PC-HELP.CZ

Ahojte,poprosil by som pomocť. Po štarte pc mi nabehne nejaký skript vbs.Ak pripojím usb kľúč k pc vytvorí sa na nom zložka Pictures->Images ako odkaz.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:46, on 12/10/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)

FIREFOX: 49.0.1 (x86 sk)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
C:\Users\drioton\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dare-U mouse] "C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [win2] wscript.exe //B "C:\Users\drioton\AppData\Roaming\win2.vbs"
O4 - HKLM\..\Run: [PART2W~1] wscript.exe //B "C:\Users\drioton\AppData\Roaming\WINDOW~1\PART2W~1.VBS"
O4 - HKCU\..\Run: [win2] wscript.exe //B "C:\Users\drioton\AppData\Roaming\win2.vbs"
O4 - HKCU\..\Run: [PART2W~1] wscript.exe //B "C:\Users\drioton\AppData\Roaming\WINDOW~1\PART2W~1.VBS"
O4 - HKCU\..\Run: [WarThunderLauncher] E:\Hry\WarThunder\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Real Player.lnk = ?
O4 - Startup: Update Explorer.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odosla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&osla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @oem14.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDFsam Manager - ANDREA VACONDIO - C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9823 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Dakujem za odpoved.Tu je 1 logfile:

# AdwCleaner v6.021 - *Logfile created 13/10/2016 *at 11:27:54
# *Updated on 06/10/2016 by ToolsLib
# *Database : 2016-10-13.1 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : drioton - LENOVO
# *Running from : C:\Users\drioton\Desktop\AdwCleaner.exe
# *Mode: Scan
# *Support : https://toolslib.net/forum



***** [ *Services ] *****

*No malicious services found.


***** [ *Folders ] *****

*No malicious folders found.


***** [ *Files ] *****

*No malicious files found.


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ *Shortcuts ] *****

*No infected shortcut found.


***** [ *Scheduled tasks ] *****

*No malicious task found.


***** [ *Registry ] *****

*Key Found: HKLM\SOFTWARE\Trymedia Systems


***** [ *Web browsers ] *****

*Firefox pref Found: [C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\prefs.js] - "extensions.foxcub.config.encodedConfig" - "{\"core\":{\"configUrl\":\"hxxp://download.seznam.cz/software/conf/\
*No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1178 *Bytes] - [13/10/2016 11:27:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1252 *Bytes] ##########

2. logfile

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum kontroly: 13/10/2016
Čas kontroly: 11:35
Protokol: mam.txt
Správca: Áno

Verzia: 2.2.1.1043
Dazabáza malware: v2016.10.13.06
Databáza rootkitov: v2016.09.26.02
Licencia: Bezplatná verzia
Ochrana pred škodlivým softvérom: Vypnuté
Ochrana pred škodlivými webstránkami: Vypnuté
Vlastná ochrana: Vypnuté

OS: Windows 10
CPU: x64
Súborový systém: NTFS
Používateľ: drioton

Typ kontroly: Kontrola hrozieb
Výsledok: Dokončená
Skontrolovaných objektov: 353511
Uplynulý čas: 4 min, 6 s

Pamäť: Zapnuté
Pri spustení: Zapnuté
Súborový systém: Zapnuté
Archívy: Zapnuté
Rootkity: Vypnuté
Heuristika: Zapnuté
PUP: Zapnuté
PUM: Zapnuté

Procesy: 0
(Žiadne škodlivé položky neboli zistené)

Moduly: 0
(Žiadne škodlivé položky neboli zistené)

Kľúče databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Hodnoty databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Údaj databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Priečinky: 0
(Žiadne škodlivé položky neboli zistené)

Súbory: 0
(Žiadne škodlivé položky neboli zistené)

Fyzické sektory: 0
(Žiadne škodlivé položky neboli zistené)


(end)

Dnes musim ist na sluzobku do zahranicia neviem ci tam budem mat net.Tak potom mozno nebudem odpisovat do utorku.Dakujem

F poho. Až to bude tak to bude.

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Tak som už doma :)

AdwCleaner
# AdwCleaner v6.021 - *Logfile created 16/10/2016 *at 21:21:36
# *Updated on 06/10/2016 by ToolsLib
# *Database : 2016-10-15.3 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : drioton - LENOVO
# *Running from : C:\Users\drioton\Desktop\AdwCleaner.exe
# *Mode: Clean
# *Support : https://toolslib.net/forum



***** [ *Services ] *****



***** [ *Folders ] *****



***** [ *Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Trymedia Systems


***** [ *Browsers ] *****

[-] *Firefox preferences cleaned:


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [833 *Bytes] - [16/10/2016 21:21:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [1332 *Bytes] - [13/10/2016 11:27:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1406 *Bytes] - [16/10/2016 21:20:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1054 *Bytes] ##########


JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by drioton (Administrator) on 16/10/2016 at 22:59:11.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/10/2016 at 22:59:51.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller:
RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : drioton [Administrator]
Started from : C:\Users\drioton\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 10/16/2016 23:08:55 (Duration : 00:19:50)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.20.30.1 ([]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ea1822b8-6417-4a10-8421-fe4fd7a005e6} | DhcpNameServer : 10.20.30.1 ([]) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Suspicious.Path|VT.Unknown][File] C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Player.lnk [LNK@] C:\Windows\System32\cmd.exe /c start C:\Users\drioton\AppData\Roaming\WINDOW~1\PART2W~1.VBS -> Found
[Suspicious.Path][File] C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Explorer.lnk [LNK@] C:\Windows\System32\cmd.exe /c start C:\Users\drioton\AppData\Roaming\win2.vbs -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][FIREFX:Config] fwfjwkuq.default : user_pref("browser.search.selectedEngine", ""); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-SSHD-8GB +++++
--- User ---
[MBR] 85f90ebee358fa9c97666f680203f515
[BSP] 47585877bccb418e05b582ca0f2cc177 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 203880448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 853866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.

