508 1387520 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2016-05-10 19:22:34 ECF260CA5837CE3174AAAE450C1888C6 605184 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2016-05-10 19:22:34 8B4111E094EDDBED23EFA1FF8B5F314A 613376 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll
2016-05-10 19:22:34 86BE19C6A177AEB93302EA5C4FBE2D11 754664 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2016-05-10 19:22:34 70C5D325E1BBD9C771542375F9DE5711 303216 ----a-w- C:\WINDOWS\Sysnative\LockAppHost.exe
2016-05-10 19:22:34 1D7F891D7ADCE1A6824FCB57D6768E14 689152 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2016-05-10 19:22:33 CFF943806EBAD5CFAC26FD3DF304E79F 1073152 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll
2016-05-10 19:22:33 ACC6B16066D073AA0E20B044BFEF9CD1 471552 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2016-05-10 19:22:33 85A676350B7A349B1DFB47654FBF8C71 804352 ----a-w- C:\WINDOWS\Sysnative\jscript.dll
2016-05-10 19:22:33 5DA95027DF2317174E8C39B4A8D1FCD8 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2016-05-10 19:22:32 6EA247B3631FE0181583566B9D828B22 413536 ----a-w- C:\WINDOWS\Sysnative\wifitask.exe
2016-05-10 19:22:31 F1DF87BCF5429D48484E78FB1933326B 848896 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2016-05-10 19:22:31 A2953084546B1F46B5CCC7FC57A72C1B 314880 ----a-w- C:\WINDOWS\Sysnative\RDXTaskFactory.dll
2016-05-10 19:22:30 93C28A95FC5CA7F420343AC9693E05E6 1594920 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll
2016-05-10 19:22:30 82BC3D304654F8EBEFABDDC2AD70AFE3 497152 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll
2016-05-10 19:22:29 F5F7CE3E32536F1A37FB3972F27A814F 1399224 ----a-w- C:\WINDOWS\Sysnative\user32.dll
2016-05-10 19:22:29 A29004CC4FE3A06B5C71969F6411FD41 287232 ----a-w- C:\WINDOWS\Sysnative\provhandlers.dll
2016-05-10 19:22:29 52C95CFC459242ECBD8A557A197F6FF6 725776 ----a-w- C:\WINDOWS\Sysnative\SHCore.dll
2016-05-10 19:22:29 3CFA0EA6ABC10436D998F7958912387C 1848072 ----a-w- C:\WINDOWS\Sysnative\crypt32.dll
2016-05-10 19:22:28 F7DD01F464ED3ADB8477CD5FD1DE6CF4 356864 ----a-w- C:\WINDOWS\Sysnative\ActivationManager.dll
2016-05-10 19:22:28 ABF13620065E258771320165E0759761 1776768 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll
2016-05-10 19:22:28 82C4028BABC9BADCD89600F5084E4543 479232 ----a-w- C:\WINDOWS\Sysnative\schannel.dll
2016-05-10 19:22:28 810B7BA7636930BD6A21A93296FBCA51 292864 ----a-w- C:\WINDOWS\Sysnative\provengine.dll
2016-05-10 19:22:28 453EEF8F903DE266D9CB16313B5FA796 215040 ----a-w- C:\WINDOWS\Sysnative\aepic.dll
2016-05-10 19:22:27 F00A2E895B61858DBB3FE870495E37FA 210432 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll
2016-05-10 19:22:27 37E893F5A0BB0DCF89D8464F4D5E0C3D 217440 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll
2016-05-10 19:22:26 7F0318ECC1E6E566D02F218DD59CEA84 484352 ----a-w- C:\WINDOWS\Sysnative\DataSenseHandlers.dll
2016-05-10 19:22:25 C49BB15138D9A7AE2901692CA30E11D1 181248 ----a-w- C:\WINDOWS\Sysnative\shacct.dll
2016-05-10 19:22:25 5470B002C5E5D4DC8C4C330EAE8A685D 619296 ----a-w- C:\WINDOWS\Sysnative\d3d10level9.dll
2016-05-10 19:22:25 50E41D3203DA334DBBD2B3B6C7EA64CD 988672 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2016-05-10 19:22:25 1997A751EF0FB9889E6642428DC4CAB2 1161120 ----a-w- C:\WINDOWS\Sysnative\rpcrt4.dll
2016-05-10 19:22:24 FE42F8A07885E518ED1E846C93E4B78C 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2016-05-10 19:22:24 A55AB67676D0E90C279E36AF78EECCFA 515072 ----a-w- C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll
2016-05-10 19:22:23 E650C69B5CA9B786AD91E3E7F962A0EE 848896 ----a-w- C:\WINDOWS\Sysnative\samsrv.dll
2016-05-10 19:22:23 734B3E9E4DA94DD093C6759CA0C2AA1E 4775424 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2016-05-10 19:22:23 3655A59A1E16307F2F6475AC037C1EE4 87040 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2016-05-10 19:22:23 33C215D1F36A184FB0C0F83ECBE12B5B 351232 ----a-w- C:\WINDOWS\Sysnative\NgcCtnr.dll
2016-05-10 19:22:22 C991F0E48492D1550279F901AB2332B0 390496 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll
2016-05-10 19:22:22 C1C81AAF533552B3C4D9F11A5FF97700 291360 ----a-w- C:\WINDOWS\Sysnative\wininit.exe
2016-05-10 19:22:21 EED30CDEAB6E4B45CBF1BD5298952049 550656 ----a-w- C:\WINDOWS\Sysnative\directmanipulation.dll
2016-05-10 19:22:21 981F6C7FB2338CC7889BA4D37C1A9DCE 69632 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 19:22:21 7AAA9916AA10F4B0E9743798A5BA6549 649216 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll
2016-05-10 19:22:21 3C52661045548D78EC0EB76495CB978F 66560 ----a-w- C:\WINDOWS\Sysnative\MosHostClient.dll
2016-05-10 19:22:21 242DA5F2A6D9C5DFE2F99127BD2077A4 92352 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll
2016-05-10 19:22:21 0CFE0F27EC828D9659FD8BF3A529F7B1 166400 ----a-w- C:\WINDOWS\Sysnative\SubscriptionMgr.dll
2016-05-10 19:22:20 679DD4763AA8028B2F26651D3D02A2E1 582656 ----a-w- C:\WINDOWS\Sysnative\ngccredprov.dll
2016-05-10 19:22:20 0FB83658FBB2C5A18AB98C5C94DB9FAF 289792 ----a-w- C:\WINDOWS\Sysnative\NgcCtnrSvc.dll
2016-05-10 19:22:19 B9B902C12D6872DE9135B0A7C1ACA5A8 565600 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe
2016-05-10 19:22:19 B985F4CC9D63594D8D3DCADAC07F257E 130560 ----a-w- C:\WINDOWS\Sysnative\CloudDomainJoinDataModelServer.dll
2016-05-10 19:22:19 A1BFD44C6343BDF582828EAB6B4CBDE5 630784 ----a-w- C:\WINDOWS\Sysnative\PhoneProviders.dll
2016-05-10 19:22:19 5907323899BCEFA32BF6B002F2493C09 76288 ----a-w- C:\WINDOWS\Sysnative\ngcpopkeysrv.dll
2016-05-10 19:22:18 72229D3836EA9697F5E13AAEA85F8688 204048 ----a-w- C:\WINDOWS\Sysnative\rsaenh.dll
2016-05-10 19:22:17 E706406D61508D207F6B41CA4AD30891 127488 ----a-w- C:\WINDOWS\Sysnative\VEDataLayerHelpers.dll
2016-05-10 19:22:16 EDF39F56DDF4116DCC8779A65EF8D6C5 58208 ----a-w- C:\WINDOWS\Sysnative\dwminit.dll
2016-05-10 19:22:16 C1FCA0AED814F1E814700833EF8E0616 179712 ----a-w- C:\WINDOWS\Sysnative\BrowserSettingSync.dll
2016-05-10 19:22:16 7CEC266216126BC9A0E1072E1A7E5702 279040 ----a-w- C:\WINDOWS\Sysnative\ListSvc.dll
2016-05-10 19:22:16 45FA01F8B7971ACB65202038E34D04A3 86528 ----a-w- C:\WINDOWS\Sysnative\wpdbusenum.dll
2016-05-10 19:22:15 D906EFF6ADB6704071C903E62867AC23 696672 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2016-05-10 19:22:15 90A52EBAC043CFCA92E5F3DEAD4BBB4C 48128 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2016-05-10 19:22:15 5E903356FCDC2C7011E5341A1C2D48E9 192000 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll
2016-05-10 19:22:15 4766A523BD8265F3082662A49C382680 26408 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2016-05-10 19:22:14 DCC42EF91745E4AB13602B9A4D86DDC4 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll
2016-05-10 19:22:14 5DBA65D48CB7B17E241BB7430745C2E0 59392 ----a-w- C:\WINDOWS\Sysnative\hmkd.dll