Vlož nový log z HJT + informuj o problémech.

Pises ze Zoek moze trvat viac minut.Je cca 3 a pol hodiny este okej?Na Program Files DB Check je od 16:44

napřed udělej ten RK.

zkus zoek pustit v nouz. režimu.

RogueKill
RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : drioton [Administrator]
Started from : C:\Users\drioton\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 10/17/2016 16:17:49 (Duration : 00:20:38)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.20.30.1 ([]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ea1822b8-6417-4a10-8421-fe4fd7a005e6} | DhcpNameServer : 10.20.30.1 ([]) -> Replaced ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Suspicious.Path|VT.Type_VBS_Infector][File] C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Player.lnk [LNK@] C:\Windows\System32\cmd.exe /c start C:\Users\drioton\AppData\Roaming\WINDOW~1\PART2W~1.VBS -> Deleted
[Suspicious.Path][File] C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Explorer.lnk [LNK@] C:\Windows\System32\cmd.exe /c start C:\Users\drioton\AppData\Roaming\win2.vbs -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][FIREFX:Config] fwfjwkuq.default : user_pref("browser.search.selectedEngine", ""); -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-SSHD-8GB +++++
--- User ---
[MBR] 85f90ebee358fa9c97666f680203f515
[BSP] 47585877bccb418e05b582ca0f2cc177 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 203880448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 853866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Zoek

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by drioton on 18/10/2016 at 9:32:25.86.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\drioton\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-10-17-201651.log 3787 bytes
C:\zoek-results2016-10-17-212435.log 2051 bytes
C:\zoek-results2016-10-17-214751.log 2100 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_102016_0943_.backup
prefs_102016_2324_.backup
prefs_102016_2347_.backup

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default
- Undetermined - %ProfilePath%\extensions\@nepi-jano.xpi
- Undetermined - %ProfilePath%\extensions\info@youtube-mp3.org.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ
7FB1DC8C464CAFC230E7AD6392AE859B - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll - Shockwave Flash


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\drioton\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\drioton\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\drioton\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\drioton\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\drioton\AppData\Local\Mozilla\Firefox\Profiles\fwfjwkuq.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=52 folders=62 308190159 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\drioton\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 18/10/2016 at 9:47:05.34 ======================

HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:39, on 18/10/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)

FIREFOX: 49.0.1 (x86 sk)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe
C:\Users\drioton\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dare-U mouse] "C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [win2] wscript.exe //B "C:\Users\drioton\AppData\Roaming\win2.vbs"
O4 - HKLM\..\Run: [PART2W~1] wscript.exe //B "C:\Users\drioton\AppData\Roaming\WINDOW~1\PART2W~1.VBS"
O4 - HKCU\..\Run: [win2] wscript.exe //B "C:\Users\drioton\AppData\Roaming\win2.vbs"
O4 - HKCU\..\Run: [PART2W~1] wscript.exe //B "C:\Users\drioton\AppData\Roaming\WINDOW~1\PART2W~1.VBS"
O4 - HKCU\..\Run: [WarThunderLauncher] E:\Hry\WarThunder\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odosla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&osla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @oem14.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) - Unknown owner - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDFsam Manager - ANDREA VACONDIO - C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9659 bytes

Tak zopár reštartov a žiadne vbs ani script mi nenabehol.Ďakujem za pomoc

V HJT fixni:


Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu, pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by drioton (administrator) on LENOVO (18-10-2016 21:16:09)
Running from C:\Users\drioton\Desktop
Loaded Profiles: drioton (Available Profiles: drioton & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovak (Slovakia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [9309936 2015-08-30] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2016-07-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2016-07-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [406944 2015-09-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-26] (Synaptics Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-09-22] ()
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe [491520 2013-01-17] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-03-11] (CANON INC.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-09-07] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-1503572120-3979715750-2530224055-1000\...\MountPoints2: {4c80cc57-4e4f-11e6-bb4f-208984f95fec} - "H:\autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2016-10-18]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.20.30.1
Tcpip\..\Interfaces\{ea1822b8-6417-4a10-8421-fe4fd7a005e6}: [DhcpNameServer] 10.20.30.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1503572120-3979715750-2530224055-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-08-31] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-31] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fwfjwkuq.default
FF ProfilePath: C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default [2016-10-18]
FF NewTab: Mozilla\Firefox\Profiles\fwfjwkuq.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\fwfjwkuq.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\fwfjwkuq.default -> is enabled.
FF Extension: (Nepi Jano!) - C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\Extensions\@nepi-jano.xpi [2016-10-02]
FF Extension: (YouTube mp3) - C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\Extensions\info@youtube-mp3.org.xpi [2016-07-14]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04]
FF Extension: (Adblock Plus) - C:\Users\drioton\AppData\Roaming\Mozilla\Firefox\Profiles\fwfjwkuq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-14]
FF HKU\S-1-5-21-1503572120-3979715750-2530224055-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-15] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-15] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-09-22] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359848 2015-09-04] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-06-09] (Microsoft Corporation)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-09] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-26] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-09-07] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-08-09] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [794424 2016-09-07] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059440 2015-08-30] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-26] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-16] ()
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [462272 2016-09-07] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-18 21:16 - 2016-10-18 21:16 - 00014057 _____ C:\Users\drioton\Desktop\FRST.txt
2016-10-18 21:16 - 2016-10-18 21:16 - 00000000 ____D C:\FRST
2016-10-18 20:14 - 2016-10-18 21:16 - 02407424 _____ (Farbar) C:\Users\drioton\Desktop\FRST64.exe
2016-10-18 17:47 - 2016-10-18 17:47 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2016-10-18 17:46 - 2016-10-18 17:47 - 00439031 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2016-10-18 17:45 - 2016-10-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-10-18 17:44 - 2016-10-18 17:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-18 17:39 - 2016-10-18 21:12 - 395145276 _____ C:\Users\drioton\Desktop\ESET-Smart-Security-&-NOD32-Antivirus-10.0.337.3-(x86,x64)(CZ).rar
2016-10-18 17:35 - 2016-10-18 17:45 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-10-18 17:35 - 2016-10-18 17:35 - 00000000 ____D C:\ProgramData\CheckPoint
2016-10-18 17:13 - 2016-09-23 21:34 - 00000000 ____D C:\Users\drioton\Desktop\Richard Muller - 55 (2016)
2016-10-18 16:57 - 2016-10-18 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CineForm
2016-10-18 16:57 - 2016-10-18 16:57 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-10-18 16:51 - 2016-10-18 16:51 - 00000000 ____D C:\Users\drioton\AppData\Local\CrashDumps
2016-10-18 14:39 - 2016-10-18 21:15 - 00000000 ____D C:\Users\drioton\Desktop\Bezpečnosť
2016-10-18 09:45 - 2016-10-18 09:32 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-10-18 08:55 - 2016-10-18 08:55 - 00000000 ____D C:\ProgramData\Sophos
2016-10-18 08:55 - 2016-10-18 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-10-18 08:55 - 2016-10-18 08:55 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-10-17 21:53 - 2016-10-17 21:53 - 00000000 ____D C:\Users\drioton\.QtWebEngineProcess
2016-10-17 21:53 - 2016-10-17 21:53 - 00000000 ____D C:\Users\drioton\.GoPro
2016-10-17 21:52 - 2016-10-18 16:57 - 00000000 ____D C:\Program Files (x86)\CineForm
2016-10-17 21:52 - 2016-10-17 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2016-10-17 21:52 - 2016-10-17 21:52 - 00000000 ____D C:\Program Files\GoPro
2016-10-17 21:52 - 2016-10-17 21:52 - 00000000 ____D C:\Program Files (x86)\GoPro
2016-10-16 23:08 - 2016-10-16 23:08 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-10-16 23:08 - 2016-10-16 23:08 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-13 21:45 - 2016-10-13 21:45 - 00000000 ____D C:\Users\drioton\AppData\Local\CEF
2016-10-13 21:45 - 2016-10-13 21:45 - 00000000 ____D C:\Users\drioton\AppData\Local\Adobe
2016-10-13 12:08 - 2016-10-13 12:08 - 00000000 ____D C:\Users\drioton\AppData\Local\Viber
2016-10-13 11:34 - 2016-10-13 11:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-13 11:33 - 2016-10-13 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-13 11:32 - 2016-10-13 11:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-13 11:32 - 2016-10-13 11:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-13 11:32 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-13 11:32 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-13 11:32 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-13 11:24 - 2016-10-13 11:24 - 00367992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-12 07:29 - 2016-10-05 12:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 07:29 - 2016-10-05 12:13 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 07:29 - 2016-10-05 12:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-12 07:29 - 2016-10-05 12:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-12 07:29 - 2016-10-05 12:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-12 07:29 - 2016-10-05 12:09 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 07:29 - 2016-10-05 12:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-12 07:29 - 2016-10-05 11:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 07:29 - 2016-10-05 11:50 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 07:29 - 2016-10-05 11:45 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-12 07:29 - 2016-10-05 11:44 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-12 07:29 - 2016-10-05 11:41 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-12 07:29 - 2016-10-05 11:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-12 07:29 - 2016-10-05 11:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 07:29 - 2016-10-05 11:35 - 00327680 _____ C:\WINDOWS\system32\wc_storage.dll
2016-10-12 07:29 - 2016-10-05 11:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-12 07:29 - 2016-10-05 11:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 07:29 - 2016-10-05 11:34 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-12 07:29 - 2016-10-05 11:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-12 07:29 - 2016-10-05 11:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-12 07:29 - 2016-10-05 11:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-12 07:29 - 2016-10-05 11:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-12 07:29 - 2016-10-05 11:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-12 07:29 - 2016-10-05 11:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-12 07:29 - 2016-10-05 11:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 07:29 - 2016-10-05 11:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-12 07:29 - 2016-10-05 11:29 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-12 07:29 - 2016-10-05 11:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-12 07:29 - 2016-10-05 11:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-12 07:29 - 2016-10-05 11:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-12 07:29 - 2016-10-05 11:26 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 07:29 - 2016-10-05 11:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 07:29 - 2016-10-05 11:26 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-12 07:29 - 2016-10-05 11:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-12 07:29 - 2016-10-05 11:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-12 07:29 - 2016-10-05 11:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 07:29 - 2016-10-05 11:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-12 07:29 - 2016-10-05 11:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-12 07:29 - 2016-10-05 11:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-12 07:29 - 2016-10-05 11:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-12 07:29 - 2016-10-05 11:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-12 07:29 - 2016-10-05 11:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 07:29 - 2016-10-05 11:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 07:29 - 2016-10-05 11:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-12 07:29 - 2016-10-05 11:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 07:29 - 2016-10-05 11:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-12 07:29 - 2016-10-05 11:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-12 07:29 - 2016-10-05 11:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-12 07:29 - 2016-10-05 11:22 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 07:29 - 2016-10-05 11:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-12 07:29 - 2016-10-05 11:21 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-12 07:29 - 2016-10-05 11:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-12 07:29 - 2016-10-05 11:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-12 07:29 - 2016-10-05 11:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 07:29 - 2016-10-05 11:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-12 07:29 - 2016-10-05 11:19 - 02265088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-12 07:29 - 2016-10-05 11:19 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-12 07:29 - 2016-10-05 11:19 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 07:29 - 2016-10-05 11:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-12 07:29 - 2016-10-05 11:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-12 07:29 - 2016-10-05 11:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 07:29 - 2016-10-05 11:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 07:29 - 2016-10-05 11:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-12 07:29 - 2016-10-05 11:17 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 07:29 - 2016-10-05 11:16 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-12 07:29 - 2016-10-05 11:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 07:29 - 2016-10-05 11:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-12 07:29 - 2016-10-05 11:15 - 07625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 07:29 - 2016-10-05 11:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-12 07:29 - 2016-10-05 11:15 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-12 07:29 - 2016-10-05 11:15 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-12 07:29 - 2016-10-05 11:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-12 07:29 - 2016-10-05 11:14 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 07:29 - 2016-10-05 11:14 - 02667520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 07:29 - 2016-10-05 11:14 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 07:29 - 2016-10-05 11:14 - 01778176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 07:29 - 2016-10-05 11:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 07:29 - 2016-10-05 11:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 07:29 - 2016-10-05 11:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 07:29 - 2016-10-05 11:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-12 07:29 - 2016-10-05 11:11 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 07:29 - 2016-10-05 11:11 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-12 07:29 - 2016-10-05 11:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 07:29 - 2016-10-05 11:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-12 07:29 - 2016-10-05 11:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-12 07:29 - 2016-10-05 11:09 - 07467520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-12 07:29 - 2016-10-05 11:09 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 07:29 - 2016-10-05 11:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-12 07:29 - 2016-10-05 11:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 07:29 - 2016-10-05 11:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-12 07:29 - 2016-10-05 11:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 07:29 - 2016-10-05 11:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-12 07:29 - 2016-10-05 11:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-12 07:29 - 2016-10-05 11:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-12 07:29 - 2016-10-05 11:06 - 02254336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 07:29 - 2016-10-05 11:06 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 07:29 - 2016-10-05 11:06 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-12 07:29 - 2016-10-05 11:06 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 07:29 - 2016-10-05 11:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-12 07:29 - 2016-10-05 11:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-12 07:29 - 2016-09-07 07:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-12 07:28 - 2016-10-05 12:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-12 07:28 - 2016-10-05 12:34 - 01051104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 07:28 - 2016-10-05 12:34 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 07:28 - 2016-10-05 12:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 07:28 - 2016-10-05 12:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-12 07:28 - 2016-10-05 12:31 - 01353768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 07:28 - 2016-10-05 12:31 - 01172472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 07:28 - 2016-10-05 12:30 - 07812448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 07:28 - 2016-10-05 12:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-12 07:28 - 2016-10-05 12:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-12 07:28 - 2016-10-05 12:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-12 07:28 - 2016-10-05 12:12 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-12 07:28 - 2016-10-05 12:09 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-12 07:28 - 2016-10-05 12:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-12 07:28 - 2016-10-05 12:09 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-12 07:28 - 2016-10-05 12:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-12 07:28 - 2016-10-05 12:04 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-12 07:28 - 2016-10-05 12:04 - 00628032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-12 07:28 - 2016-10-05 12:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-12 07:28 - 2016-10-05 11:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 07:28 - 2016-10-05 11:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-12 07:28 - 2016-10-05 11:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-12 07:28 - 2016-10-05 11:46 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-12 07:28 - 2016-10-05 11:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-12 07:28 - 2016-10-05 11:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-12 07:28 - 2016-10-05 11:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-12 07:28 - 2016-10-05 11:36 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-10-12 07:28 - 2016-10-05 11:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-12 07:28 - 2016-10-05 11:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-12 07:28 - 2016-10-05 11:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-12 07:28 - 2016-10-05 11:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 07:28 - 2016-10-05 11:33 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-12 07:28 - 2016-10-05 11:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-12 07:28 - 2016-10-05 11:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-12 07:28 - 2016-10-05 11:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-12 07:28 - 2016-10-05 11:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-12 07:28 - 2016-10-05 11:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 07:28 - 2016-10-05 11:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-12 07:28 - 2016-10-05 11:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 07:28 - 2016-10-05 11:29 - 09129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 07:28 - 2016-10-05 11:29 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-12 07:28 - 2016-10-05 11:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-12 07:28 - 2016-10-05 11:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-12 07:28 - 2016-10-05 11:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-12 07:28 - 2016-10-05 11:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-12 07:28 - 2016-10-05 11:28 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-12 07:28 - 2016-10-05 11:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 07:28 - 2016-10-05 11:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 07:28 - 2016-10-05 11:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 07:28 - 2016-10-05 11:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-12 07:28 - 2016-10-05 11:24 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 07:28 - 2016-10-05 11:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-12 07:28 - 2016-10-05 11:22 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-12 07:28 - 2016-10-05 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-12 07:28 - 2016-10-05 11:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 07:28 - 2016-10-05 11:21 - 08075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-12 07:28 - 2016-10-05 11:21 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-12 07:28 - 2016-10-05 11:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-12 07:28 - 2016-10-05 11:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-12 07:28 - 2016-10-05 11:20 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-12 07:28 - 2016-10-05 11:18 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-12 07:28 - 2016-10-05 11:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 07:28 - 2016-10-05 11:18 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-12 07:28 - 2016-10-05 11:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-12 07:28 - 2016-10-05 11:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 07:28 - 2016-10-05 11:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-12 07:28 - 2016-10-05 11:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-12 07:28 - 2016-10-05 11:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 07:28 - 2016-10-05 11:15 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-12 07:28 - 2016-10-05 11:15 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 07:28 - 2016-10-05 11:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 07:28 - 2016-10-05 11:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-12 07:28 - 2016-10-05 11:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-12 07:28 - 2016-10-05 11:14 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-12 07:28 - 2016-10-05 11:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-12 07:28 - 2016-10-05 11:14 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-12 07:28 - 2016-10-05 11:14 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-12 07:28 - 2016-10-05 11:13 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 07:28 - 2016-10-05 11:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-12 07:28 - 2016-10-05 11:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-12 07:28 - 2016-10-05 11:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 07:28 - 2016-10-05 11:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 07:28 - 2016-10-05 11:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-12 07:28 - 2016-10-05 11:09 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-12 07:28 - 2016-10-05 11:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 07:28 - 2016-10-05 11:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-12 07:28 - 2016-10-05 11:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 07:28 - 2016-10-05 11:07 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-12 07:28 - 2016-10-05 11:06 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-12 07:28 - 2016-10-05 11:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-12 07:28 - 2016-10-05 11:06 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-12 07:28 - 2016-10-05 11:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 07:28 - 2016-10-05 02:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-09 20:27 - 2016-10-09 20:27 - 00888840 _____ C:\Users\drioton\Documents\IMG_20161009_0021.pdf
2016-10-09 20:27 - 2016-10-09 20:27 - 00631905 _____ C:\Users\drioton\Documents\IMG_20161009_0020.pdf
2016-10-09 20:26 - 2016-10-09 20:26 - 00638113 _____ C:\Users\drioton\Documents\IMG_20161009_0019.pdf
2016-10-09 20:25 - 2016-10-09 20:25 - 00699807 _____ C:\Users\drioton\Documents\IMG_20161009_0018.pdf
2016-10-09 20:18 - 2016-10-09 20:18 - 00640830 _____ C:\Users\drioton\Documents\IMG_20161009_0017.pdf
2016-10-09 20:17 - 2016-10-09 20:17 - 00610126 _____ C:\Users\drioton\Documents\IMG_20161009_0016.pdf
2016-10-09 20:17 - 2016-10-09 20:17 - 00000000 ____D C:\ProgramData\ANDREA VACONDIO
2016-10-09 20:16 - 2016-10-09 20:16 - 00654363 _____ C:\Users\drioton\Documents\IMG_20161009_0015.pdf
2016-10-09 20:15 - 2016-10-09 20:15 - 00747178 _____ C:\Users\drioton\Documents\IMG_20161009_0013.pdf
2016-10-09 20:15 - 2016-10-09 20:15 - 00573558 _____ C:\Users\drioton\Documents\IMG_20161009_0014.pdf
2016-10-09 20:14 - 2016-10-09 20:14 - 00813367 _____ C:\Users\drioton\Documents\IMG_20161009_0012.pdf
2016-10-09 20:14 - 2016-10-09 20:14 - 00467111 _____ C:\Users\drioton\Documents\IMG_20161009_0011.pdf
2016-10-09 20:13 - 2016-10-09 20:13 - 00922145 _____ C:\Users\drioton\Documents\IMG_20161009_0010.pdf
2016-10-09 20:13 - 2016-10-09 20:13 - 00897388 _____ C:\Users\drioton\Documents\IMG_20161009_0009.pdf
2016-10-09 20:12 - 2016-10-09 20:12 - 01061337 _____ C:\Users\drioton\Documents\IMG_20161009_0008.pdf
2016-10-09 20:11 - 2016-10-09 20:11 - 01095073 _____ C:\Users\drioton\Documents\IMG_20161009_0006.pdf
2016-10-09 20:11 - 2016-10-09 20:11 - 00895605 _____ C:\Users\drioton\Documents\IMG_20161009_0007.pdf
2016-10-09 20:10 - 2016-10-09 20:10 - 01167466 _____ C:\Users\drioton\Documents\IMG_20161009_0004.pdf
2016-10-09 20:10 - 2016-10-09 20:10 - 01081994 _____ C:\Users\drioton\Documents\IMG_20161009_0005.pdf
2016-10-09 20:09 - 2016-10-09 20:09 - 00666951 _____ C:\Users\drioton\Documents\IMG_20161009_0003.pdf
2016-10-09 20:08 - 2016-10-09 20:08 - 00788547 _____ C:\Users\drioton\Documents\IMG_20161009_0001.pdf
2016-10-09 20:08 - 2016-10-09 20:08 - 00784300 _____ C:\Users\drioton\Documents\IMG_20161009_0002.pdf
2016-10-09 20:07 - 2016-10-09 20:07 - 00000000 ____D C:\ProgramData\PDFsam Enhanced
2016-10-09 19:28 - 2016-10-09 19:28 - 00000000 ____D C:\Program Files\Canon