2016-05-10 19:22:13 D0F9C288251907FD44B96837DBDF0A50 320000 ----a-w- C:\WINDOWS\Sysnative\cryptngc.dll
2016-05-10 19:22:13 C417C35D0B714320708A1C18673ACE6C 104448 ----a-w- C:\WINDOWS\Sysnative\BluetoothApis.dll
2016-05-10 19:22:12 0BFEB4862FC2422DAC67EE95C278ECE0 111616 ----a-w- C:\WINDOWS\Sysnative\updatepolicy.dll
2016-05-10 19:22:11 33931A5F8E8B4446C547B020409D66C4 436736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2016-05-10 19:22:08 AB1738C51C1C1F41A885467E7BB0D37B 285696 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll
2016-05-10 19:22:07 ED309332DA910BE791F40F09F6FC50B5 38400 ----a-w- C:\WINDOWS\Sysnative\ByteCodeGenerator.exe
2016-05-10 19:22:07 315CFB6974B5111E3E62E9A512C92B25 151040 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2016-05-10 19:22:07 09098FB07B47765865492C53B66E29E5 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2016-05-10 19:22:06 FE3A72E9BC5515509517D9BF41144252 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe
2016-05-10 19:22:06 C3534256AF526A16AADBA335AA99D58F 63488 ----a-w- C:\WINDOWS\Sysnative\wshbth.dll
2016-05-10 19:22:05 BD3F339FE542C30BB4A88F34A597728C 134656 ----a-w- C:\WINDOWS\Sysnative\wificonnapi.dll
2016-05-10 19:22:05 1AF7E0BA5D1AEA3DEF1CF05B070803FA 89600 ----a-w- C:\WINDOWS\Sysnative\NFCProvisioningPlugin.dll
2016-05-10 19:22:04 F70CB98E5669D44CBFA6F3EBF534977F 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll
2016-05-10 19:22:04 9C6EE1DE9CF7B77FF550A737816EB6DB 207360 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2016-05-10 19:22:01 9B034D049D1C6EC9BED55D2F27D86ED9 2186 ----a-w- C:\WINDOWS\Sysnative\AppxProvisioning.xml
2016-05-09 14:39:56 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe
2016-05-09 14:39:56 E2296A6174894682DF8F0FF29FDDCC82 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll
2016-05-09 14:39:55 C5FEF4B4A7FB961ECDB0AB07DBCF379E 124624 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll
====== C:\WINDOWS\Sysnative\drivers =====
2016-05-11 08:57:06 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2016-05-10 19:22:47 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2016-05-10 19:22:35 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2016-05-10 19:22:30 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2016-05-10 19:22:27 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2016-05-10 19:22:26 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdport.sys
2016-05-10 19:22:25 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys
2016-05-10 19:22:17 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys
2016-05-10 19:22:17 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2016-05-10 19:22:16 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys
2016-05-10 19:22:15 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\WINDOWS\Sysnative\drivers\UcmCx.sys
2016-05-10 19:22:15 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\WINDOWS\Sysnative\drivers\ufxsynopsys.sys
2016-05-10 19:22:14 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\WINDOWS\Sysnative\drivers\filecrypt.sys
2016-05-10 19:22:14 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2016-05-10 19:22:12 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys
2016-05-10 18:53:21 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-05-10 18:51:53 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-05-10 18:51:53 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-05-10 18:51:53 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2016-04-28 18:59:16 EF558A02D734A1403583E95CCEEC2487 27552 ----a-w- C:\WINDOWS\Sysnative\drivers\HWiNFO64A.SYS
2016-04-27 12:03:39 0D95E45D07A3E1DD08DD2FAD2E45DC06 209056 ----a-w- C:\WINDOWS\Sysnative\drivers\idmwfp.sys
2016-04-27 07:43:44 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-04-27 07:43:24 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2016-04-27 07:43:16 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2016-04-27 07:43:12 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2016-04-27 07:43:11 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys
2016-04-27 07:43:10 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2016-04-27 07:43:09 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2016-04-27 07:43:08 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys
2016-04-27 07:43:08 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2016-04-27 07:43:07 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2016-04-27 07:43:06 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2016-04-27 07:43:06 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2016-04-27 07:43:06 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys
2016-04-27 07:43:03 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\serial.sys
2016-04-27 07:43:03 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
====== C:\WINDOWS\Tasks ======
2016-05-11 06:08:50 8B0BB7B3CFADB2FE88A03629B2BAC752 992 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 06:08:49 4B5FD3F5600FA66E132F3DAD60714583 988 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 05:28:53 1ACD889FA801E82FA0395BFEEB06640D 306 ----a-w- C:\WINDOWS\Tasks\AutoKMS.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-05-10 16:43:55 -------- d-----w- C:\Program Files\trend micro
2016-05-09 14:43:05 -------- d-----w- C:\Program Files\Reference Assemblies
2016-05-09 14:43:05 -------- d-----w- C:\Program Files\MSBuild
2016-04-28 11:46:43 -------- d---a-w- C:\Program Files\HWiNFO64
======= C:\PROGRA~2 =====
2016-05-09 14:51:01 -------- d-----w- C:\PROGRA~2\Nero
2016-05-09 14:50:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Nero
2016-05-09 14:50:25 -------- d-----w- C:\PROGRA~2\COMMON~1\LightScribe
2016-05-09 14:43:06 -------- d-----w- C:\PROGRA~2\Reference Assemblies
======= C: =====
====== C:\Users\Mirajs\AppData\Roaming ======
2016-05-10 06:35:20 -------- d-----w- C:\Users\Mirajs\AppData\Local\Diagnostics
2016-04-28 11:11:29 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow
====== C:\Users\Mirajs ======
2016-05-11 05:40:28 -------- d-----w- C:\ProgramData\RogueKiller
2016-05-11 05:18:12 5E0F92EC9D98943F7C26C26FC2AEB1FE 24080968 ----a-w- C:\Users\Mirajs\Desktop\RogueKillerX64.exe
2016-05-11 05:18:06 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\Mirajs\Desktop\JRT.exe
2016-05-10 18:44:54 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
2016-05-10 17:26:59 -------- d-----r- C:\Users\Mirajs\3D Objects
2016-05-10 16:41:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Mirajs\Desktop\RSITx64.exe
2016-05-09 14:55:48 -------- d-----w- C:\ProgramData\LightScribe
2016-05-09 14:51:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-05-09 14:50:46 -------- d-----w- C:\ProgramData\Nero
2016-05-09 14:50:25 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-04-28 17:38:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2016-04-28 11:46:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