2016-10-06 18:14 - 2016-10-06 18:14 - 00000000 ____D C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multiecuscan
2016-10-06 12:02 - 2016-10-06 12:02 - 00000000 ____D C:\Users\drioton\AppData\Roaming\Windows32
2016-10-03 13:37 - 2016-10-11 17:21 - 00000000 ____D C:\Users\drioton\Documents\Lexicon
2016-10-03 13:32 - 2016-10-03 13:32 - 00000000 ____D C:\Program Files (x86)\Lingea
2016-10-01 09:46 - 2016-10-12 20:14 - 00000000 ____D C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Language Teacher
2016-10-01 09:37 - 2016-10-01 09:37 - 00081920 _____ (Borland International) C:\WINDOWS\SysWOW64\BIVBX11.DLL
2016-10-01 09:35 - 2016-10-01 09:35 - 00002455 _____ C:\WINDOWS\TRNCOM.INI
2016-10-01 09:35 - 2016-10-01 09:35 - 00000000 ____D C:\Users\drioton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Translator
2016-10-01 09:34 - 2016-10-01 09:35 - 00000000 ____D C:\Program Files (x86)\Translator
2016-10-01 09:33 - 2016-10-01 09:46 - 00000000 ____D C:\Users\drioton\AppData\Roaming\LangSoft
2016-10-01 09:33 - 2016-10-01 09:33 - 00000000 ____D C:\Users\Public\Documents\drioton
2016-09-30 23:08 - 2016-09-30 23:08 - 00000000 ____D C:\Users\drioton\AppData\Roaming\Publish Providers
2016-09-30 23:03 - 2016-09-30 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-09-30 23:02 - 2016-09-30 23:07 - 00000000 ____D C:\Users\drioton\AppData\Roaming\Sony
2016-09-30 23:02 - 2016-09-30 23:07 - 00000000 ____D C:\Users\drioton\AppData\Local\Sony
2016-09-30 23:02 - 2016-09-30 23:02 - 00000000 ____D C:\ProgramData\Sony
2016-09-30 23:02 - 2016-09-30 23:02 - 00000000 ____D C:\Program Files\Sony
2016-09-30 23:02 - 2016-09-30 23:02 - 00000000 ____D C:\Program Files (x86)\Sony
2016-09-30 19:01 - 2016-09-15 20:14 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-30 19:01 - 2016-09-15 19:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-09-30 19:01 - 2016-09-15 19:35 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-09-30 19:01 - 2016-09-15 19:33 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-09-30 19:01 - 2016-09-15 19:30 - 00646136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-09-30 19:01 - 2016-09-15 19:30 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-30 19:01 - 2016-09-15 19:29 - 01377016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-30 19:01 - 2016-09-15 19:29 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-09-30 19:01 - 2016-09-15 19:29 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-09-30 19:01 - 2016-09-15 19:29 - 00512416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-09-30 19:01 - 2016-09-15 19:29 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-30 19:01 - 2016-09-15 19:28 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-09-30 19:01 - 2016-09-15 19:27 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-30 19:01 - 2016-09-15 19:27 - 00553312 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-30 19:01 - 2016-09-15 19:27 - 00434528 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-09-30 19:01 - 2016-09-15 19:25 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 19:01 - 2016-09-15 19:23 - 00170960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-09-30 19:01 - 2016-09-15 19:22 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-09-30 19:01 - 2016-09-15 19:22 - 00860512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-30 19:01 - 2016-09-15 19:21 - 01218912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-30 19:01 - 2016-09-15 19:21 - 01000288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-30 19:01 - 2016-09-15 19:20 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-30 19:01 - 2016-09-15 19:20 - 00634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-09-30 19:01 - 2016-09-15 19:18 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-09-30 19:01 - 2016-09-15 19:18 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-30 19:01 - 2016-09-15 19:18 - 00955528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-30 19:01 - 2016-09-15 19:18 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-30 19:01 - 2016-09-15 19:16 - 02190176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-30 19:01 - 2016-09-15 19:16 - 01292640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-30 19:01 - 2016-09-15 19:16 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-30 19:01 - 2016-09-15 19:16 - 00657760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-30 19:01 - 2016-09-15 19:16 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-09-30 19:01 - 2016-09-15 19:15 - 00649568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-09-30 19:01 - 2016-09-15 19:15 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-30 19:01 - 2016-09-15 19:15 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-09-30 19:01 - 2016-09-15 19:14 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-30 19:01 - 2016-09-15 19:14 - 00119648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-09-30 19:01 - 2016-09-15 19:13 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-30 19:01 - 2016-09-15 19:13 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-09-30 19:01 - 2016-09-15 19:12 - 08158672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-30 19:01 - 2016-09-15 19:12 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-30 19:01 - 2016-09-15 19:11 - 04673296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-09-30 19:01 - 2016-09-15 19:11 - 00773168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-09-30 19:01 - 2016-09-15 19:10 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-09-30 19:01 - 2016-09-15 19:10 - 00918848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-09-30 19:01 - 2016-09-15 19:06 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-30 19:01 - 2016-09-15 19:06 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-30 19:01 - 2016-09-15 19:06 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-09-30 19:01 - 2016-09-15 19:06 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-09-30 19:01 - 2016-09-15 19:06 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-30 19:01 - 2016-09-15 19:03 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-30 19:01 - 2016-09-15 19:03 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-09-30 19:01 - 2016-09-15 19:03 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-09-30 19:01 - 2016-09-15 19:02 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-30 19:01 - 2016-09-15 19:01 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-09-30 19:01 - 2016-09-15 19:00 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-30 19:01 - 2016-09-15 18:59 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-09-30 19:01 - 2016-09-15 18:58 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-30 19:01 - 2016-09-15 18:58 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-09-30 19:01 - 2016-09-15 18:57 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2016-09-30 19:01 - 2016-09-15 18:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-30 19:01 - 2016-09-15 18:56 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-30 19:01 - 2016-09-15 18:56 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-09-30 19:01 - 2016-09-15 18:56 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2016-09-30 19:01 - 2016-09-15 18:56 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-09-30 19:01 - 2016-09-15 18:56 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-09-30 19:01 - 2016-09-15 18:55 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-09-30 19:01 - 2016-09-15 18:55 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-30 19:01 - 2016-09-15 18:55 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-09-30 19:01 - 2016-09-15 18:55 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 19:01 - 2016-09-15 18:55 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-09-30 19:01 - 2016-09-15 18:54 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-09-30 19:01 - 2016-09-15 18:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-09-30 19:01 - 2016-09-15 18:54 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-09-30 19:01 - 2016-09-15 18:53 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-30 19:01 - 2016-09-15 18:53 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-09-30 19:01 - 2016-09-15 18:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-09-30 19:01 - 2016-09-15 18:51 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-09-30 19:01 - 2016-09-15 18:51 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-09-30 19:01 - 2016-09-15 18:50 - 07219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-30 19:01 - 2016-09-15 18:50 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-30 19:01 - 2016-09-15 18:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-09-30 19:01 - 2016-09-15 18:49 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-09-30 19:01 - 2016-09-15 18:49 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-30 19:01 - 2016-09-15 18:47 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-09-30 19:01 - 2016-09-15 18:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-30 19:01 - 2016-09-15 18:46 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2016-09-30 19:01 - 2016-09-15 18:46 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-30 19:01 - 2016-09-15 18:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-09-30 19:01 - 2016-09-15 18:44 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-09-30 19:01 - 2016-09-15 18:43 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2016-09-30 19:01 - 2016-09-15 18:43 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-30 19:01 - 2016-09-15 18:43 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-30 19:01 - 2016-09-15 18:43 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-09-30 19:01 - 2016-09-15 18:43 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-09-30 19:01 - 2016-09-15 18:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-09-30 19:01 - 2016-09-15 18:42 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-30 19:01 - 2016-09-15 18:42 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-09-30 19:01 - 2016-09-15 18:41 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-09-30 19:01 - 2016-09-15 18:41 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-09-30 19:01 - 2016-09-15 18:41 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-09-30 19:01 - 2016-09-15 18:40 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-09-30 19:01 - 2016-09-15 18:39 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-09-30 19:01 - 2016-09-15 18:39 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-09-30 19:01 - 2016-09-15 18:39 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-09-30 19:01 - 2016-09-15 18:39 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-09-30 19:01 - 2016-09-15 18:39 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-30 19:01 - 2016-09-15 18:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-09-30 19:01 - 2016-09-15 18:38 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-09-30 19:01 - 2016-09-15 18:38 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-09-30 19:01 - 2016-09-15 18:38 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-09-30 19:01 - 2016-09-15 18:38 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-09-30 19:01 - 2016-09-15 18:38 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-09-30 19:01 - 2016-09-15 18:38 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-30 19:01 - 2016-09-15 18:38 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-09-30 19:01 - 2016-09-15 18:38 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-09-30 19:01 - 2016-09-15 18:37 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-30 19:01 - 2016-09-15 18:37 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-09-30 19:01 - 2016-09-15 18:37 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-09-30 19:01 - 2016-09-15 18:37 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-09-30 19:01 - 2016-09-15 18:37 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-30 19:01 - 2016-09-15 18:37 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-09-30 19:01 - 2016-09-15 18:36 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-09-30 19:01 - 2016-09-15 18:36 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-30 19:01 - 2016-09-15 18:36 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-09-30 19:01 - 2016-09-15 18:35 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 19:01 - 2016-09-15 18:34 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-09-30 19:01 - 2016-09-15 18:34 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-09-30 19:01 - 2016-09-15 18:34 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-09-30 19:01 - 2016-09-15 18:33 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-09-30 19:01 - 2016-09-15 18:33 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-09-30 19:01 - 2016-09-15 18:32 - 01037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-09-30 19:01 - 2016-09-15 18:32 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-09-30 19:01 - 2016-09-15 18:31 - 01912320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-30 19:01 - 2016-09-15 18:31 - 01553408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-30 19:01 - 2016-09-15 18:31 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-30 19:01 - 2016-09-15 18:31 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-09-30 19:01 - 2016-09-15 18:30 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-09-30 19:01 - 2016-09-15 18:30 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-30 19:01 - 2016-09-15 18:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-09-30 19:01 - 2016-09-15 18:30 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-30 19:01 - 2016-09-15 18:29 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-30 19:01 - 2016-09-15 18:29 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-30 19:01 - 2016-09-15 18:29 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-30 19:01 - 2016-09-15 18:28 - 03288064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-30 19:01 - 2016-09-15 18:28 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 19:01 - 2016-09-15 18:28 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-09-30 19:01 - 2016-09-15 18:27 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-09-30 19:01 - 2016-09-15 18:27 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-09-30 19:01 - 2016-09-15 18:27 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-09-30 19:01 - 2016-09-15 18:26 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-30 19:01 - 2016-09-15 18:26 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-30 19:01 - 2016-09-15 18:26 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-09-30 19:01 - 2016-09-15 18:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-09-30 19:01 - 2016-09-15 18:25 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-09-30 19:01 - 2016-09-15 18:25 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-30 19:01 - 2016-09-15 18:25 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-30 19:01 - 2016-09-15 18:25 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-09-30 19:01 - 2016-09-15 18:24 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-09-30 19:01 - 2016-09-15 18:23 - 03405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-09-30 19:01 - 2016-09-15 18:23 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-09-30 19:01 - 2016-09-15 18:23 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-09-30 19:01 - 2016-09-15 18:23 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-09-30 19:01 - 2016-09-15 18:23 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-09-30 19:01 - 2016-09-15 18:22 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-30 19:01 - 2016-09-15 18:22 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-30 19:01 - 2016-09-15 18:22 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-09-30 19:01 - 2016-09-15 18:22 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-30 19:01 - 2016-09-15 18:21 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-09-30 19:01 - 2016-09-15 18:21 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-30 19:01 - 2016-09-15 18:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-09-30 19:01 - 2016-09-15 18:21 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-09-30 