====== C: exe-files ==
2016-05-11 06:08:49 E8B364111F317A60DF073826E628FF6F 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe
2016-05-11 06:08:49 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe
2016-05-11 06:08:49 54D932590CEAB260ADC4FF79797B21D9 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe
2016-05-11 06:08:49 108CB30A5B4C5247E414A3086458FCFC 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe
2016-05-11 06:08:48 A425CDCEB9D26E9A5ABAFA259799D447 312472 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
2016-05-11 06:08:48 56FE3C885B0901601549E23E7A435984 250008 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
2016-05-11 06:08:48 50FCC5C822A6B4FC6F377EE9F9F37C7B 152216 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe
2016-05-11 06:08:48 13FF5C375BD0C702EA1252E79592692F 135832 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe
2016-05-11 06:08:45 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe
2016-05-11 05:31:20 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Mirajs\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2016-05-11 05:18:12 5E0F92EC9D98943F7C26C26FC2AEB1FE 24080968 ----a-w- C:\Users\Mirajs\Desktop\RogueKillerX64.exe
2016-05-11 05:18:06 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\Mirajs\Desktop\JRT.exe
2016-05-10 19:29:07 FA7D63CF73A4D2417F10264B3C0772AB 829944 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-10 19:23:33 57604326275B289CDE745D0EE73FCD19 9371488 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
2016-05-10 19:23:27 756B25CB4534BACE5EDA52AB7C638701 578048 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
2016-05-10 19:23:27 66757691048E094792EF2D26BA0C1909 219136 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
2016-05-10 19:23:22 1E9EA7C945FC9A113D3948D687F69F27 7344496 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2016-05-10 19:22:59 89FE1A65D15DE2AA9CBF86AA6A731557 7474528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-10 19:22:53 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\Windows\explorer.exe
2016-05-10 19:22:52 7539A3BF1DC12C53D6DDE078BE888951 190144 ----a-w- C:\Windows\System32\DeviceCensus.exe
2016-05-10 19:22:49 692E62EA6039478321AE5D24A68E1FE2 4074160 ----a-w- C:\Windows\SysWOW64\explorer.exe
2016-05-10 19:22:43 C57CBD3D0A4B832F3DC18250FC02C3DE 46784 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-05-10 19:22:39 80E0C2B28BEFADF8D6C8596A2E10CDFB 104448 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
2016-05-10 19:22:37 5C156EC4E44E30331BCC865A3B61D839 585728 ----a-w- C:\Windows\System32\winlogon.exe
2016-05-10 19:22:34 70C5D325E1BBD9C771542375F9DE5711 303216 ----a-w- C:\Windows\System32\LockAppHost.exe
2016-05-10 19:22:32 6EA247B3631FE0181583566B9D828B22 413536 ----a-w- C:\Windows\System32\wifitask.exe
2016-05-10 19:22:31 D408D20295BA135DC1B9B181FADF78DD 255168 ----a-w- C:\Windows\SysWOW64\LockAppHost.exe
2016-05-10 19:22:23 3655A59A1E16307F2F6475AC037C1EE4 87040 ----a-w- C:\Windows\System32\MDMAppInstaller.exe
2016-05-10 19:22:22 C1C81AAF533552B3C4D9F11A5FF97700 291360 ----a-w- C:\Windows\System32\wininit.exe
2016-05-10 19:22:19 B9B902C12D6872DE9135B0A7C1ACA5A8 565600 ----a-w- C:\Windows\System32\SettingSyncHost.exe
2016-05-10 19:22:18 FAD56D0A789345614220D9B770DF400A 465760 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-10 19:22:15 4766A523BD8265F3082662A49C382680 26408 ----a-w- C:\Windows\System32\wuauclt.exe
2016-05-10 19:22:14 EEC01707BA931B7113DE3E1CF7528F69 2095968 ----a-w- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2016-05-10 19:22:14 E004E3D268827C6F2E500411D95DF85E 493056 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2016-05-10 19:22:13 97FF7539F4E46E86A802CD5876549ACA 476160 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-05-10 19:22:11 89C06DA6E3B3C06F69E2CAFB3431CAF5 31232 ----a-w- C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-10 19:22:07 ED309332DA910BE791F40F09F6FC50B5 38400 ----a-w- C:\Windows\System32\ByteCodeGenerator.exe
2016-05-10 19:22:06 FE3A72E9BC5515509517D9BF41144252 414720 ----a-w- C:\Windows\System32\bcastdvr.exe
2016-05-10 18:44:54 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
2016-05-10 16:43:55 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Mirajs.exe
2016-05-10 16:41:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Mirajs\Desktop\RSITx64.exe
2016-05-09 14:40:11 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2016-05-09 14:39:56 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2016-05-09 11:23:42 F80F1A1E0B249D82931B9838B03B656A 6837304 ----a-w- C:\Users\Mirajs\AppData\Roaming\IDM\idmupdt.exe
2016-05-08 15:27:32 9A93245178D9DF8D386CDC4AB723E8DE 7874704 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\Packages\00008a80\DAO.20726304.exe
2016-05-08 15:27:32 664C017173451A4E6BCEDD1868777AA9 632048 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\Packages\00008a8b\CoProc update.20729581.exe
2016-05-08 15:27:01 B44883D6D51C8161E99C08DDEB784545 161992 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\CertImporter-1354.exe
2016-05-05 16:54:48 E85C4B4B84B9DB390BB6C5626A79DF58 779704 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2016-05-05 16:54:46 78D3F1ADDEBCA45AEA42ECC11F2248AE 322488 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
=== C: other files ==
2016-05-11 08:57:06 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2016-05-10 19:22:47 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-05-10 19:22:45 1A944DC7982279E73C4181DD5D50E021 3591168 ----a-w- C:\Windows\System32\win32kfull.sys
2016-05-10 19:22:35 0676A6C9A6EECA48E14B9AE13B0E3508 1387520 ----a-w- C:\Windows\System32\win32kbase.sys
2016-05-10 19:22:35 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2016-05-10 19:22:30 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2016-05-10 19:22:27 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-05-10 19:22:26 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\Windows\System32\drivers\sdport.sys
2016-05-10 19:22:25 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\Windows\System32\drivers\pci.sys
2016-05-10 19:22:17 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\Windows\System32\drivers\fastfat.sys
2016-05-10 19:22:17 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2016-05-10 19:22:16 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2016-05-10 19:22:15 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\Windows\System32\drivers\UcmCx.sys
2016-05-10 19:22:15 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\Windows\System32\drivers\ufxsynopsys.sys
2016-05-10 19:22:14 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\Windows\System32\drivers\filecrypt.sys
2016-05-10 19:22:14 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\Windows\System32\drivers\pdc.sys
2016-05-10 19:22:12 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\Windows\System32\drivers\usbser.sys
2016-05-10 18:53:21 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-10 18:51:53 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-05-10 18:51:53 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-05-10 18:51:53 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

[HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"snpstd3"="C:\WINDOWS\vsnpstd3.exe"
"EPSON Stylus DX3800"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F C:\WINDOWS\TEMP\E_S7CE6.tmp /EF HKLM"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\AutoKMS.job --a-------- C:\Windows\AutoKMS\AutoKMS.exe [20.02.2016 12:45]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20.02.2016 13:03]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20.02.2016 13:03]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{2ECA34A4-5EDF-4F04-8435-C27DEE55C348}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[29.04.2016 15:53]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[15.04.2016 13:48]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

Google Drive - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Rapport - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
YouTube - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
IDM Integration Module - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Web Store Payments - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Mirajs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.marinetraffic.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Mirajs\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=15 folders=17 14217908 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Mirajs\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11.05.2016 at 12:44:54,63 ======================

Mirajs · Příspěvekod **Mirajs** » 11 kvě 2016 12:58

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mirajs on 11.05.2016 at 12:06:16,62.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mirajs\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

11.05.2016 12:08:03 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\Mirajs\AppData\Local\ActiveSync deleted successfully
C:\Users\Mirajs\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~3\EPSON deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-05-10 19:22:53 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Mirajs\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-05-10 19:29:07 FA7D63CF73A4D2417F10264B3C0772AB 829944 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-10 19:29:07 574539035D542491404203E7205E2532 176632 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 19:24:03 DFB54165665C7E369A59B273C91B90B0 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 19:24:03 40591C3BEBAEA638423B10863315D93F 87040 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 19:24:03 1159023FAA938BF54C7C033D2BC643BE 59904 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 19:24:02 52FEDEA32F2BBFCD3AAA83FD39852C1A 2061824 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 19:24:02 3A1BD59AF5A0D20438D1E44FCF5EA4E8 349696 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 19:24:01 3AEDE16F62921F443DDE37440C84B6F1 5205504 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 19:23:48 0561104CC8619EC5A53848F642434235 13018112 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 19:23:44 98DA2DE9A1AC739DF3750F7DABECC9CF 6295552 ----a-w- C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 19:23:44 6BC0E961EA78AFD90348C8E05896A7DC 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 19:23:44 0188F4F7264EE585DE518FD02DDD9F79 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 19:23:42 15F732C297CE4B169D85214A96A16559 792064 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 19:23:39 22120EE8EC8AC405618FEA768071E267 19344384 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 19:23:30 3A5C07D5517087143701DBEB749F0EF1 18676224 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 19:23:16 B6506139C8A4CE3BDD3B4EFDF63A87B5 348672 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 19:23:13 9CD20753821A4F28AA797B5C9A24050F 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 19:23:05 5D9BB3289D25FDEA1B2DD491C9771778 21123320 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 19:23:03 468AA89AF32BEE9D6B0ABBDF7C88CF20 5240960 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 19:23:02 9F6F693FD7738B8DA4B420E46E973F35 2919832 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 19:23:01 5A77C7C30E117F60ACCEF43E2EA6841D 12125696 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 19:23:00 A404EA688829EF2657431CB34D0C72DF 5660160 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 19:23:00 85ED26DB17B3270944C344E0E5B7C34A 1542816 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 19:22:59 FB01CB67364FF3AA677F0CFD8C958E50 5324288 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 19:22:50 FA6CCFE5305E3D276F06A104EAA83029 4759040 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 19:22:49 80785EA474D952CC0CB2CF936E36DDE0 3666432 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 19:22:49 692E62EA6039478321AE5D24A68E1FE2 4074160 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 19:22:48 717DDEC1ABA5678EDC9F2AF1044BAA69 2000896 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 19:22:40 4B71644224F39A390B6DCC482B3D582A 639488 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 19:22:40 2942FB92C23B77D3BD9D38117AF3663B 1557768 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 19:22:40 1D04327817511268754ED6F177DAD3E8 754176 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 19:22:38 1F90253211F8E102D814F4DE4D550B85 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 19:22:37 362C9AA8696C74CD38F1416FF866C25C 522176 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 19:22:36 35E635469515D564CE418DDCC7B7BC96 1500160 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 19:22:36 32A696B0A48CCCCE5FC8E8E572FD4E90 434688 ----a-w- C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 19:22:36 2CE163D00A7DA251D77F7B39E267382B 925064 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 19:22:35 E48F0A089D9BAE356BF14FE3A16B1147 489984 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 19:22:35 03B7C4D05DB7FF060E49FA900FCE627E 451928 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 19:22:34 25E42F5C3FDE0E96BF3C16814DC7A688 1372304 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 19:22:33 B91176A909798C7EAC28AB4FE786CA53 705536 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 19:22:33 30E3DC9ED2C6641709AC961CB7CE72BB 647680 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 19:22:32 4AE45F3077E79A3E3B22996F80DA9E7A 354304 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 19:22:31 D408D20295BA135DC1B9B181FADF78DD 255168 ----a-w- C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 19:22:30 4ECC2FAF9F29066636E06253C0D7FA06 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 19:22:29 318E2A6EC26C9703A5B273B015672660 388608 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 19:22:28 CD36155EE56E94B4E8830FA90822511F 503296 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 19:22:27 89C74675E6DE7888153B1F6644772774 1536088 ----a-w- C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 19:22:27 1B26C71109A2EA27DD6684719BF493EC 188256 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 19:22:26 9CAC58EBAFB3E32711920568810CDCD7 307200 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 19:22:26 122F8F0FAF690B88FBDE2DB097740AB6 569744 ----a-w- C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 19:22:25 10564E7A7EE807FF580E34A94ACF5590 1522152 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 19:22:24 8E8FBA400CD678AB46D46BB24921A051 342528 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 19:22:24 1587235261E629DFFAA0C39A72CAD1A6 667648 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 19:22:23 A825405D442EB9A2526468E16296DD58 513368 ----a-w- C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 19:22:23 9E6DBA611E99BE75589D6A358F54364F 137728 ----a-w- C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 19:22:22 E7BD4D15CDC5A1E162256CFADCA92344 1337240 ----a-w- C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 19:22:21 525FC35182F9660E2A7DCC75607535DC 707608 ----a-w- C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 19:22:20 A1A9DDD5C6A335C0B97423A2F75C9299 453472 ----a-w- C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 19:22:20 30F680D95B0CCABE46C775672C912C0A 306832 ----a-w- C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 19:22:19 9F8A026A9643F89B4E451539A7AAC0C9 50176 ----a-w- C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 19:22:19 5AEDC6D333BC8D8B1DE5928FCE2150DB 400896 ----a-w- C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 19:22:19 460CDD92C5283DCB9E35AF2B8DB7F200 461824 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 19:22:18 FAD56D0A789345614220D9B770DF400A 465760 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 19:22:17 25B0BAA64D6D62873FAA7719DB64015C 183904 ----a-w- C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 19:22:15 AB48B90C4DB88D2F31D1A6F460F76D29 241664 ----a-w- C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 19:22:14 E9E7FA1FC796ADC16A1169736EFC7AF3 84480 ----a-w- C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 19:22:14 96101F3B90BDE894A862CDF1B808A03F 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 19:22:13 DA97C8A8C517210E4ACA90E45C836E80 80896 ----a-w- C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 19:22:13 AA7CBB3B7A7BFC41E9EC4EF645797DFA 502104 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 19:22:13 0D19695F93813C63B4656E42536892FA 47104 ----a-w- C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 19:22:12 98DA8D97E83C73E7AD7A142A801E1898 2193408 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 19:22:11 F5814ED9E8B83F872FBDCB139B001C8A 23552 ----a-w- C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 19:22:11 89C06DA6E3B3C06F69E2CAFB3431CAF5 31232 ----a-w- C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 19:22:11 359765C7C700F7CED909A69C5DBBD943 140800 ----a-w- C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 19:22:11 3166A46AA132AACD035C7163108F2DA1 103936 ----a-w- C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 19:22:07 CD94405BB0A90B179E94BE23F4D2B79D 39424 ----a-w- C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 19:22:07 486919689633D1C0DADA718DF1A3E7FB 219648 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 19:22:06 8450005F7BA8662A64E3FB7B0C3EE836 51712 ----a-w- C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 19:22:06 51DF6FC12B5EF8CA87414D79C98CBC7A 395264 ----a-w- C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 19:22:06 3D3BBD2DA5660B0B6C9F6A8B9401648C 337920 ----a-w- C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 19:22:01 9B034D049D1C6EC9BED55D2F27D86ED9 2186 ----a-w- C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-09 14:40:11 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-05-09 14:40:11 BF9CAA33ADD4C21C118148B5CFC5494B 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-05-09 14:40:11 6F391E9286733CC6B34FC0FAB23B8DF3 103120 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-05-09 14:02:29 83EBA442F07AAB8D6375D2EEC945C46C 1868128 ----a-w- C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-05-09 14:02:21 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-05-10 20:12:44 DE4FA2E0FBF5D7CAF54977DE21949EC2 15703 ----a-w- C:\WINDOWS\Sysnative\OEMDefaultAssociations.xml
2016-05-10 19:24:02 FD60606E2E7F74D7104A5DA1210D38E6 460800 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll
2016-05-10 19:24:01 F1CC271FBAD94FBD3D69BC6BE443C33B 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll
2016-05-10 19:24:01 E4B5C9FEF4C8978CF75B584188868AF8 2582016 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2016-05-10 19:24:01 78A9EBBAC348ACD9AF5B72ECF90944A7 853504 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll
2016-05-10 19:24:00 1B8A57EC632457E909A06957CB216806 7200256 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll
2016-05-10 19:23:58 D2EF3FDF915BBA7C9832FA890DD4D85A 16984576 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2016-05-10 19:23:45 FA05A804701A1BF900577A0F7C14B59E 24604672 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2016-05-10 19:23:43 99DDB4A100F6013E6B6B269880F0C936 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll
2016-05-10 19:23:43 5FD7FDCE260C2ADE6CFFBC141657E8C0 939520 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll
2016-05-10 19:23:42 614EF7EFFE6896791CC8E4D045F37579 7977472 ----a-w- C:\WINDOWS\Sysnative\mos.dll
2016-05-10 19:23:41 A1144CA95D4C30449331D3DF39F295F9 970752 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll
2016-05-10 19:23:41 3602BE2186C15362DF2B5C489AC1B1D1 22379008 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2016-05-10 19:23:26 79BF53E386256057C30EF606DC3CFDFB 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll
2016-05-10 19:23:25 0BECECA1B6DA7B022FC9502D22B9E9B3 22561256 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2016-05-10 19:23:24 DBD087566420D945303C278A4FD90E60 440320 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll
2016-05-10 19:23:23 75A22EF6AC813D4FE63E30C3C292F871 11545088 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2016-05-10 19:23:19 24F2141493C1A2F6FDEC8C3FA5A95CDE 6605504 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2016-05-10 19:23:17 8F225A78F60DB08D4691C1C27CF644F2 6974464 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2016-05-10 19:23:12 5EED294E19B8293E4F0845CED31489BA 13383168 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2016-05-10 19:23:06 62D33462C8781DA354519488A571A9AD 7832576 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2016-05-10 19:23:03 5BDA53E18911DEAB35F03AA1C3213A78 3673424 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2016-05-10 19:23:00 03DE6DE0019FFC0DE60759A893BD8B3F 1819208 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2016-05-10 19:22:59 89FE1A65D15DE2AA9CBF86AA6A731557 7474528 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-05-10 19:22:57 F6718A9F2B5BFA1A42618F63BC890713 5502976 ----a-w- C:\WINDOWS\Sysnative\d2d1.dll
2016-05-10 19:22:55 7E500CCA3EC66C419F2E4BBDE8617647 4894208 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2016-05-10 19:22:52 F83E3BAEF5931399978A31753B22D0BE 713920 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll
2016-05-10 19:22:52 7539A3BF1DC12C53D6DDE078BE888951 190144 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe
2016-05-10 19:22:52 3F943A9A21814C6A394FBB8F1D4E622D 1401024 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll
2016-05-10 19:22:50 2A643E48326E427C6A43005EC29F314D 2444288 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2016-05-10 19:22:48 8A88DBA247BFF23BD284C2189F41FDA5 2280960 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2016-05-10 19:22:46 0BF8D8C7EC9FB15D6480A12101E88B71 606720 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll
2016-05-10 19:22:45 1A944DC7982279E73C4181DD5D50E021 3591168 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2016-05-10 19:22:45 19D88BF131158F4286294C372B4410B3 1946112 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2016-05-10 19:22:45 087FBBC026DCC0F693E91079B9901B7E 2166784 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2016-05-10 19:22:44 DE1C434F0F89C37687D34FB8A8E77B46 120320 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll
2016-05-10 19:22:44 B28EA19205448B34303D006D50E9E65A 74752 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll
2016-05-10 19:22:44 7DDC2D8133CC1CA646134CC450C02C15 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll
2016-05-10 19:22:44 77DE2FC672F423C2DFCF2A12DB74197C 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll
2016-05-10 19:22:44 56B24B359838BE86B013C2CFD38BDFC4 72704 ----a-w- C:\WINDOWS\Sysnative\moshost.dll
2016-05-10 19:22:44 489EDA0C433F5B0AA54033F523F2C80E 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll
2016-05-10 19:22:43 C57CBD3D0A4B832F3DC18250FC02C3DE 46784 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe
2016-05-10 19:22:43 AB17E08B47FECDAF0E1349797A6C41A4 1184960 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll
2016-05-10 19:22:42 F172E5709824756634091047826E7A9F 1319424 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2016-05-10 19:22:42 A8ECAFE7C58ABABA7CB1C377B7A7E309 984576 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2016-05-10 19:22:42 082DC7D3704A17FF022D70C577785254 2066432 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2016-05-10 19:22:41 191A50C760243B5B8E08E0A1CA0B1F7C 821760 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2016-05-10 19:22:40 A5C14F8FE076B41778C56F2414F5D246 650304 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2016-05-10 19:22:40 0C8655AAC4EA262F62B00DCDA4639819 2598912 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2016-05-10 19:22:39 DA5108028A00B865BBECB1980EB05EB8 1997328 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2016-05-10 19:22:39 C1D51970E74AB5FFE46FE624BFE900C6 1731072 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2016-05-10 19:22:39 6D8365722FBB3E58FC2B10FEA00BE840 514752 ----a-w- C:\WINDOWS\Sysnative\devinv.dll
2016-05-10 19:22:38 F75A1710366B5C6B02D3C061DAA4C578 529920 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll
2016-05-10 19:22:38 54D6AEA7933377556BBBEC5F45539922 673280 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2016-05-10 19:22:38 090AAD83736B45769D2688E3BC1AB80A 1092464 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll
2016-05-10 19:22:37 5C156EC4E44E30331BCC865A3B61D839 585728 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe
2016-05-10 19:22:37 0B28F2ACE5103586D322AD98FAA01309 870912 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll
2016-05-10 19:22:37 00A8CD22CCF7FA34501038C3C35186BD 498960 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2016-05-10 19:22:36 EBE067467C144B097CEF5F609F6ABF43 865792 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll
2016-05-10 19:22:36 D5D0D1345DEAC9D08A6A5B146A29ADBE 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2016-05-10 19:22:35 2453622FF2CCB1BA1DFA588207E9C7A4 294592 ----a-w- C:\WINDOWS\Sysnative\invagent.dll
2016-05-10 19:22:35 0676A6C9A6EECA48E14B9AE13B0E3508 1387520 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2016-05-10 19:22:34 ECF260CA5837CE3174AAAE450C1888C6 605184 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2016-05-10 19:22:34 8B4111E094EDDBED23EFA1FF8B5F314A 613376 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll
2016-05-10 19:22:34 86BE19C6A177AEB93302EA5C4FBE2D11 754664 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2016-05-10 19:22:34 70C5D325E1BBD9C771542375F9DE5711 303216 ----a-w- C:\WINDOWS\Sysnative\LockAppHost.exe
2016-05-10 19:22:34 1D7F891D7ADCE1A6824FCB57D6768E14 689152 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2016-05-10 19:22:33 CFF943806EBAD5CFAC26FD3DF304E79F 1073152 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll
2016-05-10 19:22:33 ACC6B16066D073AA0E20B044BFEF9CD1 471552 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2016-05-10 19:22:33 85A676350B7A349B1DFB47654FBF8C71 804352 ----a-w- C:\WINDOWS\Sysnative\jscript.dll
2016-05-10 19:22:33 5DA95027DF2317174E8C39B4A8D1FCD8 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2016-05-10 19:22:32 6EA247B3631FE0181583566B9D828B22 413536 ----a-w- C:\WINDOWS\Sysnative\wifitask.exe
2016-05-10 19:22:31 F1DF87BCF5429D48484E78FB1933326B 848896 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2016-05-10 19:22:31 A2953084546B1F46B5CCC7FC57A72C1B 314880 ----a-w- C:\WINDOWS\Sysnative\RDXTaskFactory.dll
2016-05-10 19:22:30 93C28A95FC5CA7F420343AC9693E05E6 1594920 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll
2016-05-10 19:22:30 82BC3D304654F8EBEFABDDC2AD70AFE3 497152 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll
2016-05-10 19:22:29 F5F7CE3E32536F1A37FB3972F27A814F 1399224 ----a-w- C:\WINDOWS\Sysnative\user32.dll
2016-05-10 19:22:29 A29004CC4FE3A06B5C71969F6411FD41 287232 ----a-w- C:\WINDOWS\Sysnative\provhandlers.dll
2016-05-10 19:22:29 52C95CFC459242ECBD8A557A197F6FF6 725776 ----a-w- C:\WINDOWS\Sysnative\SHCore.dll
2016-05-10 19:22:29 3CFA0EA6ABC10436D998F7958912387C 1848072 ----a-w- C:\WINDOWS\Sysnative\crypt32.dll
2016-05-10 19:22:28 F7DD01F464ED3ADB8477CD5FD1DE6CF4 356864 ----a-w- C:\WINDOWS\Sysnative\ActivationManager.dll
2016-05-10 19:22:28 ABF13620065E258771320165E0759761 1776768 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll
2016-05-10 19:22:28 82C4028BABC9BADCD89600F5084E4543 479232 ----a-w- C:\WINDOWS\Sysnative\schannel.dll
2016-05-10 19:22:28 810B7BA7636930BD6A21A93296FBCA51 292864 ----a-w- C:\WINDOWS\Sysnative\provengine.dll
2016-05-10 19:22:28 453EEF8F903DE266D9CB16313B5FA796 215040 ----a-w- C:\WINDOWS\Sysnative\aepic.dll
2016-05-10 19:22:27 F00A2E895B61858DBB3FE870495E37FA 210432 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll
2016-05-10 19:22:27 37E893F5A0BB0DCF89D8464F4D5E0C3D 217440 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll
2016-05-10 19:22:26 7F0318ECC1E6E566D02F218DD59CEA84 484352 ----a-w- C:\WINDOWS\Sysnative\DataSenseHandlers.dll
2016-05-10 19:22:25 C49BB15138D9A7AE2901692CA30E11D1 181248 ----a-w- C:\WINDOWS\Sysnative\shacct.dll
2016-05-10 19:22:25 5470B002C5E5D4DC8C4C330EAE8A685D 619296 ----a-w- C:\WINDOWS\Sysnative\d3d10level9.dll
2016-05-10 19:22:25 50E41D3203DA334DBBD2B3B6C7EA64CD 988672 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2016-05-10 19:22:25 1997A751EF0FB9889E6642428DC4CAB2 1161120 ----a-w- C:\WINDOWS\Sysnative\rpcrt4.dll
2016-05-10 19:22:24 FE42F8A07885E518ED1E846C93E4B78C 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2016-05-10 19:22:24 A55AB67676D0E90C279E36AF78EECCFA 515072 ----a-w- C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll
2016-05-10 19:22:23 E650C69B5CA9B786AD91E3E7F962A0EE 848896 ----a-w- C:\WINDOWS\Sysnative\samsrv.dll
2016-05-10 19:22:23 734B3E9E4DA94DD093C6759CA0C2AA1E 4775424 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2016-05-10 19:22:23 3655A59A1E16307F2F6475AC037C1EE4 87040 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2016-05-10 19:22:23 33C215D1F36A184FB0C0F83ECBE12B5B 351232 ----a-w- C:\WINDOWS\Sysnative\NgcCtnr.dll
2016-05-10 19:22:22 C991F0E48492D1550279F901AB2332B0 390496 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll
2016-05-10 19:22:22 C1C81AAF533552B3C4D9F11A5FF97700 291360 ----a-w- C:\WINDOWS\Sysnative\wininit.exe
2016-05-10 19:22:21 EED30CDEAB6E4B45CBF1BD5298952049 550656 ----a-w- C:\WINDOWS\Sysnative\directmanipulation.dll
2016-05-10 19:22:21 981F6C7FB2338CC7889BA4D37C1A9DCE 69632 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 19:22:21 7AAA9916AA10F4B0E9743798A5BA6549 649216 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll
2016-05-10 19:22:21 3C52661045548D78EC0EB76495CB978F 66560 ----a-w- C:\WINDOWS\Sysnative\MosHostClient.dll
2016-05-10 19:22:21 242DA5F2A6D9C5DFE2F99127BD2077A4 92352 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll
2016-05-10 19:22:21 0CFE0F27EC828D9659FD8BF3A529F7B1 166400 ----a-w- C:\WINDOWS\Sysnative\SubscriptionMgr.dll
2016-05-10 19:22:20 679DD4763AA8028B2F26651D3D02A2E1 582656 ----a-w- C:\WINDOWS\Sysnative\ngccredprov.dll
2016-05-10 19:22:20 0FB83658FBB2C5A18AB98C5C94DB9FAF 289792 ----a-w- C:\WINDOWS\Sysnative\NgcCtnrSvc.dll
2016-05-10 19:22:19 B9B902C12D6872DE9135B0A7C1ACA5A8 565600 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe
2016-05-10 19:22:19 B985F4CC9D63594D8D3DCADAC07F257E 130560 ----a-w- C:\WINDOWS\Sysnative\CloudDomainJoinDataModelServer.dll
2016-05-10 19:22:19 A1BFD44C6343BDF582828EAB6B4CBDE5 630784 ----a-w- C:\WINDOWS\Sysnative\PhoneProviders.dll
2016-05-10 19:22:19 5907323899BCEFA32BF6B002F2493C09 76288 ----a-w- C:\WINDOWS\Sysnative\ngcpopkeysrv.dll
2016-05-10 19:22:18 72229D3836EA9697F5E13AAEA85F8688 204048 ----a-w- C:\WINDOWS\Sysnative\rsaenh.dll
2016-05-10 19:22:17 E706406D61508D207F6B41CA4AD30891 127488 ----a-w- C:\WINDOWS\Sysnative\VEDataLayerHelpers.dll
2016-05-10 19:22:16 EDF39F56DDF4116DCC8779A65EF8D6C5 58208 ----a-w- C:\WINDOWS\Sysnative\dwminit.dll
2016-05-10 19:22:16 C1FCA0AED814F1E814700833EF8E0616 179712 ----a-w- C:\WINDOWS\Sysnative\BrowserSettingSync.dll
2016-05-10 19:22:16 7CEC266216126BC9A0E1072E1A7E5702 279040 ----a-w- C:\WINDOWS\Sysnative\ListSvc.dll
2016-05-10 19:22:16 45FA01F8B7971ACB65202038E34D04A3 86528 ----a-w- C:\WINDOWS\Sysnative\wpdbusenum.dll
2016-05-10 19:22:15 D906EFF6ADB6704071C903E62867AC23 696672 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2016-05-10 19:22:15 90A52EBAC043CFCA92E5F3DEAD4BBB4C 48128 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2016-05-10 19:22:15 5E903356FCDC2C7011E5341A1C2D48E9 192000 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll
2016-05-10 19:22:15 4766A523BD8265F3082662A49C382680 26408 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2016-05-10 19:22:14 DCC42EF91745E4AB13602B9A4D86DDC4 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll
2016-05-10 19:22:14 5DBA65D48CB7B17E241BB7430745C2E0 59392 ----a-w- C:\WINDOWS\Sysnative\hmkd.dll
2016-05-10 19:22:13 D0F9C288251907FD44B96837DBDF0A50 320000 ----a-w- C:\WINDOWS\Sysnative\cryptngc.dll
2016-05-10 19:22:13 C417C35D0B714320708A1C18673ACE6C 104448 ----a-w- C:\WINDOWS\Sysnative\BluetoothApis.dll
2016-05-10 19:22:12 0BFEB4862FC2422DAC67EE95C278ECE0 111616 ----a-w- C:\WINDOWS\Sysnative\updatepolicy.dll
2016-05-10 19:22:11 33931A5F8E8B4446C547B020409D66C4 436736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2016-05-10 19:22:08 AB1738C51C1C1F41A885467E7BB0D37B 285696 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll
2016-05-10 19:22:07 ED309332DA910BE791F40F09F6FC50B5 38400 ----a-w- C:\WINDOWS\Sysnative\ByteCodeGenerator.exe
2016-05-10 19:22:07 315CFB6974B5111E3E62E9A512C92B25 151040 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2016-05-10 19:22:07 09098FB07B47765865492C53B66E29E5 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2016-05-10 19:22:06 FE3A72E9BC5515509517D9BF41144252 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe
2016-05-10 19:22:06 C3534256AF526A16AADBA335AA99D58F 63488 ----a-w- C:\WINDOWS\Sysnative\wshbth.dll
2016-05-10 19:22:05 BD3F339FE542C30BB4A88F34A597728C 134656 ----a-w- C:\WINDOWS\Sysnative\wificonnapi.dll
2016-05-10 19:22:05 1AF7E0BA5D1AEA3DEF1CF05B070803FA 89600 ----a-w- C:\WINDOWS\Sysnative\NFCProvisioningPlugin.dll
2016-05-10 19:22:04 F70CB98E5669D44CBFA6F3EBF534977F 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll
2016-05-10 19:22:04 9C6EE1DE9CF7B77FF550A737816EB6DB 207360 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2016-05-10 19:22:01 9B034D049D1C6EC9BED55D2F27D86ED9 2186 ----a-w- C:\WINDOWS\Sysnative\AppxProvisioning.xml
2016-05-09 14:39:56 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe
2016-05-09 14:39:56 E2296A6174894682DF8F0FF29FDDCC82 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll
2016-05-09 14:39:55 C5FEF4B4A7FB961ECDB0AB07DBCF379E 124624 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll
====== C:\WINDOWS\Sysnative\drivers =====
2016-05-11 08:57:06 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2016-05-10 19:22:47 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2016-05-10 19:22:35 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2016-05-10 19:22:30 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2016-05-10 19:22:27 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2016-05-10 19:22:26 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdport.sys
2016-05-10 19:22:25 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys
2016-05-10 19:22:17 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys
2016-05-10 19:22:17 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2016-05-10 19:22:16 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys
2016-05-10 19:22:15 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\WINDOWS\Sysnative\drivers\UcmCx.sys
2016-05-10 19:22:15 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\WINDOWS\Sysnative\drivers\ufxsynopsys.sys
2016-05-10 19:22:14 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\WINDOWS\Sysnative\drivers\filecrypt.sys
2016-05-10 19:22:14 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2016-05-10 19:22:12 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys
2016-05-10 18:53:21 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-05-10 18:51:53 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-05-10 18:51:53 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-05-10 18:51:53 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2016-04-28 18:59:16 EF558A02D734A1403583E95CCEEC2487 27552 ----a-w- C:\WINDOWS\Sysnative\drivers\HWiNFO64A.SYS
2016-04-27 12:03:39 0D95E45D07A3E1DD08DD2FAD2E45DC06 209056 ----a-w- C:\WINDOWS\Sysnative\drivers\idmwfp.sys
2016-04-27 07:43:44 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-04-27 07:43:24 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2016-04-27 07:43:16 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2016-04-27 07:43:12 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2016-04-27 07:43:11 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys
2016-04-27 07:43:10 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2016-04-27 07:43:09 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2016-04-27 07:43:08 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys
2016-04-27 07:43:08 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2016-04-27 07:43:07 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2016-04-27 07:43:06 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2016-04-27 07:43:06 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2016-04-27 07:43:06 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys
2016-04-27 07:43:03 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\serial.sys
2016-04-27 07:43:03 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
====== C:\WINDOWS\Tasks ======
2016-05-11 06:08:50 8B0BB7B3CFADB2FE88A03629B2BAC752 992 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 06:08:49 4B5FD3F5600FA66E132F3DAD60714583 988 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 05:28:53 1ACD889FA801E82FA0395BFEEB06640D 306 ----a-w- C:\WINDOWS\Tasks\AutoKMS.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-05-10 16:43:55 -------- d-----w- C:\Program Files\trend micro
2016-05-09 14:43:05 -------- d-----w- C:\Program Files\Reference Assemblies
2016-05-09 14:43:05 -------- d-----w- C:\Program Files\MSBuild
2016-04-28 11:46:43 -------- d---a-w- C:\Program Files\HWiNFO64
======= C:\PROGRA~2 =====
2016-05-09 14:51:01 -------- d-----w- C:\PROGRA~2\Nero
2016-05-09 14:50:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Nero
2016-05-09 14:50:25 -------- d-----w- C:\PROGRA~2\COMMON~1\LightScribe
2016-05-09 14:43:06 -------- d-----w- C:\PROGRA~2\Reference Assemblies
======= C: =====
====== C:\Users\Mirajs\AppData\Roaming ======
2016-05-10 06:35:20 -------- d-----w- C:\Users\Mirajs\AppData\Local\Diagnostics
2016-04-28 11:11:29 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow
====== C:\Users\Mirajs ======
2016-05-11 05:40:28 -------- d-----w- C:\ProgramData\RogueKiller
2016-05-11 05:18:12 5E0F92EC9D98943F7C26C26FC2AEB1FE 24080968 ----a-w- C:\Users\Mirajs\Desktop\RogueKillerX64.exe
2016-05-11 05:18:06 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\Mirajs\Desktop\JRT.exe
2016-05-10 18:44:54 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
2016-05-10 17:26:59 -------- d-----r- C:\Users\Mirajs\3D Objects
2016-05-10 16:41:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Mirajs\Desktop\RSITx64.exe
2016-05-09 14:55:48 -------- d-----w- C:\ProgramData\LightScribe
2016-05-09 14:51:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-05-09 14:50:46 -------- d-----w- C:\ProgramData\Nero
2016-05-09 14:50:25 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-04-28 17:38:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2016-04-28 11:46:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

====== C: exe-files ==
2016-05-11 06:08:49 E8B364111F317A60DF073826E628FF6F 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe
2016-05-11 06:08:49 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe
2016-05-11 06:08:49 54D932590CEAB260ADC4FF79797B21D9 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe
2016-05-11 06:08:49 108CB30A5B4C5247E414A3086458FCFC 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe
2016-05-11 06:08:48 A425CDCEB9D26E9A5ABAFA259799D447 312472 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
2016-05-11 06:08:48 56FE3C885B0901601549E23E7A435984 250008 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
2016-05-11 06:08:48 50FCC5C822A6B4FC6F377EE9F9F37C7B 152216 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe
2016-05-11 06:08:48 13FF5C375BD0C702EA1252E79592692F 135832 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe
2016-05-11 06:08:45 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe
2016-05-11 05:31:20 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Mirajs\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2016-05-11 05:18:12 5E0F92EC9D98943F7C26C26FC2AEB1FE 24080968 ----a-w- C:\Users\Mirajs\Desktop\RogueKillerX64.exe
2016-05-11 05:18:06 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\Mirajs\Desktop\JRT.exe
2016-05-10 19:29:07 FA7D63CF73A4D2417F10264B3C0772AB 829944 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-10 19:23:33 57604326275B289CDE745D0EE73FCD19 9371488 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
2016-05-10 19:23:27 756B25CB4534BACE5EDA52AB7C638701 578048 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
2016-05-10 19:23:27 66757691048E094792EF2D26BA0C1909 219136 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
2016-05-10 19:23:22 1E9EA7C945FC9A113D3948D687F69F27 7344496 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2016-05-10 19:22:59 89FE1A65D15DE2AA9CBF86AA6A731557 7474528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-10 19:22:53 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\Windows\explorer.exe
2016-05-10 19:22:52 7539A3BF1DC12C53D6DDE078BE888951 190144 ----a-w- C:\Windows\System32\DeviceCensus.exe
2016-05-10 19:22:49 692E62EA6039478321AE5D24A68E1FE2 4074160 ----a-w- C:\Windows\SysWOW64\explorer.exe
2016-05-10 19:22:43 C57CBD3D0A4B832F3DC18250FC02C3DE 46784 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-05-10 19:22:39 80E0C2B28BEFADF8D6C8596A2E10CDFB 104448 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
2016-05-10 19:22:37 5C156EC4E44E30331BCC865A3B61D839 585728 ----a-w- C:\Windows\System32\winlogon.exe
2016-05-10 19:22:34 70C5D325E1BBD9C771542375F9DE5711 303216 ----a-w- C:\Windows\System32\LockAppHost.exe
2016-05-10 19:22:32 6EA247B3631FE0181583566B9D828B22 413536 ----a-w- C:\Windows\System32\wifitask.exe
2016-05-10 19:22:31 D408D20295BA135DC1B9B181FADF78DD 255168 ----a-w- C:\Windows\SysWOW64\LockAppHost.exe
2016-05-10 19:22:23 3655A59A1E16307F2F6475AC037C1EE4 87040 ----a-w- C:\Windows\System32\MDMAppInstaller.exe
2016-05-10 19:22:22 C1C81AAF533552B3C4D9F11A5FF97700 291360 ----a-w- C:\Windows\System32\wininit.exe
2016-05-10 19:22:19 B9B902C12D6872DE9135B0A7C1ACA5A8 565600 ----a-w- C:\Windows\System32\SettingSyncHost.exe
2016-05-10 19:22:18 FAD56D0A789345614220D9B770DF400A 465760 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-10 19:22:15 4766A523BD8265F3082662A49C382680 26408 ----a-w- C:\Windows\System32\wuauclt.exe
2016-05-10 19:22:14 EEC01707BA931B7113DE3E1CF7528F69 2095968 ----a-w- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2016-05-10 19:22:14 E004E3D268827C6F2E500411D95DF85E 493056 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2016-05-10 19:22:13 97FF7539F4E46E86A802CD5876549ACA 476160 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-05-10 19:22:11 89C06DA6E3B3C06F69E2CAFB3431CAF5 31232 ----a-w- C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-10 19:22:07 ED309332DA910BE791F40F09F6FC50B5 38400 ----a-w- C:\Windows\System32\ByteCodeGenerator.exe
2016-05-10 19:22:06 FE3A72E9BC5515509517D9BF41144252 414720 ----a-w- C:\Windows\System32\bcastdvr.exe
2016-05-10 18:44:54 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
2016-05-10 16:43:55 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Mirajs.exe
2016-05-10 16:41:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Mirajs\Desktop\RSITx64.exe
2016-05-09 14:40:11 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2016-05-09 14:39:56 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2016-05-09 11:23:42 F80F1A1E0B249D82931B9838B03B656A 6837304 ----a-w- C:\Users\Mirajs\AppData\Roaming\IDM\idmupdt.exe
2016-05-08 15:27:32 9A93245178D9DF8D386CDC4AB723E8DE 7874704 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\Packages\00008a80\DAO.20726304.exe
2016-05-08 15:27:32 664C017173451A4E6BCEDD1868777AA9 632048 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\Packages\00008a8b\CoProc update.20729581.exe
2016-05-08 15:27:01 B44883D6D51C8161E99C08DDEB784545 161992 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\CertImporter-1354.exe
2016-05-05 16:54:48 E85C4B4B84B9DB390BB6C5626A79DF58 779704 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2016-05-05 16:54:46 78D3F1ADDEBCA45AEA42ECC11F2248AE 322488 ----a-w- C:\Users\Mirajs\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
=== C: other files ==
2016-05-11 08:57:06 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2016-05-10 19:22:47 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-05-10 19:22:45 1A944DC7982279E73C4181DD5D50E021 3591168 ----a-w- C:\Windows\System32\win32kfull.sys
2016-05-10 19:22:35 0676A6C9A6EECA48E14B9AE13B0E3508 1387520 ----a-w- C:\Windows\System32\win32kbase.sys
2016-05-10 19:22:35 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2016-05-10 19:22:30 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2016-05-10 19:22:27 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-05-10 19:22:26 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\Windows\System32\drivers\sdport.sys
2016-05-10 19:22:25 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\Windows\System32\drivers\pci.sys
2016-05-10 19:22:17 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\Windows\System32\drivers\fastfat.sys
2016-05-10 19:22:17 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2016-05-10 19:22:16 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2016-05-10 19:22:15 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\Windows\System32\drivers\UcmCx.sys
2016-05-10 19:22:15 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\Windows\System32\drivers\ufxsynopsys.sys
2016-05-10 19:22:14 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\Windows\System32\drivers\filecrypt.sys
2016-05-10 19:22:14 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\Windows\System32\drivers\pdc.sys
2016-05-10 19:22:12 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\Windows\System32\drivers\usbser.sys
2016-05-10 18:53:21 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-10 18:51:53 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-05-10 18:51:53 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-05-10 18:51:53 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

[HKEY_USERS\S-1-5-21-2773746883-3701683770-2231874595-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"snpstd3"="C:\WINDOWS\vsnpstd3.exe"
"EPSON Stylus DX3800"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F C:\WINDOWS\TEMP\E_S7CE6.tmp /EF HKLM"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\AutoKMS.job --a-------- C:\Windows\AutoKMS\AutoKMS.exe [20.02.2016 12:45]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20.02.2016 13:03]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20.02.2016 13:03]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{2ECA34A4-5EDF-4F04-8435-C27DEE55C348}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[29.04.2016 15:53]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[15.04.2016 13:48]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

Google Drive - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Rapport - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
YouTube - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
IDM Integration Module - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Web Store Payments - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mirajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Mirajs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.marinetraffic.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mirajs\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Mirajs\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=15 folders=17 14217908 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Mirajs\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11.05.2016 at 12:44:54,63 ======================

Mirajs · Příspěvekod **Mirajs** » 11 kvě 2016 12:59

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:38, on 11.05.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)

Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\Mirajs\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: iReboot 2.0.lnk = C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Alcohol Virtual AHCI Controller Management Service (AxVirtualAHCISrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iReboot Background Service (iReboot) - NeoSmart Technologies - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11106 bytes

Příspěvekod **jaro3** » 11 kvě 2016 17:49

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mirajs\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Mirajs · Příspěvekod **Mirajs** » 11 kvě 2016 20:07

Děkuji za ochotu,
vše se zdá být v pořádku.

# DelFix v1.013 - Logfile created 11/05/2016 at 18:25:49
# Updated 17/04/2016 by Xplode
# Username : Mirajs - DESKTOP-MKIG306
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Mirajs\Desktop\adwcleaner_5.116.exe
Deleted : C:\Users\Mirajs\Desktop\JRT.exe
Deleted : C:\Users\Mirajs\Desktop\JRT.txt
Deleted : C:\Users\Mirajs\Desktop\HijackThis.exe
Deleted : C:\Users\Mirajs\Desktop\hijackthis.log
Deleted : C:\Users\Mirajs\Desktop\log.txt
Deleted : C:\Users\Mirajs\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Mirajs\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #7 [Windows Update | 04/22/2016 22:57:36]
Deleted : RP #8 [Instalační služba modulů systému Windows | 04/27/2016 13:51:23]
Deleted : RP #9 [Windows Update | 05/09/2016 09:59:01]
Deleted : RP #13 [zoek.exe restore point | 05/11/2016 10:07:34]

New restore point created !

########## - EOF - ##########

Preventivka Vyřešeno

Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka Vyřešeno

Kdo je online