19:01 - 2016-09-15 18:20 - 01535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-09-30 19:01 - 2016-09-15 18:20 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-09-30 19:01 - 2016-09-15 18:20 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-09-30 19:01 - 2016-09-15 18:20 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-09-30 19:01 - 2016-09-15 18:20 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-09-30 19:01 - 2016-09-15 18:19 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-09-30 19:01 - 2016-09-15 18:19 - 01130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-09-30 19:01 - 2016-09-15 18:19 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-09-30 19:01 - 2016-09-15 18:19 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-09-30 19:01 - 2016-09-15 18:19 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-30 19:01 - 2016-09-15 18:19 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-30 19:01 - 2016-09-15 18:16 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-30 19:01 - 2016-09-15 18:16 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-30 19:01 - 2016-09-15 18:16 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-09-30 19:01 - 2016-09-15 18:16 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-09-30 19:01 - 2016-08-05 10:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-30 19:01 - 2016-08-05 10:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-30 19:00 - 2016-09-15 19:37 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-30 19:00 - 2016-09-15 19:37 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-09-30 19:00 - 2016-09-15 19:37 - 00402352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-09-30 19:00 - 2016-09-15 19:35 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-30 19:00 - 2016-09-15 19:32 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-30 19:00 - 2016-09-15 19:29 - 00424640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-09-30 19:00 - 2016-09-15 19:29 - 00218008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-09-30 19:00 - 2016-09-15 19:29 - 00169056 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-09-30 19:00 - 2016-09-15 19:29 - 00074080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-09-30 19:00 - 2016-09-15 19:29 - 00023392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-09-30 19:00 - 2016-09-15 19:27 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-30 19:00 - 2016-09-15 19:27 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-30 19:00 - 2016-09-15 19:26 - 00090400 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-09-30 19:00 - 2016-09-15 19:25 - 00340320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-30 19:00 - 2016-09-15 19:25 - 00280472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-09-30 19:00 - 2016-09-15 19:25 - 00262960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-09-30 19:00 - 2016-09-15 19:24 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-30 19:00 - 2016-09-15 19:23 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-30 19:00 - 2016-09-15 19:22 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-30 19:00 - 2016-09-15 19:22 - 00433832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-09-30 19:00 - 2016-09-15 19:21 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-09-30 19:00 - 2016-09-15 19:19 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-30 19:00 - 2016-09-15 19:18 - 06654616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-30 19:00 - 2016-09-15 19:18 - 00856872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-09-30 19:00 - 2016-09-15 19:18 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-09-30 19:00 - 2016-09-15 19:17 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-09-30 19:00 - 2016-09-15 19:16 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-30 19:00 - 2016-09-15 19:16 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-30 19:00 - 2016-09-15 19:16 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-30 19:00 - 2016-09-15 19:16 - 00206096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-09-30 19:00 - 2016-09-15 19:15 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-09-30 19:00 - 2016-09-15 19:15 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-09-30 19:00 - 2016-09-15 19:15 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-30 19:00 - 2016-09-15 19:15 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-09-30 19:00 - 2016-09-15 19:14 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-09-30 19:00 - 2016-09-15 19:14 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-30 19:00 - 2016-09-15 19:14 - 00988512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-30 19:00 - 2016-09-15 19:14 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-30 19:00 - 2016-09-15 19:14 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-30 19:00 - 2016-09-15 19:14 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-30 19:00 - 2016-09-15 19:12 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-30 19:00 - 2016-09-15 19:11 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-30 19:00 - 2016-09-15 19:11 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-30 19:00 - 2016-09-15 19:11 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-30 19:00 - 2016-09-15 19:11 - 00862064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-09-30 19:00 - 2016-09-15 19:11 - 00725664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-30 19:00 - 2016-09-15 19:11 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-30 19:00 - 2016-09-15 19:08 - 05683712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-30 19:00 - 2016-09-15 19:07 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-09-30 19:00 - 2016-09-15 19:07 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-30 19:00 - 2016-09-15 19:07 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-30 19:00 - 2016-09-15 19:06 - 01046880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-09-30 19:00 - 2016-09-15 19:06 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-09-30 19:00 - 2016-09-15 19:03 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2016-09-30 19:00 - 2016-09-15 19:01 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-09-30 19:00 - 2016-09-15 19:00 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-09-30 19:00 - 2016-09-15 19:00 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-09-30 19:00 - 2016-09-15 19:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-09-30 19:00 - 2016-09-15 18:59 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-09-30 19:00 - 2016-09-15 18:59 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-09-30 19:00 - 2016-09-15 18:58 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-09-30 19:00 - 2016-09-15 18:58 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-09-30 19:00 - 2016-09-15 18:58 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-09-30 19:00 - 2016-09-15 18:58 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-09-30 19:00 - 2016-09-15 18:58 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 19:00 - 2016-09-15 18:58 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-09-30 19:00 - 2016-09-15 18:57 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2016-09-30 19:00 - 2016-09-15 18:57 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 19:00 - 2016-09-15 18:57 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-09-30 19:00 - 2016-09-15 18:57 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-30 19:00 - 2016-09-15 18:57 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-30 19:00 - 2016-09-15 18:56 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-09-30 19:00 - 2016-09-15 18:56 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2016-09-30 19:00 - 2016-09-15 18:56 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2016-09-30 19:00 - 2016-09-15 18:56 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-09-30 19:00 - 2016-09-15 18:56 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-09-30 19:00 - 2016-09-15 18:56 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-09-30 19:00 - 2016-09-15 18:55 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll