VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

okyy.vbs na FLASH disku

https://forum.viry.cz:443/viewtopic.php?t=148524

Stránka 1 z 1

okyy.vbs na FLASH disku

Napsal: 29 bře 2016 14:55
od MAO
Ahoj, dostal se mi do PC asi tento virus (okyy.vbs).

Zasilam LOG z USBFixu a nize z RSITu.

Diky za rady

############################## | UsbFix V 8.209 | [Research]

User: ZDENEK (Administrator) # ZDENEK-PC
Updated 29/03/2016 by SOSVirus
Started at 14:34:31 | 29/03/2016

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : http://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

CPU: AMD Athlon(tm) 64 Processor 3500+
GC: NVIDIA GeForce 7600 GS
RAM -> [Total : 2047 Mo | Free : 1064 Mo]
Boot: Normal boot

OS: Microsoft™ Windows 7 Ultimate (6.1.7600 64-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 49.0.2623.110
WB: Mozilla Firefox : 45.0.1

################## | Security Information |

AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 49 Gb (27 Gb free - 55%) [WIN 7] # NTFS
D:\ -> Fixed disk # 184 Gb (38 Gb free - 20%) [data] # NTFS
H:\ -> Removable disk # 15 Gb (15 Gb free - 100%) [] # FAT32

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
04 - HKLM\..\Run : [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
04 - [x64] HKLM\..\Run : [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
04 - [x64] HKLM\..\Run : [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1000\..\Run : [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
04 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1001\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1001\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found! C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\data.vbs
Found! H:\data.vbs
Found! H:\WinRAR_5.0_Final_3264_CZ.lnk
Found! C:\Users\ZDENEK\AppData\Local\Temp\data.vbs
Found! HKLM\Software\data
Found! [x64] HKLM\Software\data
Found! [x64] HKLM\Software\Microsoft\Windows\CurrentVersion\Run|data
Found! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|data
Found! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|data
Found! HKU\S-1-5-21-3523893362-1126149941-2516176848-1000\Software\Microsoft\Windows\CurrentVersion\Run|data

################## | UsbFix - Information |

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.

Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?

Analysed in 117.8 seconds

################## | E.O.F | http://www.sosvirus.net/ | https://www.usb-antivirus.com/ |





Logfile of random's system information tool 1.10 (written by random/random)
Run by ZDENEK at 2016-03-29 14:51:42
Microsoft Windows 7 Ultimate
System drive C: has 26 GB (52%) free of 50 GB
Total RAM: 2047 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:53, on 29.3.2016
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\UsbFix\UsbFix.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ZDENEK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
O4 - HKCU\..\Run: [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3523893362-1126149941-2516176848-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3523893362-1126149941-2516176848-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: data.vbs
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8084 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\KMSpico\Service_KMS.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe"
"C:\Windows\System32\wscript.exe" //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5e208871-26a5-447a-a94e-b7a9dcdf0830 -SystemEventPortName:HostProcess-726810be-b0cf-4472-9297-fd3cd050c2ac -IoCancelEventPortName:HostProcess-bf03e3b8-bb60-440b-bb2e-3cd67401561c -NonStateChangingEventPortName:HostProcess-038a0e94-8b9e-4496-be1d-5cd7c5372e6e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c3c38373-06ec-4f3a-816f-5371527d221f
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\UsbFix\UsbFix.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://www.usb-antivirus.com/report/?i ... 1b841c.txt
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3928 CREDAT:14337
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.110 --handshake-handle=0xc8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2936.0.1952360141\1217892345" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,25,54,64 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0392 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.783 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionProxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_61/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2936.5.179263196\800788792" /prefetch:1
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\ZDENEK\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://www.yessearches.com/chrome.php?u ... toolbar&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.197 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.197 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\
DD1B66D4.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [2010-04-09 291944]
"data"=wscript.exe //B C:\Users\ZDENEK\AppData\Local\Temp\data.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"data"=wscript.exe //B C:\Users\ZDENEK\AppData\Local\Temp\data.vbs []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"data"=wscript.exe //B C:\Users\ZDENEK\AppData\Local\Temp\data.vbs []

C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
data.vbs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-03-29 14:51:43 ----D---- C:\Program Files\trend micro
2016-03-29 14:51:42 ----D---- C:\rsit
2016-03-29 14:01:17 ----D---- C:\AdwCleaner
2016-03-29 13:50:02 ----D---- C:\UsbFix
2016-03-29 13:26:28 ----A---- C:\Windows\system32\Vestris.ResourceLib.dll
2016-03-29 13:26:26 ----D---- C:\Program Files\KMSpico
2016-03-29 13:21:15 ----D---- C:\Users\ZDENEK\AppData\Roaming\Macromedia
2016-03-29 13:21:15 ----D---- C:\Users\ZDENEK\AppData\Roaming\Adobe
2016-03-29 13:20:35 ----D---- C:\Windows\AutoKMS
2016-03-29 13:18:19 ----D---- C:\ProgramData\Microsoft Toolkit
2016-03-29 13:11:51 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-03-29 13:11:22 ----D---- C:\Windows\PCHEALTH
2016-03-29 13:11:22 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2016-03-29 13:09:20 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-03-29 13:08:51 ----D---- C:\ProgramData\Microsoft Help
2016-03-29 13:08:01 ----D---- C:\Program Files (x86)\Microsoft Office
2016-03-29 13:07:44 ----D---- C:\Program Files\Microsoft Office
2016-03-29 13:06:53 ----RHD---- C:\MSOCache
2016-03-29 12:04:27 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-03-29 12:02:03 ----A---- C:\Windows\system32\drivers\dtliteusbbus.sys
2016-03-29 12:00:28 ----D---- C:\Users\ZDENEK\AppData\Roaming\DAEMON Tools Lite
2016-03-29 12:00:28 ----A---- C:\Windows\system32\drivers\dtlitescsibus.sys
2016-03-29 12:00:10 ----D---- C:\ProgramData\DAEMON Tools Lite
2016-03-29 12:00:09 ----D---- C:\ProgramData\RogueKiller
2016-03-29 11:47:54 ----D---- C:\Program Files (x86)\ESET
2016-03-29 11:06:08 ----D---- C:\ProgramData\DriverGenius
2016-03-29 10:46:32 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-03-29 10:45:22 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2016-03-29 10:45:22 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2016-03-29 10:45:22 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2016-03-29 10:45:22 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2016-03-29 10:45:22 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2016-03-29 10:45:22 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2016-03-29 10:45:22 ----A---- C:\Windows\system32\PresentationHost.exe
2016-03-29 10:45:22 ----A---- C:\Windows\system32\netfxperf.dll
2016-03-29 10:45:22 ----A---- C:\Windows\system32\mscoree.dll
2016-03-29 10:45:22 ----A---- C:\Windows\system32\dfshim.dll
2016-03-29 10:44:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-29 10:44:34 ----D---- C:\Windows\SYSWOW64\Macromed
2016-03-29 10:44:30 ----D---- C:\Windows\system32\Macromed
2016-03-29 10:40:58 ----D---- C:\Program Files (x86)\Adobe
2016-03-29 10:40:39 ----D---- C:\ProgramData\Adobe
2016-03-29 10:28:42 ----D---- C:\Program Files\Common Files\LogiShrd
2016-03-29 10:28:36 ----D---- C:\Users\ZDENEK\AppData\Roaming\Logitech
2016-03-29 10:28:36 ----D---- C:\Users\ZDENEK\AppData\Roaming\Logishrd
2016-03-29 09:15:26 ----D---- C:\Windows\SYSWOW64\sda
2016-03-29 09:14:56 ----A---- C:\Windows\system32\RtCRX64.dll
2016-03-29 09:14:56 ----A---- C:\Windows\system32\drivers\RtsUer.sys
2016-03-29 09:14:55 ----D---- C:\Program Files (x86)\Realtek
2016-03-29 09:14:55 ----A---- C:\Windows\SYSWOW64\RsCRIcon.dll
2016-03-29 09:10:20 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-03-29 09:10:10 ----D---- C:\ProgramData\NVIDIA
2016-03-29 09:09:49 ----A---- C:\Windows\system32\nvvsvc.exe
2016-03-29 09:09:49 ----A---- C:\Windows\system32\nvsvcr.dll
2016-03-29 09:09:49 ----A---- C:\Windows\system32\nvsvc64.dll
2016-03-29 09:09:49 ----A---- C:\Windows\system32\nvshext.dll
2016-03-29 09:09:49 ----A---- C:\Windows\system32\nvmctray.dll
2016-03-29 09:09:49 ----A---- C:\Windows\system32\nvcpl.dll
2016-03-29 09:08:58 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2016-03-29 09:08:58 ----A---- C:\Windows\system32\OpenCL.dll
2016-03-29 09:08:35 ----D---- C:\ProgramData\NVIDIA Corporation
2016-03-29 09:07:53 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2016-03-29 09:07:53 ----A---- C:\Windows\system32\nvopencl.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2016-03-29 09:07:52 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvoglv64.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvdispgenco64.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvdispco64.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvcuvid.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvcuvenc.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvcuda.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvcompiler.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\nvapi64.dll
2016-03-29 09:07:52 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2016-03-29 09:04:50 ----D---- C:\Program Files\WinRAR
2016-03-29 09:04:31 ----D---- C:\Users\ZDENEK\AppData\Roaming\WinRAR
2016-03-29 09:00:21 ----D---- C:\Users\ZDENEK\AppData\Roaming\GHISLER
2016-03-29 09:00:21 ----D---- C:\totalcmd
2016-03-29 08:59:00 ----SHD---- C:\Windows\Installer
2016-03-29 08:58:17 ----D---- C:\Program Files (x86)\WinRAR
2016-03-29 08:54:21 ----D---- C:\Program Files (x86)\Google
2016-03-29 08:53:27 ----D---- C:\Users\ZDENEK\AppData\Roaming\Mozilla
2016-03-29 08:53:17 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-29 08:53:15 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-29 08:45:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-03-29 08:45:04 ----D---- C:\Program Files\NVIDIA Corporation
2016-03-29 08:45:04 ----A---- C:\Windows\system32\cohelper.dll
2016-03-29 08:44:45 ----D---- C:\NVIDIA
2016-03-29 08:06:03 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2016-03-29 08:06:03 ----A---- C:\Windows\system32\poqexec.exe
2016-03-29 08:04:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-03-29 08:04:44 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-03-29 08:04:44 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-03-29 08:04:44 ----A---- C:\Windows\system32\smss.exe
2016-03-29 08:04:44 ----A---- C:\Windows\system32\csrsrv.dll
2016-03-29 08:04:43 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-03-29 08:04:41 ----A---- C:\Windows\system32\win32k.sys
2016-03-29 08:04:40 ----A---- C:\Windows\system32\drivers\usbhub.sys
2016-03-29 08:04:40 ----A---- C:\Windows\system32\drivers\usbehci.sys
2016-03-29 08:03:34 ----N---- C:\Windows\system32\MpSigStub.exe
2016-03-29 07:59:42 ----A---- C:\Windows\system32\wups2.dll
2016-03-29 07:59:42 ----A---- C:\Windows\system32\wucltux.dll
2016-03-29 07:59:42 ----A---- C:\Windows\system32\wuauclt.exe
2016-03-29 07:59:41 ----A---- C:\Windows\system32\wuaueng.dll
2016-03-29 07:59:30 ----A---- C:\Windows\system32\wups.dll
2016-03-29 07:59:30 ----A---- C:\Windows\system32\wudriver.dll
2016-03-29 07:59:29 ----A---- C:\Windows\system32\wuapi.dll
2016-03-29 07:59:23 ----A---- C:\Windows\system32\wuwebv.dll
2016-03-29 07:59:23 ----A---- C:\Windows\system32\wuapp.exe
2016-03-24 10:57:36 ----D---- C:\Users\ZDENEK\AppData\Roaming\Identities
2016-03-24 10:56:59 ----SD---- C:\Users\ZDENEK\AppData\Roaming\Microsoft
2016-03-24 10:56:59 ----D---- C:\Users\ZDENEK\AppData\Roaming\Media Center Programs
2016-03-24 10:54:35 ----SHD---- C:\Recovery
2016-03-24 10:54:34 ----SHD---- C:\ProgramData\Šablony
2016-03-24 10:54:34 ----SHD---- C:\ProgramData\Plocha
2016-03-24 10:54:34 ----SHD---- C:\ProgramData\Oblíbené položky
2016-03-24 10:54:34 ----SHD---- C:\ProgramData\Nabídka Start
2016-03-24 10:54:34 ----SHD---- C:\ProgramData\Dokumenty
2016-03-24 10:54:34 ----SHD---- C:\ProgramData\Data aplikací
2016-03-24 10:47:02 ----D---- C:\Windows\SoftwareDistribution
2016-03-24 10:43:22 ----D---- C:\Windows\Prefetch
2016-03-24 10:43:14 ----ASH---- C:\pagefile.sys
2016-03-24 10:43:13 ----SHD---- C:\System Volume Information
2016-03-24 10:43:13 ----ASH---- C:\hiberfil.sys
2016-03-24 10:42:39 ----D---- C:\Windows\Panther
2016-03-24 10:42:27 ----RASH---- C:\BOOTSECT.BAK
2016-03-24 10:42:25 ----SHD---- C:\Boot

======List of files/folders modified in the last 1 month======

2016-03-29 14:51:43 ----RD---- C:\Program Files
2016-03-29 14:39:07 ----D---- C:\Windows\Temp
2016-03-29 14:36:43 ----D---- C:\Windows\system32\config
2016-03-29 14:25:40 ----D---- C:\Windows\system32\catroot
2016-03-29 14:25:39 ----D---- C:\Windows\system32\catroot2
2016-03-29 14:17:43 ----D---- C:\Windows\System32
2016-03-29 14:17:43 ----D---- C:\Windows\inf
2016-03-29 14:17:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-29 14:14:00 ----D---- C:\Windows\system32\Tasks
2016-03-29 14:10:56 ----RD---- C:\Program Files (x86)
2016-03-29 13:58:39 ----D---- C:\Windows\winsxs
2016-03-29 13:25:30 ----D---- C:\Windows\Microsoft.NET
2016-03-29 13:25:29 ----RSD---- C:\Windows\assembly
2016-03-29 13:18:19 ----HD---- C:\ProgramData
2016-03-29 13:13:23 ----D---- C:\Windows
2016-03-29 13:12:44 ----RSD---- C:\Windows\Fonts
2016-03-29 13:12:34 ----D---- C:\Windows\ShellNew
2016-03-29 13:12:24 ----D---- C:\Windows\SysWOW64
2016-03-29 13:12:24 ----D---- C:\Program Files (x86)\Common Files
2016-03-29 13:09:58 ----A---- C:\Windows\win.ini
2016-03-29 13:09:01 ----SD---- C:\ProgramData\Microsoft
2016-03-29 13:08:32 ----D---- C:\Windows\system32\DriverStore
2016-03-29 13:08:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-03-29 13:03:19 ----D---- C:\Windows\system32\LogFiles
2016-03-29 13:03:08 ----D---- C:\Windows\system32\wdi
2016-03-29 12:04:27 ----D---- C:\Windows\system32\drivers
2016-03-29 10:48:04 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-03-29 10:48:04 ----D---- C:\Windows\system32\cs-CZ
2016-03-29 10:46:35 ----D---- C:\Windows\SYSWOW64\en-US
2016-03-29 10:46:35 ----D---- C:\Windows\system32\en-US
2016-03-29 10:44:37 ----D---- C:\Windows\Tasks
2016-03-29 10:28:42 ----D---- C:\Program Files\Common Files
2016-03-29 09:19:45 ----D---- C:\Windows\AppPatch
2016-03-29 09:10:24 ----RD---- C:\Users
2016-03-29 08:45:45 ----D---- C:\Windows\Help
2016-03-29 08:03:07 ----D---- C:\Windows\Logs
2016-03-29 07:59:03 ----D---- C:\Windows\system32\restore
2016-03-24 11:06:32 ----D---- C:\Windows\system32\CodeIntegrity
2016-03-24 10:57:30 ----SHD---- C:\$Recycle.Bin
2016-03-24 10:54:34 ----D---- C:\Program Files\Windows NT
2016-03-24 10:54:26 ----D---- C:\Windows\debug
2016-03-24 10:49:16 ----D---- C:\Windows\system32\sysprep
2016-03-24 10:48:01 ----D---- C:\Windows\system32\drivers\UMDF
2016-03-24 10:44:04 ----D---- C:\Windows\CSC
2016-03-24 10:42:09 ----D---- C:\Windows\Setup

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-09 244328]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-03-04 349416]
R3 RTSUER;Realtek USB Card Reader - UER; C:\Windows\system32\Drivers\RtsUer.sys [2015-10-15 408280]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-03-29 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-03-29 47672]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2016-03-29 24688]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-31 1259296]
R2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2015-08-09 985280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-29 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29 154440]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-16 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Re: okyy.vbs na FLASH disku

Napsal: 29 bře 2016 17:34
od Rudy
Zdravím!
Jak je na tom váš oper. systém s legalitou?

Re: okyy.vbs na FLASH disku

Napsal: 29 bře 2016 18:17
od MAO
Dobry den, OS je legalni (klic nalepen na bedne), KMSpico je tam kvuli office, na ty zatim nezbyly penize.

Dekuji

Re: okyy.vbs na FLASH disku

Napsal: 29 bře 2016 19:12
od Rudy
OK. Udělejte tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: okyy.vbs na FLASH disku

Napsal: 30 bře 2016 08:51
od MAO
OTL Extras logfile created on: 30.3.2016 7:41:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ZDENEK\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,75% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 21,74 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 37,54 Gb Free Space | 20,39% Space Free | Partition Type: NTFS
Drive H: | 14,89 Gb Total Space | 14,89 Gb Free Space | 99,97% Space Free | Partition Type: FAT32

Computer Name: ZDENEK-PC | User Name: ZDENEK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3523893362-1126149941-2516176848-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BBA77379-C7EE-4795-AF53-09EE771C4DB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
"{EFE6869F-EB0B-4019-B463-5F74770A246A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{257C353F-CD7F-4E28-8113-FA588BABF52F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{316F6D39-BBFC-493D-8A56-2E20A8F77674}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{4F19CD50-E337-4C48-A205-D54A5E8E2725}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{57985E2B-D530-45CE-9275-BC61A4199197}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{A390754D-39BA-4F4C-B1EE-A77D54DED45B}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C6B09556-7D79-4802-8638-EBCF9D1C16F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1" = KMSpico
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2013
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 5.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{90150000-0015-0405-0000-0000000FF1CE}" = Microsoft Access MUI (Czech) 2013
"{90150000-0016-0405-0000-0000000FF1CE}" = Microsoft Excel MUI (Czech) 2013
"{90150000-0018-0405-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Czech) 2013
"{90150000-0019-0405-0000-0000000FF1CE}" = Microsoft Publisher MUI (Czech) 2013
"{90150000-001A-0405-0000-0000000FF1CE}" = Microsoft Outlook MUI (Czech) 2013
"{90150000-001B-0405-0000-0000000FF1CE}" = Microsoft Word MUI (Czech) 2013
"{90150000-001F-0405-0000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-041B-0000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2013
"{90150000-0044-0405-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Czech) 2013
"{90150000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2013
"{90150000-0090-0405-0000-0000000FF1CE}" = Microsoft DCF MUI (Czech) 2013
"{90150000-00A1-0405-0000-0000000FF1CE}" = Microsoft OneNote MUI (Czech) 2013
"{90150000-00BA-0405-0000-0000000FF1CE}" = Microsoft Groove MUI (Czech) 2013
"{90150000-00E1-0405-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Czech) 2013
"{90150000-00E2-0405-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Czech) 2013
"{90150000-012B-0405-0000-0000000FF1CE}" = Microsoft Lync MUI (Czech) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Czech
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Mozilla Firefox 45.0.1 (x86 cs)" = Mozilla Firefox 45.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"Usbfix" = UsbFix

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.3.2016 2:17:59 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 30.3.2016 2:18:03 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 30.3.2016 2:18:04 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 30.3.2016 2:18:04 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 30.3.2016 2:18:04 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 30.3.2016 2:18:06 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 30.3.2016 2:37:30 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 30.3.2016 2:37:31 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 30.3.2016 2:37:31 | Computer Name = ZDENEK-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 30.3.2016 2:37:56 | Computer Name = ZDENEK-PC | Source = ESENT | ID = 215
Description = WinMail (3028) WindowsMail0: Zálohování bylo ukončeno, protože bylo
zastaveno klientem nebo protože se nezdařilo připojení ke klientovi.

[ System Events ]
Error - 29.3.2016 9:08:28 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 29.3.2016 9:08:28 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7031
Description = Služba Instalační služba modulů systému Windows byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund:
Restartovat službu.

Error - 29.3.2016 9:08:58 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující
chybě: %%1056

Error - 29.3.2016 9:09:40 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7043
Description = Služba Windows Update se po přijetí pokynu pro vypnutí neukončila
správně.

Error - 29.3.2016 9:15:34 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby LanmanServer bylo dosaženo časového
limitu (30000 ms).

Error - 30.3.2016 2:14:21 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Update přestala během spouštění reagovat.

Error - 30.3.2016 2:18:44 | Computer Name = ZDENEK-PC | Source = DCOM | ID = 10010
Description =

Error - 30.3.2016 2:23:30 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7043
Description = Služba Windows Update se po přijetí pokynu pro vypnutí neukončila
správně.

Error - 30.3.2016 2:24:03 | Computer Name = ZDENEK-PC | Source = Service Control Manager | ID = 7043
Description = Služba Instalační služba modulů systému Windows se po přijetí pokynu
pro vypnutí neukončila správně.

Error - 30.3.2016 2:37:17 | Computer Name = ZDENEK-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Re: okyy.vbs na FLASH disku

Napsal: 30 bře 2016 08:57
od MAO
OTL logfile created on: 30.3.2016 7:41:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ZDENEK\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,75% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 21,74 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 37,54 Gb Free Space | 20,39% Space Free | Partition Type: NTFS
Drive H: | 14,89 Gb Total Space | 14,89 Gb Free Space | 99,97% Space Free | Partition Type: FAT32

Computer Name: ZDENEK-PC | User Name: ZDENEK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016.03.30 07:40:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ZDENEK\Downloads\OTL.exe
PRC - [2016.03.16 02:47:10 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015.12.13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.31 12:27:28 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2015.08.09 23:41:36 | 000,985,280 | ---- | M] (@ByELDI) [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016.03.29 10:44:36 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016.03.16 02:47:32 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.12.13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.31 12:27:28 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016.03.29 12:04:27 | 000,024,688 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2016.03.29 12:02:03 | 000,047,672 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtliteusbbus.sys -- (dtliteusbbus)
DRV:64bit: - [2016.03.29 12:00:28 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2015.10.15 16:08:42 | 000,408,280 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.03.04 18:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3523893362-1126149941-2516176848-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3523893362-1126149941-2516176848-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3523893362-1126149941-2516176848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016.03.29 14:59:32 | 000,000,000 | ---D | M]

[2016.03.29 08:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZDENEK\AppData\Roaming\Mozilla\Extensions
[2016.03.29 13:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions
[2016.03.29 10:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\telj3kjp.default\extensions
[2016.03.29 08:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015.02.10 14:13:12 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\ZDENEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs" File not found
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1000..\Run: [data] wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs" File not found
O4 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\data.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3523893362-1126149941-2516176848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2072CDEF-D044-430E-8ABD-180D59A0C0E3}: DhcpNameServer = 192.168.0.250
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7dc3f224-f595-11e5-92b5-0017318b3a3e}\Shell - "" = AutoRun
O33 - MountPoints2\{7dc3f224-f595-11e5-92b5-0017318b3a3e}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{7dc3f224-f595-11e5-92b5-0017318b3a3e}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{7dc3f224-f595-11e5-92b5-0017318b3a3e}\Shell\install\command - "" = I:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2016.03.30 07:44:32 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016.03.30 07:44:32 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016.03.30 07:44:32 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016.03.30 07:43:21 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016.03.30 07:43:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016.03.29 15:33:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2016.03.29 15:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2016.03.29 15:02:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016.03.29 14:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2016.03.29 14:51:42 | 000,000,000 | ---D | C] -- C:\rsit
[2016.03.29 14:46:56 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2016.03.29 14:46:56 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2016.03.29 14:46:46 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2016.03.29 14:46:40 | 003,715,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2016.03.29 14:46:40 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2016.03.29 14:46:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2016.03.29 14:46:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2016.03.29 14:46:36 | 003,215,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2016.03.29 14:46:33 | 001,109,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2016.03.29 14:46:33 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2016.03.29 14:46:33 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2016.03.29 14:46:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssrvlic.dll
[2016.03.29 14:46:31 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2016.03.29 14:46:31 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pmcsnap.dll
[2016.03.29 14:46:30 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016.03.29 14:46:30 | 002,314,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2016.03.29 14:46:28 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2016.03.29 14:46:28 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2016.03.29 14:46:28 | 001,731,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016.03.29 14:46:28 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2016.03.29 14:46:28 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2016.03.29 14:46:27 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2016.03.29 14:46:27 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2016.03.29 14:46:26 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2016.03.29 14:46:26 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2016.03.29 14:46:26 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2016.03.29 14:46:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2016.03.29 14:46:26 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2016.03.29 14:46:25 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016.03.29 14:46:25 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016.03.29 14:46:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2016.03.29 14:46:25 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2016.03.29 14:46:24 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2016.03.29 14:46:24 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ppcsnap.dll
[2016.03.29 14:46:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PushPrinterConnections.exe
[2016.03.29 14:46:22 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2016.03.29 14:46:22 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2016.03.29 14:46:21 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2016.03.29 14:46:21 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2016.03.29 14:46:20 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2016.03.29 14:46:20 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2016.03.29 14:46:20 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2016.03.29 14:46:20 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2016.03.29 14:46:20 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2016.03.29 14:46:19 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2016.03.29 14:46:19 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NaturalLanguage6.dll
[2016.03.29 14:46:18 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2016.03.29 14:46:18 | 002,872,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2016.03.29 14:46:18 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2016.03.29 14:46:18 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2016.03.29 14:46:17 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016.03.29 14:46:16 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2016.03.29 14:46:16 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2016.03.29 14:46:16 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2016.03.29 14:46:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2016.03.29 14:46:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2016.03.29 14:46:15 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2016.03.29 14:46:15 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpdd.dll
[2016.03.29 14:46:15 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2016.03.29 14:46:15 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2016.03.29 14:46:14 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2016.03.29 14:46:14 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2016.03.29 14:46:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2016.03.29 14:46:14 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2016.03.29 14:46:14 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2016.03.29 14:46:14 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2016.03.29 14:46:14 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2016.03.29 14:46:13 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2016.03.29 14:46:12 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuthFWSnapin.dll
[2016.03.29 14:46:12 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthFWSnapin.dll
[2016.03.29 14:46:12 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2016.03.29 14:46:12 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFolder.dll
[2016.03.29 14:46:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016.03.29 14:46:10 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2016.03.29 14:46:10 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2016.03.29 14:46:08 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2016.03.29 14:46:08 | 001,456,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2016.03.29 14:46:08 | 000,079,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvgumd32.dll
[2016.03.29 14:46:07 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2016.03.29 14:46:07 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2016.03.29 14:46:07 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016.03.29 14:46:06 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016.03.29 14:46:06 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2016.03.29 14:46:06 | 000,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2016.03.29 14:46:06 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2016.03.29 14:46:06 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqmapi.dll
[2016.03.29 14:46:05 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2016.03.29 14:46:05 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2016.03.29 14:46:05 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2016.03.29 14:46:05 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2016.03.29 14:46:04 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2016.03.29 14:46:04 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2016.03.29 14:46:04 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2016.03.29 14:46:04 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2016.03.29 14:46:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PushPrinterConnections.exe
[2016.03.29 14:46:03 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2016.03.29 14:46:03 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werconcpl.dll
[2016.03.29 14:46:03 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2016.03.29 14:46:03 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016.03.29 14:46:03 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2016.03.29 14:46:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2016.03.29 14:46:02 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2016.03.29 14:46:02 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2016.03.29 14:46:02 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2016.03.29 14:46:02 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016.03.29 14:46:02 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2016.03.29 14:46:02 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LSCSHostPolicy.dll
[2016.03.29 14:46:01 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2016.03.29 14:46:01 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2016.03.29 14:46:01 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016.03.29 14:46:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2016.03.29 14:46:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2016.03.29 14:46:01 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016.03.29 14:46:01 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2016.03.29 14:46:00 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2016.03.29 14:46:00 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2016.03.29 14:46:00 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2016.03.29 14:46:00 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2016.03.29 14:46:00 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2016.03.29 14:46:00 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsmf.dll
[2016.03.29 14:46:00 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2016.03.29 14:46:00 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2016.03.29 14:45:59 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2016.03.29 14:45:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2016.03.29 14:45:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2016.03.29 14:45:59 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpshell.exe
[2016.03.29 14:45:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmonui.dll
[2016.03.29 14:45:58 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2016.03.29 14:45:58 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2016.03.29 14:45:58 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2016.03.29 14:45:58 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2016.03.29 14:45:58 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2016.03.29 14:45:58 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appmgr.dll
[2016.03.29 14:45:58 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2016.03.29 14:45:58 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.exe
[2016.03.29 14:45:58 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2016.03.29 14:45:57 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2016.03.29 14:45:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2016.03.29 14:45:57 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2016.03.29 14:45:57 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2016.03.29 14:45:57 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2016.03.29 14:45:57 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2016.03.29 14:45:57 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsmf.dll
[2016.03.29 14:45:57 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2016.03.29 14:45:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3api.dll
[2016.03.29 14:45:56 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2016.03.29 14:45:56 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2016.03.29 14:45:56 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2016.03.29 14:45:56 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENT.DLL
[2016.03.29 14:45:55 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Vault.dll
[2016.03.29 14:45:54 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2016.03.29 14:45:54 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2016.03.29 14:45:54 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2016.03.29 14:45:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2016.03.29 14:45:54 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2016.03.29 14:45:54 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2016.03.29 14:45:54 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2016.03.29 14:45:54 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016.03.29 14:45:54 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmd.exe
[2016.03.29 14:45:54 | 000,281,600 | ---- | C] (Microsoft) -- C:\Windows\SysNative\DShowRdpFilter.dll
[2016.03.29 14:45:53 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2016.03.29 14:45:53 | 001,118,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2016.03.29 14:45:53 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2016.03.29 14:45:53 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2016.03.29 14:45:53 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2016.03.29 14:45:52 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2016.03.29 14:45:52 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016.03.29 14:45:52 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2016.03.29 14:45:52 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sxs.dll
[2016.03.29 14:45:52 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2016.03.29 14:45:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016.03.29 14:45:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2016.03.29 14:45:52 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2016.03.29 14:45:52 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcbuilder.exe
[2016.03.29 14:45:52 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscobj.dll
[2016.03.29 14:45:51 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2016.03.29 14:45:51 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2016.03.29 14:45:51 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2016.03.29 14:45:51 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2016.03.29 14:45:51 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2016.03.29 14:45:51 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgprint.dll
[2016.03.29 14:45:51 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2016.03.29 14:45:51 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2016.03.29 14:45:50 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2016.03.29 14:45:50 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2016.03.29 14:45:50 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2016.03.29 14:45:50 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2016.03.29 14:45:50 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2016.03.29 14:45:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2016.03.29 14:45:50 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2016.03.29 14:45:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp.dll
[2016.03.29 14:45:50 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3api.dll
[2016.03.29 14:45:50 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2016.03.29 14:45:49 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016.03.29 14:45:49 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
[2016.03.29 14:45:49 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prncache.dll
[2016.03.29 14:45:48 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2016.03.29 14:45:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2016.03.29 14:45:48 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2016.03.29 14:45:48 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2016.03.29 14:45:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2016.03.29 14:45:48 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2016.03.29 14:45:48 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll
[2016.03.29 14:45:47 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2016.03.29 14:45:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2016.03.29 14:45:47 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2016.03.29 14:45:47 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2016.03.29 14:45:47 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2016.03.29 14:45:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tspubwmi.dll
[2016.03.29 14:45:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2016.03.29 14:45:46 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2016.03.29 14:45:46 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2016.03.29 14:45:46 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2016.03.29 14:45:46 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2016.03.29 14:45:46 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2016.03.29 14:45:46 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2016.03.29 14:45:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
[2016.03.29 14:45:46 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2016.03.29 14:45:46 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2016.03.29 14:45:46 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2016.03.29 14:45:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2016.03.29 14:45:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016.03.29 14:45:45 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmicsvc.exe
[2016.03.29 14:45:45 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2016.03.29 14:45:45 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tscfgwmi.dll
[2016.03.29 14:45:45 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpinit.exe
[2016.03.29 14:45:45 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fde.dll
[2016.03.29 14:45:44 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localsec.dll
[2016.03.29 14:45:44 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2016.03.29 14:45:44 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2016.03.29 14:45:44 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netdiagfx.dll
[2016.03.29 14:45:44 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2016.03.29 14:45:44 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016.03.29 14:45:44 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2016.03.29 14:45:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2016.03.29 14:45:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2016.03.29 14:45:44 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp.dll
[2016.03.29 14:45:43 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2016.03.29 14:45:43 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2016.03.29 14:45:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSHVHOST.DLL
[2016.03.29 14:45:43 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2016.03.29 14:45:43 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netid.dll
[2016.03.29 14:45:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2016.03.29 14:45:42 | 002,746,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2016.03.29 14:45:42 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2016.03.29 14:45:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biocpl.dll
[2016.03.29 14:45:42 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscui.dll
[2016.03.29 14:45:42 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2016.03.29 14:45:42 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appmgr.dll
[2016.03.29 14:45:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2016.03.29 14:45:40 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2016.03.29 14:45:40 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2016.03.29 14:45:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016.03.29 14:45:40 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspbda.dll
[2016.03.29 14:45:40 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2016.03.29 14:45:40 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016.03.29 14:45:40 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2016.03.29 14:45:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2016.03.29 14:45:39 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2016.03.29 14:45:39 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AdmTmpl.dll
[2016.03.29 14:45:39 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2016.03.29 14:45:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2016.03.29 14:45:39 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2016.03.29 14:45:39 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016.03.29 14:45:39 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2016.03.29 14:45:39 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2016.03.29 14:45:39 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitagent.exe
[2016.03.29 14:45:38 | 003,211,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2016.03.29 14:45:38 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallControlPanel.dll
[2016.03.29 14:45:38 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbghelp.dll
[2016.03.29 14:45:38 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2016.03.29 14:45:38 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2016.03.29 14:45:38 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2016.03.29 14:45:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2016.03.29 14:45:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2016.03.29 14:45:38 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2016.03.29 14:45:38 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2016.03.29 14:45:37 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2016.03.29 14:45:37 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2016.03.29 14:45:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2016.03.29 14:45:37 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXP.dll
[2016.03.29 14:45:37 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2016.03.29 14:45:37 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2016.03.29 14:45:37 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2016.03.29 14:45:37 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cfgmgr32.dll
[2016.03.29 14:45:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetapi.dll
[2016.03.29 14:45:36 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2016.03.29 14:45:36 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2016.03.29 14:45:36 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2016.03.29 14:45:36 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2016.03.29 14:45:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2016.03.29 14:45:36 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2016.03.29 14:45:36 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2016.03.29 14:45:36 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2016.03.29 14:45:36 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2016.03.29 14:45:36 | 000,128,000 | ---- | C] (Microsoft) -- C:\Windows\SysNative\Robocopy.exe
[2016.03.29 14:45:36 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys
[2016.03.29 14:45:35 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2016.03.29 14:45:35 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxpTaskSync.dll
[2016.03.29 14:45:35 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2016.03.29 14:45:35 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2016.03.29 14:45:35 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2016.03.29 14:45:35 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2016.03.29 14:45:34 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2016.03.29 14:45:34 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\puiobj.dll
[2016.03.29 14:45:34 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016.03.29 14:45:34 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2016.03.29 14:45:34 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2016.03.29 14:45:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016.03.29 14:45:34 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2016.03.29 14:45:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prncache.dll
[2016.03.29 14:45:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2016.03.29 14:45:33 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2016.03.29 14:45:33 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
[2016.03.29 14:45:33 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrptadm.dll
[2016.03.29 14:45:33 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2016.03.29 14:45:33 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2016.03.29 14:45:32 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2016.03.29 14:45:32 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2016.03.29 14:45:32 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2016.03.29 14:45:32 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
[2016.03.29 14:45:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016.03.29 14:45:31 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2016.03.29 14:45:31 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016.03.29 14:45:28 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2016.03.29 14:45:28 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdengin2.dll
[2016.03.29 14:45:28 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2016.03.29 14:45:28 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2016.03.29 14:45:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2016.03.29 14:45:28 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2016.03.29 14:45:28 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2016.03.29 14:45:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2016.03.29 14:45:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2016.03.29 14:45:27 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2016.03.29 14:45:27 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiadefui.dll
[2016.03.29 14:45:27 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2016.03.29 14:45:27 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2016.03.29 14:45:27 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2016.03.29 14:45:27 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSHVHOST.DLL
[2016.03.29 14:45:27 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2016.03.29 14:45:27 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2016.03.29 14:45:27 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2016.03.29 14:45:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samcli.dll
[2016.03.29 14:45:27 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2016.03.29 14:45:26 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2016.03.29 14:45:26 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2016.03.29 14:45:26 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2016.03.29 14:45:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2016.03.29 14:45:26 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrptadm.dll
[2016.03.29 14:45:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2016.03.29 14:45:26 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2016.03.29 14:45:26 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2016.03.29 14:45:26 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netdiagfx.dll
[2016.03.29 14:45:26 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fde.dll
[2016.03.29 14:45:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2016.03.29 14:45:26 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QUTIL.DLL
[2016.03.29 14:45:26 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcl.exe
[2016.03.29 14:45:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2016.03.29 14:45:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2016.03.29 14:45:25 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TabletPC.cpl
[2016.03.29 14:45:25 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016.03.29 14:45:25 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2016.03.29 14:45:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscobj.dll
[2016.03.29 14:45:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2016.03.29 14:45:24 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2016.03.29 14:45:24 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2016.03.29 14:45:24 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgcpl.dll
[2016.03.29 14:45:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2016.03.29 14:45:24 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msconfig.exe
[2016.03.29 14:45:24 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2016.03.29 14:45:24 | 000,166,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2016.03.29 14:45:24 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdeploy.dll
[2016.03.29 14:45:24 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsmproxy.dll
[2016.03.29 14:45:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2016.03.29 14:45:23 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016.03.29 14:45:23 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WFS.exe
[2016.03.29 14:45:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2016.03.29 14:45:23 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2016.03.29 14:45:23 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
[2016.03.29 14:45:23 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2016.03.29 14:45:23 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2016.03.29 14:45:23 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016.03.29 14:45:23 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2016.03.29 14:45:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2016.03.29 14:45:23 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2016.03.29 14:45:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2016.03.29 14:45:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2016.03.29 14:45:22 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoncli.dll
[2016.03.29 14:45:22 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2016.03.29 14:45:22 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RpcRtRemote.dll
[2016.03.29 14:45:21 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2016.03.29 14:45:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2016.03.29 14:45:21 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sharemediacpl.dll
[2016.03.29 14:45:21 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2016.03.29 14:45:20 | 002,193,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2016.03.29 14:45:20 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2016.03.29 14:45:20 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nci.dll
[2016.03.29 14:45:15 | 002,250,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsCpl.dll
[2016.03.29 14:45:15 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2016.03.29 14:45:14 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Narrator.exe
[2016.03.29 14:45:14 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2016.03.29 14:45:14 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2016.03.29 14:45:14 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netjoin.dll
[2016.03.29 14:45:13 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2016.03.29 14:45:13 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2016.03.29 14:45:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2016.03.29 14:45:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnikeapi.dll
[2016.03.29 14:45:12 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2016.03.29 14:45:12 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcomapi.dll
[2016.03.29 14:45:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\proquota.exe
[2016.03.29 14:45:11 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2016.03.29 14:45:11 | 000,763,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2016.03.29 14:45:11 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2016.03.29 14:45:11 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2016.03.29 14:45:11 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2016.03.29 14:45:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2016.03.29 14:45:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2016.03.29 14:45:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2016.03.29 14:45:10 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2016.03.29 14:45:10 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2016.03.29 14:45:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2016.03.29 14:45:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshipsec.dll
[2016.03.29 14:45:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2016.03.29 14:45:10 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2016.03.29 14:45:10 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2016.03.29 14:45:10 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2016.03.29 14:45:10 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2016.03.29 14:45:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2016.03.29 14:45:10 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2016.03.29 14:45:10 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2016.03.29 14:45:10 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2016.03.29 14:45:09 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2016.03.29 14:45:09 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2016.03.29 14:45:09 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2016.03.29 14:45:09 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2016.03.29 14:45:09 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2016.03.29 14:45:09 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prntvpt.dll
[2016.03.29 14:45:08 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016.03.29 14:45:08 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2016.03.29 14:45:08 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys
[2016.03.29 14:45:08 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2016.03.29 14:45:08 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2016.03.29 14:45:06 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2016.03.29 14:45:06 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2016.03.29 14:45:06 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2016.03.29 14:45:06 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2016.03.29 14:45:06 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2016.03.29 14:45:06 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2016.03.29 14:45:06 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2016.03.29 14:45:06 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2016.03.29 14:45:06 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2016.03.29 14:45:06 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprddm.dll
[2016.03.29 14:45:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2016.03.29 14:45:06 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QAGENT.DLL
[2016.03.29 14:45:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netid.dll
[2016.03.29 14:45:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2016.03.29 14:45:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpsign.exe
[2016.03.29 14:45:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2016.03.29 14:45:05 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2016.03.29 14:45:05 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2016.03.29 14:45:05 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DiagCpl.dll
[2016.03.29 14:45:05 | 000,957,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2016.03.29 14:45:05 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vault.dll
[2016.03.29 14:45:05 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2016.03.29 14:45:05 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2016.03.29 14:45:05 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2016.03.29 14:45:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpsrcwp.dll
[2016.03.29 14:45:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016.03.29 14:45:05 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nci.dll
[2016.03.29 14:45:04 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bootres.dll
[2016.03.29 14:45:04 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2016.03.29 14:45:04 | 000,812,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2016.03.29 14:45:04 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2016.03.29 14:45:04 | 000,433,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MCEWMDRMNDBootstrap.dll
[2016.03.29 14:45:04 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2016.03.29 14:45:04 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\Robocopy.exe
[2016.03.29 14:45:04 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSTPager.ax
[2016.03.29 14:45:04 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2016.03.29 14:45:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2016.03.29 14:45:03 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxpTaskSync.dll
[2016.03.29 14:45:03 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskmgr.exe
[2016.03.29 14:45:03 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2016.03.29 14:45:03 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2016.03.29 14:45:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2016.03.29 14:45:03 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winhv.sys
[2016.03.29 14:45:02 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2016.03.29 14:45:02 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiobj.dll
[2016.03.29 14:45:02 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2016.03.29 14:45:02 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016.03.29 14:45:02 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2016.03.29 14:45:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2016.03.29 14:45:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2016.03.29 14:45:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2016.03.29 14:45:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\userinit.exe
[2016.03.29 14:45:01 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnfldr.dll
[2016.03.29 14:45:01 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\termmgr.dll
[2016.03.29 14:45:01 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2016.03.29 14:45:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2016.03.29 14:45:01 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskmgr.exe
[2016.03.29 14:45:01 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2016.03.29 14:45:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\proquota.exe
[2016.03.29 14:45:00 | 003,745,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2016.03.29 14:45:00 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiadefui.dll
[2016.03.29 14:45:00 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2016.03.29 14:45:00 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2016.03.29 14:45:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2016.03.29 14:45:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2016.03.29 14:45:00 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2016.03.29 14:45:00 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2016.03.29 14:45:00 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2016.03.29 14:45:00 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logoncli.dll
[2016.03.29 14:45:00 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2016.03.29 14:45:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userinit.exe
[2016.03.29 14:44:59 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsCpl.dll
[2016.03.29 14:44:59 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2016.03.29 14:44:59 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FirewallControlPanel.dll
[2016.03.29 14:44:59 | 000,649,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2016.03.29 14:44:58 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2016.03.29 14:44:58 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2016.03.29 14:44:58 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slui.exe
[2016.03.29 14:44:58 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2016.03.29 14:44:58 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hgcpl.dll
[2016.03.29 14:44:58 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\defaultlocationcpl.dll
[2016.03.29 14:44:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2016.03.29 14:44:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2016.03.29 14:44:57 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2016.03.29 14:44:57 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2016.03.29 14:44:57 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2016.03.29 14:44:56 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2016.03.29 14:44:56 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2016.03.29 14:44:56 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2016.03.29 14:44:56 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceCenter.dll
[2016.03.29 14:44:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localsec.dll
[2016.03.29 14:44:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2016.03.29 14:44:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprddm.dll
[2016.03.29 14:44:56 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskbarcpl.dll
[2016.03.29 14:44:56 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OnLineIDCpl.dll
[2016.03.29 14:44:56 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVolSSO.dll
[2016.03.29 14:44:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2016.03.29 14:44:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2016.03.29 14:44:55 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2016.03.29 14:44:53 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016.03.29 14:44:52 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2016.03.29 14:44:52 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2016.03.29 14:44:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2016.03.29 14:44:52 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2016.03.29 14:44:52 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2016.03.29 14:44:52 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twext.dll
[2016.03.29 14:44:51 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2016.03.29 14:44:51 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
[2016.03.29 14:44:51 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2016.03.29 14:44:51 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2016.03.29 14:44:51 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2016.03.29 14:44:51 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroleui.dll
[2016.03.29 14:44:51 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2016.03.29 14:44:51 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2016.03.29 14:44:51 | 000,288,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2016.03.29 14:44:51 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxlib.dll
[2016.03.29 14:44:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recovery.dll
[2016.03.29 14:44:51 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prntvpt.dll
[2016.03.29 14:44:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2016.03.29 14:44:51 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w32tm.exe
[2016.03.29 14:44:50 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2016.03.29 14:44:50 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2016.03.29 14:44:50 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsuiext.dll
[2016.03.29 14:44:50 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizeng.dll
[2016.03.29 14:44:50 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2016.03.29 14:44:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroleui.dll
[2016.03.29 14:44:50 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\efscore.dll
[2016.03.29 14:44:50 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VBICodec.ax
[2016.03.29 14:44:50 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cca.dll
[2016.03.29 14:44:50 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe
[2016.03.29 14:44:50 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzutil.exe
[2016.03.29 14:44:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sisbkup.dll
[2016.03.29 14:44:49 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdcpl.dll
[2016.03.29 14:44:49 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncui.dll
[2016.03.29 14:44:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2016.03.29 14:44:48 | 001,003,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2016.03.29 14:44:48 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\main.cpl
[2016.03.29 14:44:48 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016.03.29 14:44:48 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shwebsvc.dll
[2016.03.29 14:44:48 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2016.03.29 14:44:48 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recdisc.exe
[2016.03.29 14:44:48 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2016.03.29 14:44:48 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2016.03.29 14:44:48 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldp.dll
[2016.03.29 14:44:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fvecpl.dll
[2016.03.29 14:44:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netjoin.dll
[2016.03.29 14:44:48 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2016.03.29 14:44:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2016.03.29 14:44:48 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016.03.29 14:44:47 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2016.03.29 14:44:47 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenterCPL.dll
[2016.03.29 14:44:47 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2016.03.29 14:44:47 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2016.03.29 14:44:47 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2016.03.29 14:44:47 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2016.03.29 14:44:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2016.03.29 14:44:46 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2016.03.29 14:44:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll
[2016.03.29 14:44:46 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizeng.dll
[2016.03.29 14:44:46 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnfldr.dll
[2016.03.29 14:44:46 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
[2016.03.29 14:44:46 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2016.03.29 14:44:46 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2016.03.29 14:44:46 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OnLineIDCpl.dll
[2016.03.29 14:44:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2016.03.29 14:44:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2016.03.29 14:44:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksxbar.ax
[2016.03.29 14:44:45 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2016.03.29 14:44:45 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2016.03.29 14:44:45 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\termmgr.dll
[2016.03.29 14:44:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2016.03.29 14:44:45 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2016.03.29 14:44:45 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2016.03.29 14:44:45 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtrmgr.dll
[2016.03.29 14:44:45 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2016.03.29 14:44:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2016.03.29 14:44:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016.03.29 14:44:44 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2016.03.29 14:44:44 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2016.03.29 14:44:44 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016.03.29 14:44:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\defaultlocationcpl.dll
[2016.03.29 14:44:44 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2016.03.29 14:44:44 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016.03.29 14:44:44 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntlanman.dll
[2016.03.29 14:44:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2016.03.29 14:44:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2016.03.29 14:44:43 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlcese30.dll
[2016.03.29 14:44:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2016.03.29 14:44:43 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2016.03.29 14:44:43 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtrmgr.dll
[2016.03.29 14:44:43 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\efscore.dll
[2016.03.29 14:44:43 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll
[2016.03.29 14:44:43 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpd3d.dll
[2016.03.29 14:44:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2016.03.29 14:44:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2016.03.29 14:44:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sisbkup.dll
[2016.03.29 14:44:42 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenterCPL.dll
[2016.03.29 14:44:42 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ssText3d.scr
[2016.03.29 14:44:42 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2016.03.29 14:44:42 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2016.03.29 14:44:42 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iTVData.dll
[2016.03.29 14:44:42 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2016.03.29 14:44:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syncui.dll
[2016.03.29 14:44:42 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2016.03.29 14:44:42 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2016.03.29 14:44:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserAccountControlSettings.dll
[2016.03.29 14:44:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016.03.29 14:44:41 | 000,781,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2016.03.29 14:44:41 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2016.03.29 14:44:41 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2016.03.29 14:44:41 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DeviceCenter.dll
[2016.03.29 14:44:41 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquoui.dll
[2016.03.29 14:44:41 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srvcli.dll
[2016.03.29 14:44:41 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSTPager.ax
[2016.03.29 14:44:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2016.03.29 14:44:40 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OobeFldr.dll
[2016.03.29 14:44:40 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2016.03.29 14:44:40 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2016.03.29 14:44:40 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2016.03.29 14:44:40 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2016.03.29 14:44:40 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wavemsp.dll
[2016.03.29 14:44:40 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingFolder.dll
[2016.03.29 14:44:40 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdboot.exe
[2016.03.29 14:44:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2016.03.29 14:44:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2016.03.29 14:44:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPHLPR.DLL
[2016.03.29 14:44:40 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nslookup.exe
[2016.03.29 14:44:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acppage.dll
[2016.03.29 14:44:39 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2016.03.29 14:44:38 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srrstr.dll
[2016.03.29 14:44:36 | 001,672,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2016.03.29 14:44:36 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2016.03.29 14:44:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpx.dll
[2016.03.29 14:44:36 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\activeds.dll
[2016.03.29 14:44:36 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2016.03.29 14:44:36 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2016.03.29 14:44:36 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpsrcwp.dll
[2016.03.29 14:44:36 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2016.03.29 14:44:36 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPHLPR.DLL
[2016.03.29 14:44:36 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppnp.dll
[2016.03.29 14:44:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\migisol.dll
[2016.03.29 14:44:36 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2016.03.29 14:44:35 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2016.03.29 14:44:35 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2016.03.29 14:44:35 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshipsec.dll
[2016.03.29 14:44:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationSettings.exe
[2016.03.29 14:44:35 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\remotepg.dll
[2016.03.29 14:44:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabinet.dll
[2016.03.29 14:44:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkscli.dll
[2016.03.29 14:44:35 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2016.03.29 14:44:34 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfrgui.exe
[2016.03.29 14:44:34 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2016.03.29 14:44:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2016.03.29 14:44:34 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2016.03.29 14:44:34 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3ui.dll
[2016.03.29 14:44:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2016.03.29 14:44:34 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wavemsp.dll
[2016.03.29 14:44:34 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2016.03.29 14:44:34 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016.03.29 14:44:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\net1.exe
[2016.03.29 14:44:34 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kstvtune.ax
[2016.03.29 14:44:34 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe
[2016.03.29 14:44:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2016.03.29 14:44:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2016.03.29 14:44:32 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2016.03.29 14:44:32 | 000,685,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsuiext.dll
[2016.03.29 14:44:32 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2016.03.29 14:44:32 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2016.03.29 14:44:32 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfrgui.exe
[2016.03.29 14:44:32 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2016.03.29 14:44:32 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimgapi.dll
[2016.03.29 14:44:32 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsqmcons.exe
[2016.03.29 14:44:32 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2016.03.29 14:44:32 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2016.03.29 14:44:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzutil.exe
[2016.03.29 14:44:32 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2016.03.29 14:44:31 | 001,911,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2016.03.29 14:44:31 | 000,899,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Bubbles.scr
[2016.03.29 14:44:31 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AdmTmpl.dll
[2016.03.29 14:44:31 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2016.03.29 14:44:31 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2016.03.29 14:44:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PkgMgr.exe
[2016.03.29 14:44:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstask.dll
[2016.03.29 14:44:31 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcap.dll
[2016.03.29 14:44:31 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2016.03.29 14:44:31 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twext.dll
[2016.03.29 14:44:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2016.03.29 14:44:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2016.03.29 14:44:31 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2016.03.29 14:44:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2016.03.29 14:44:30 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\main.cpl
[2016.03.29 14:44:30 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2016.03.29 14:44:30 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ssText3d.scr
[2016.03.29 14:44:30 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mystify.scr
[2016.03.29 14:44:30 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Ribbons.scr
[2016.03.29 14:44:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2016.03.29 14:44:30 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016.03.29 14:44:30 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll
[2016.03.29 14:44:30 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016.03.29 14:44:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\uxlib.dll
[2016.03.29 14:44:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupugc.exe
[2016.03.29 14:44:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdmat.dll
[2016.03.29 14:44:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsium.dll
[2016.03.29 14:44:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2016.03.29 14:44:29 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2016.03.29 14:44:29 | 000,573,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2016.03.29 14:44:29 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeResults.exe
[2016.03.29 14:44:29 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2016.03.29 14:44:29 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2016.03.29 14:44:29 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfmon.exe

Re: okyy.vbs na FLASH disku

Napsal: 30 bře 2016 09:04
od MAO
[2016.03.29 14:44:29 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpshell.dll
[2016.03.29 14:44:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2016.03.29 14:44:29 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2016.03.29 14:44:29 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2016.03.29 14:44:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2016.03.29 14:44:28 | 001,087,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbghelp.dll
[2016.03.29 14:44:28 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2016.03.29 14:44:28 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimserv.exe
[2016.03.29 14:44:28 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2016.03.29 14:44:28 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2016.03.29 14:44:28 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionQueue.dll
[2016.03.29 14:44:28 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingFolder.dll
[2016.03.29 14:44:28 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2016.03.29 14:44:28 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016.03.29 14:44:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tlscsp.dll
[2016.03.29 14:44:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\umb.dll
[2016.03.29 14:44:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPCRYPT.DLL
[2016.03.29 14:44:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\acppage.dll
[2016.03.29 14:44:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AzSqlExt.dll
[2016.03.29 14:44:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netutils.dll
[2016.03.29 14:44:27 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSAPI.dll
[2016.03.29 14:44:27 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2016.03.29 14:44:27 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2016.03.29 14:44:27 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2016.03.29 14:44:27 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2016.03.29 14:44:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
[2016.03.29 14:44:27 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\remotepg.dll
[2016.03.29 14:44:27 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiavideo.dll
[2016.03.29 14:44:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QUTIL.DLL
[2016.03.29 14:44:27 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2016.03.29 14:44:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016.03.29 14:44:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\runonce.exe
[2016.03.29 14:44:27 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPCRYPT.DLL
[2016.03.29 14:44:26 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2016.03.29 14:44:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2016.03.29 14:44:26 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetapi.dll
[2016.03.29 14:44:26 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MdSched.exe
[2016.03.29 14:44:26 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2016.03.29 14:44:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserAccountControlSettings.dll
[2016.03.29 14:44:26 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syssetup.dll
[2016.03.29 14:44:24 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onexui.dll
[2016.03.29 14:44:24 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2016.03.29 14:44:24 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nltest.exe
[2016.03.29 14:44:24 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2016.03.29 14:44:24 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2016.03.29 14:44:24 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsadmin.exe
[2016.03.29 14:44:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iTVData.dll
[2016.03.29 14:44:24 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2016.03.29 14:44:24 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2016.03.29 14:44:24 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsbas.dll
[2016.03.29 14:44:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsbas.dll
[2016.03.29 14:44:24 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2016.03.29 14:44:24 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2016.03.29 14:44:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016.03.29 14:44:24 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2016.03.29 14:44:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2016.03.29 14:44:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\runonce.exe
[2016.03.29 14:44:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PrintIsolationProxy.dll
[2016.03.29 14:44:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vpnikeapi.dll
[2016.03.29 14:44:23 | 000,527,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2016.03.29 14:44:23 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2016.03.29 14:44:23 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2016.03.29 14:44:23 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2016.03.29 14:44:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shacct.dll
[2016.03.29 14:44:23 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSVRMGMT.DLL
[2016.03.29 14:44:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shacct.dll
[2016.03.29 14:44:23 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2016.03.29 14:44:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tabcal.exe
[2016.03.29 14:44:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2016.03.29 14:44:23 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2016.03.29 14:44:22 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2016.03.29 14:44:22 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2016.03.29 14:44:22 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2016.03.29 14:44:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2016.03.29 14:44:22 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsadmin.exe
[2016.03.29 14:44:22 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qcap.dll
[2016.03.29 14:44:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2016.03.29 14:44:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpshell.dll
[2016.03.29 14:44:22 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016.03.29 14:44:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdmat.dll
[2016.03.29 14:44:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lsmproxy.dll
[2016.03.29 14:44:21 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Bubbles.scr
[2016.03.29 14:44:21 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlcese30.dll
[2016.03.29 14:44:21 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdv.dll
[2016.03.29 14:44:21 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceSyncProvider.dll
[2016.03.29 14:44:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2016.03.29 14:44:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CscMig.dll
[2016.03.29 14:44:21 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2016.03.29 14:44:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpd3d.dll
[2016.03.29 14:44:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsium.dll
[2016.03.29 14:44:20 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2016.03.29 14:44:20 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceStatus.dll
[2016.03.29 14:44:20 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceStatus.dll
[2016.03.29 14:44:20 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2016.03.29 14:44:20 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2016.03.29 14:44:20 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2016.03.29 14:44:20 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3ui.dll
[2016.03.29 14:44:20 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2016.03.29 14:44:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mystify.scr
[2016.03.29 14:44:20 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Ribbons.scr
[2016.03.29 14:44:20 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceSyncProvider.dll
[2016.03.29 14:44:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2016.03.29 14:44:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2016.03.29 14:44:20 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\desk.cpl
[2016.03.29 14:44:20 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fphc.dll
[2016.03.29 14:44:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSVRMGMT.DLL
[2016.03.29 14:44:20 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2016.03.29 14:44:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kstvtune.ax
[2016.03.29 14:44:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2016.03.29 14:44:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spbcd.dll
[2016.03.29 14:44:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\olethk32.dll
[2016.03.29 14:44:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2016.03.29 14:44:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2016.03.29 14:44:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016.03.29 14:44:20 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\takeown.exe
[2016.03.29 14:44:20 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016.03.29 14:44:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2016.03.29 14:44:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2016.03.29 14:44:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2016.03.29 14:44:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\utildll.dll
[2016.03.29 14:44:19 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2016.03.29 14:44:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2016.03.29 14:44:19 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2016.03.29 14:44:19 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2016.03.29 14:44:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqmapi.dll
[2016.03.29 14:44:19 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBICodec.ax
[2016.03.29 14:44:19 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2016.03.29 14:44:19 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2016.03.29 14:44:19 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiavideo.dll
[2016.03.29 14:44:19 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2016.03.29 14:44:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fphc.dll
[2016.03.29 14:44:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2016.03.29 14:44:19 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amstream.dll
[2016.03.29 14:44:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2016.03.29 14:44:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\takeown.exe
[2016.03.29 14:44:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HotStartUserAgent.dll
[2016.03.29 14:44:18 | 000,681,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2016.03.29 14:44:18 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdv.dll
[2016.03.29 14:44:18 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2016.03.29 14:44:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2016.03.29 14:44:18 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppinst.dll
[2016.03.29 14:44:18 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmstp.exe
[2016.03.29 14:44:18 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmstp.exe
[2016.03.29 14:44:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QCLIPROV.DLL
[2016.03.29 14:44:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2016.03.29 14:44:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2016.03.29 14:44:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QCLIPROV.DLL
[2016.03.29 14:44:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertPolEng.dll
[2016.03.29 14:44:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cca.dll
[2016.03.29 14:44:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WavDest.dll
[2016.03.29 14:44:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\djoin.exe
[2016.03.29 14:44:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimgvw.dll
[2016.03.29 14:44:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nrpsrv.dll
[2016.03.29 14:44:17 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2016.03.29 14:44:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsicli.exe
[2016.03.29 14:44:17 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2016.03.29 14:44:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2016.03.29 14:44:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2016.03.29 14:44:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MuiUnattend.exe
[2016.03.29 14:44:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\g711codc.ax
[2016.03.29 14:44:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vfwwdm32.dll
[2016.03.29 14:44:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2016.03.29 14:44:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MultiDigiMon.exe
[2016.03.29 14:44:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdhui.dll
[2016.03.29 14:44:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2016.03.29 14:44:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AzSqlExt.dll
[2016.03.29 14:44:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2016.03.29 14:44:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
[2016.03.29 14:44:16 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2016.03.29 14:44:16 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2016.03.29 14:44:16 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicli.exe
[2016.03.29 14:44:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeHdCfg.exe
[2016.03.29 14:44:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\desk.cpl
[2016.03.29 14:44:16 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mobsync.exe
[2016.03.29 14:44:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spbcd.dll
[2016.03.29 14:44:16 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wkscli.dll
[2016.03.29 14:44:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbisurf.ax
[2016.03.29 14:44:16 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2016.03.29 14:44:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdmo.dll
[2016.03.29 14:44:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiougc.exe
[2016.03.29 14:44:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BWUnpairElevated.dll
[2016.03.29 14:44:15 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2016.03.29 14:44:15 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2016.03.29 14:44:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mydocs.dll
[2016.03.29 14:44:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2016.03.29 14:44:15 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2016.03.29 14:44:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amstream.dll
[2016.03.29 14:44:15 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2016.03.29 14:44:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2016.03.29 14:44:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2016.03.29 14:44:12 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2016.03.29 14:44:12 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSTIFF.dll
[2016.03.29 14:44:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
[2016.03.29 14:44:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2016.03.29 14:44:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2016.03.29 14:44:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2016.03.29 14:44:12 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2016.03.29 14:44:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertPolEng.dll
[2016.03.29 14:44:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksxbar.ax
[2016.03.29 14:44:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2016.03.29 14:44:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qprocess.exe
[2016.03.29 14:44:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syssetup.dll
[2016.03.29 14:44:11 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onexui.dll
[2016.03.29 14:44:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2016.03.29 14:44:11 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2016.03.29 14:44:11 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2016.03.29 14:44:11 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2016.03.29 14:44:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2016.03.29 14:44:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2016.03.29 14:44:11 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2016.03.29 14:44:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tlscsp.dll
[2016.03.29 14:44:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2016.03.29 14:44:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\luainstall.dll
[2016.03.29 14:44:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciqtz32.dll
[2016.03.29 14:44:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\choice.exe
[2016.03.29 14:44:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016.03.29 14:44:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2016.03.29 14:44:11 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2016.03.29 14:44:10 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2016.03.29 14:44:10 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mobsync.exe
[2016.03.29 14:44:10 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2016.03.29 14:44:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\manage-bde.exe
[2016.03.29 14:44:10 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetmib1.dll
[2016.03.29 14:44:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2016.03.29 14:44:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\repair-bde.exe
[2016.03.29 14:44:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdiasqmmodule.dll
[2016.03.29 14:44:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz32.dll
[2016.03.29 14:44:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shimgvw.dll
[2016.03.29 14:44:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2016.03.29 14:44:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2016.03.29 14:44:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schedcli.dll
[2016.03.29 14:44:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qappsrv.exe
[2016.03.29 14:44:10 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chglogon.exe
[2016.03.29 14:44:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spopk.dll
[2016.03.29 14:44:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spopk.dll
[2016.03.29 14:44:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2016.03.29 14:44:09 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2016.03.29 14:44:09 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2016.03.29 14:44:09 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDPENCDD.dll
[2016.03.29 14:44:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmicres.dll
[2016.03.29 14:44:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2016.03.29 14:44:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetmib1.dll
[2016.03.29 14:44:09 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\g711codc.ax
[2016.03.29 14:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2016.03.29 14:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmbusres.dll
[2016.03.29 14:44:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\luainstall.dll
[2016.03.29 14:44:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSMON.dll
[2016.03.29 14:44:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2016.03.29 14:44:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2016.03.29 14:44:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmstorfltres.dll
[2016.03.29 14:44:09 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unlodctr.exe
[2016.03.29 14:44:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbisurf.ax
[2016.03.29 14:44:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profprov.dll
[2016.03.29 14:44:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdmo.dll
[2016.03.29 14:44:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elsTrans.dll
[2016.03.29 14:44:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chgport.exe
[2016.03.29 14:44:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tskill.exe
[2016.03.29 14:44:09 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tscon.exe
[2016.03.29 14:44:09 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsdiscon.exe
[2016.03.29 14:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shadow.exe
[2016.03.29 14:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rwinsta.exe
[2016.03.29 14:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdprefdrvapi.dll
[2016.03.29 14:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoff.exe
[2016.03.29 14:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chgusr.exe
[2016.03.29 14:44:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2016.03.29 14:44:08 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\napdsnap.dll
[2016.03.29 14:44:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016.03.29 14:44:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsauth.dll
[2016.03.29 14:44:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016.03.29 14:44:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LogonUI.exe
[2016.03.29 14:44:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2016.03.29 14:44:08 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TRAPI.dll
[2016.03.29 14:44:08 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfts.dll
[2016.03.29 14:44:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reset.exe
[2016.03.29 14:44:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\change.exe
[2016.03.29 14:44:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\query.exe
[2016.03.29 14:44:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2016.03.29 14:44:07 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2016.03.29 14:44:07 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\napdsnap.dll
[2016.03.29 14:44:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016.03.29 14:44:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys
[2016.03.29 14:44:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsauth.dll
[2016.03.29 14:44:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2016.03.29 14:44:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsperf.dll
[2016.03.29 14:44:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdprefdrvapi.dll
[2016.03.29 14:44:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elsTrans.dll
[2016.03.29 14:44:07 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TRAPI.dll
[2016.03.29 14:44:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsperf.dll
[2016.03.29 14:44:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSUNATD.exe
[2016.03.29 14:44:07 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schedcli.dll
[2016.03.29 14:44:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2016.03.29 14:44:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016.03.29 14:44:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2016.03.29 14:44:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2016.03.29 14:44:05 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2016.03.29 14:44:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shgina.dll
[2016.03.29 14:44:05 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2016.03.29 14:44:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shgina.dll
[2016.03.29 14:44:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched32.dll
[2016.03.29 14:44:04 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016.03.29 14:44:04 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2016.03.29 14:43:56 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshirda.dll
[2016.03.29 14:43:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016.03.29 14:43:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016.03.29 14:43:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcfgex.dll
[2016.03.29 14:43:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmbuspipe.dll
[2016.03.29 14:43:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshirda.dll
[2016.03.29 14:43:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched32.dll
[2016.03.29 14:43:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2016.03.29 14:43:51 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmbusCoinstaller.dll
[2016.03.29 14:43:51 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmdCoinstall.dll
[2016.03.29 14:43:51 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IcCoinstall.dll
[2016.03.29 14:43:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\C_ISCII.DLL
[2016.03.29 14:43:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016.03.29 14:43:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shunimpl.dll
[2016.03.29 14:43:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\C_ISCII.DLL
[2016.03.29 14:43:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUQ.DLL
[2016.03.29 14:43:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUF.DLL
[2016.03.29 14:43:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSG.DLL
[2016.03.29 14:43:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdlk41a.dll
[2016.03.29 14:43:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGKL.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUQ.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUF.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSG.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSF.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDPO.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDNEPR.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdlk41a.dll
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGR1.DLL
[2016.03.29 14:43:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGKL.DLL
[2016.03.29 14:43:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2016.03.29 14:43:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2016.03.29 14:43:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016.03.29 14:43:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2016.03.29 14:43:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-ums-l1-1-0.dll
[2016.03.29 14:43:48 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2016.03.29 14:43:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016.03.29 14:43:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGR1.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUS.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTURME.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAJIK.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMON.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGEO.DLL
[2016.03.29 14:43:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBLR.DLL
[2016.03.29 14:43:47 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2016.03.29 14:43:47 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2016.03.29 14:43:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BlbEvents.dll
[2016.03.29 14:43:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pifmgr.dll
[2016.03.29 14:43:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pifmgr.dll
[2016.03.29 14:43:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDCZ1.DLL
[2016.03.29 14:43:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizres.dll
[2016.03.29 14:43:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizres.dll
[2016.03.29 14:43:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDCZ1.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUS.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUGHR1.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTURME.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAJIK.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSF.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDPO.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDNEPR.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMON.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMAORI.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDLT1.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBULG.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBLR.DLL
[2016.03.29 14:43:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2016.03.29 14:43:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUGHR1.DLL
[2016.03.29 14:43:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMAORI.DLL
[2016.03.29 14:43:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDLT1.DLL
[2016.03.29 14:43:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGEO.DLL
[2016.03.29 14:43:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBULG.DLL
[2016.03.29 14:43:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2016.03.29 14:43:47 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2016.03.29 14:43:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2016.03.29 14:43:30 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpx.dll
[2016.03.29 14:43:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2016.03.29 14:39:22 | 000,529,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn.dll
[2016.03.29 14:01:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016.03.29 13:50:02 | 000,000,000 | ---D | C] -- C:\UsbFix
[2016.03.29 13:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2016.03.29 13:26:28 | 000,090,112 | ---- | C] (Vestris Inc.) -- C:\Windows\SysNative\Vestris.ResourceLib.dll
[2016.03.29 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2016.03.29 13:26:18 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Programs
[2016.03.29 13:21:15 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Macromedia
[2016.03.29 13:21:15 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Macromedia
[2016.03.29 13:21:15 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Adobe
[2016.03.29 13:20:35 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2016.03.29 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Disc_Soft_Ltd
[2016.03.29 13:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2016.03.29 13:12:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2016.03.29 13:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2016.03.29 13:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2016.03.29 13:11:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2016.03.29 13:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2016.03.29 13:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2016.03.29 13:08:52 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Microsoft Help
[2016.03.29 13:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2016.03.29 13:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2016.03.29 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2016.03.29 13:06:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2016.03.29 13:05:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Daemon Tools Images
[2016.03.29 12:04:32 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[2016.03.29 12:03:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\dmp
[2016.03.29 12:02:03 | 000,047,672 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtliteusbbus.sys
[2016.03.29 12:00:28 | 000,030,264 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys
[2016.03.29 12:00:28 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\DAEMON Tools Lite
[2016.03.29 12:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2016.03.29 12:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2016.03.29 11:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2016.03.29 11:25:50 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.03.29 11:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.03.29 11:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2016.03.29 10:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2016.03.29 10:44:36 | 000,797,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.03.29 10:44:36 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.03.29 10:44:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2016.03.29 10:44:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2016.03.29 10:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2016.03.29 10:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2016.03.29 10:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2016.03.29 10:39:49 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Adobe
[2016.03.29 10:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2016.03.29 10:28:36 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Logitech
[2016.03.29 10:28:36 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Logishrd
[2016.03.29 09:15:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2016.03.29 09:14:56 | 000,408,280 | ---- | C] (Realsil Semiconductor Corporation) -- C:\Windows\SysNative\drivers\RtsUer.sys
[2016.03.29 09:14:56 | 000,083,160 | ---- | C] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll
[2016.03.29 09:14:55 | 009,890,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2016.03.29 09:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2016.03.29 09:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2016.03.29 09:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2016.03.29 09:09:49 | 006,207,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2016.03.29 09:09:49 | 003,300,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2016.03.29 09:09:49 | 002,558,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2016.03.29 09:09:49 | 000,118,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2016.03.29 09:09:49 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2016.03.29 09:08:58 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2016.03.29 09:08:58 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2016.03.29 09:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2016.03.29 09:07:53 | 007,457,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2016.03.29 09:07:53 | 006,162,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2016.03.29 09:07:52 | 026,341,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2016.03.29 09:07:52 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2016.03.29 09:07:52 | 019,915,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2016.03.29 09:07:52 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2016.03.29 09:07:52 | 015,413,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2016.03.29 09:07:52 | 009,184,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2016.03.29 09:07:52 | 007,754,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2016.03.29 09:07:52 | 002,752,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2016.03.29 09:07:52 | 002,749,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2016.03.29 09:07:52 | 002,577,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2016.03.29 09:07:52 | 002,446,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2016.03.29 09:07:52 | 002,222,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2016.03.29 09:07:52 | 001,869,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2016.03.29 09:07:52 | 001,802,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2016.03.29 09:07:52 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2016.03.29 09:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2016.03.29 09:04:31 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\WinRAR
[2016.03.29 09:00:22 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2016.03.29 09:00:21 | 000,000,000 | ---D | C] -- C:\totalcmd
[2016.03.29 09:00:21 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\GHISLER
[2016.03.29 08:59:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2016.03.29 08:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2016.03.29 08:56:04 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Google
[2016.03.29 08:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2016.03.29 08:53:27 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Mozilla
[2016.03.29 08:53:27 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Mozilla
[2016.03.29 08:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2016.03.29 08:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016.03.29 08:45:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2016.03.29 08:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2016.03.29 08:45:04 | 000,758,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll
[2016.03.29 08:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2016.03.29 08:44:45 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2016.03.29 08:06:03 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2016.03.29 08:06:03 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2016.03.29 08:06:02 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016.03.29 08:06:00 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016.03.29 08:06:00 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016.03.29 07:59:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016.03.29 07:59:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016.03.29 07:59:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016.03.24 10:57:48 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2016.03.24 10:57:48 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Searches
[2016.03.24 10:57:48 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2016.03.24 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Identities
[2016.03.24 10:57:31 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Contacts
[2016.03.24 10:57:28 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\VirtualStore
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\AppData\Local\Temporary Internet Files
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Šablony
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Soubory cookie
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\SendTo
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Poslední
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Okolní tiskárny
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Okolní síť
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Documents\Obrázky
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Nabídka Start
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Local Settings
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Documents\Hudba
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\AppData\Local\History
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Documents\Filmy
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Dokumenty
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\Data aplikací
[2016.03.24 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\ZDENEK\AppData\Local\Data aplikací
[2016.03.24 10:56:59 | 000,000,000 | --SD | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Videos
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Saved Games
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Pictures
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Music
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Links
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Favorites
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Downloads
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Documents
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\Desktop
[2016.03.24 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2016.03.24 10:56:59 | 000,000,000 | -H-D | C] -- C:\Users\ZDENEK\AppData
[2016.03.24 10:56:59 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Temp
[2016.03.24 10:56:59 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Local\Microsoft
[2016.03.24 10:56:59 | 000,000,000 | ---D | C] -- C:\Users\ZDENEK\AppData\Roaming\Media Center Programs
[2016.03.24 10:54:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Šablony
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Plocha
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Obrázky
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Oblíbené položky
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Nabídka Start
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Hudba
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Filmy
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2016.03.24 10:54:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Data aplikací
[2016.03.24 10:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2016.03.24 10:43:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2016.03.24 10:43:13 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2016.03.24 10:42:39 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2016.03.24 10:42:25 | 000,000,000 | -HSD | C] -- C:\Boot

========== Files - Modified Within 30 Days ==========

[2016.03.30 07:43:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016.03.30 07:43:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.03.30 07:43:08 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.03.30 07:40:47 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.03.30 07:40:47 | 000,631,054 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016.03.30 07:40:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.03.30 07:40:47 | 000,121,708 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016.03.30 07:40:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.03.30 07:38:59 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.03.30 07:37:50 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.03.30 07:35:24 | 000,442,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.03.30 07:34:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.03.30 07:34:21 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2016.03.30 07:11:21 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.03.29 15:59:30 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.03.29 15:42:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2016.03.29 15:42:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2016.03.29 14:00:08 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016.03.29 13:50:08 | 000,001,453 | ---- | M] () -- C:\Users\ZDENEK\Desktop\UsbFix.lnk
[2016.03.29 12:04:27 | 000,024,688 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2016.03.29 12:02:03 | 000,047,672 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtliteusbbus.sys
[2016.03.29 12:00:28 | 000,030,264 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys
[2016.03.29 10:44:36 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.03.29 10:44:36 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.03.29 09:00:23 | 000,000,651 | ---- | M] () -- C:\Users\ZDENEK\Desktop\Total Commander 64 bit.lnk
[2016.03.24 10:54:57 | 000,000,012 | RHS- | M] () -- C:\win7.ld
[2016.03.24 10:54:56 | 000,203,464 | RHS- | M] () -- C:\grldr
[2016.03.24 10:51:08 | 000,061,655 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2016.03.24 10:51:08 | 000,061,655 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2016.03.24 10:48:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.03.24 10:42:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2016.03.12 18:48:22 | 000,692,974 | -HS- | M] () -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\data.vbs

========== Files Created - No Company Name ==========

[2016.03.30 07:43:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016.03.29 14:46:33 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2016.03.29 14:46:16 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2016.03.29 14:44:10 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2016.03.29 14:43:45 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2016.03.29 14:43:45 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2016.03.29 14:43:07 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2016.03.29 14:43:06 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2016.03.29 13:50:08 | 000,001,453 | ---- | C] () -- C:\Users\ZDENEK\Desktop\UsbFix.lnk
[2016.03.29 12:04:27 | 000,024,688 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2016.03.29 10:44:37 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.03.29 10:41:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2016.03.29 09:07:52 | 000,016,843 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2016.03.29 09:00:23 | 000,000,651 | ---- | C] () -- C:\Users\ZDENEK\Desktop\Total Commander 64 bit.lnk
[2016.03.29 08:58:22 | 000,692,974 | -HS- | C] () -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\data.vbs
[2016.03.29 08:56:02 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016.03.29 08:56:02 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.03.29 08:54:25 | 000,000,952 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.03.29 08:54:24 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.03.29 08:53:19 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2016.03.29 08:53:19 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016.03.29 08:45:04 | 000,010,084 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2016.03.24 10:58:39 | 000,001,447 | ---- | C] () -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2016.03.24 10:58:39 | 000,001,413 | ---- | C] () -- C:\Users\ZDENEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2016.03.24 10:54:57 | 000,000,012 | RHS- | C] () -- C:\win7.ld
[2016.03.24 10:54:56 | 000,203,464 | RHS- | C] () -- C:\grldr
[2016.03.24 10:50:43 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2016.03.24 10:50:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2016.03.24 10:48:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.03.24 10:43:13 | 1609,474,048 | -HS- | C] () -- C:\hiberfil.sys
[2016.03.24 10:42:27 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2016.03.24 10:42:25 | 000,383,786 | RHS- | C] () -- C:\bootmgr

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 14:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 13:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016.03.29 13:05:57 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\DAEMON Tools Lite
[2016.03.29 09:00:21 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\GHISLER

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,003,362 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2016.03.29 08:54:24 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016.03.29 08:54:25 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2016.03.29 10:44:37 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.11.20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.11.20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\System32\catroot\*.tmp files -> C:\Windows\System32\catroot\*.tmp -> ]
[65 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2016.03.29 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Adobe
[2016.03.29 13:05:57 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\DAEMON Tools Lite
[2016.03.29 09:00:21 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\GHISLER
[2016.03.24 10:57:36 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Identities
[2016.03.29 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Logishrd
[2016.03.29 10:28:36 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Logitech
[2016.03.29 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Macromedia
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Media Center Programs
[2016.03.29 13:21:15 | 000,000,000 | --SD | M] -- C:\Users\ZDENEK\AppData\Roaming\Microsoft
[2016.03.29 08:53:40 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\Mozilla
[2016.03.29 09:04:31 | 000,000,000 | ---D | M] -- C:\Users\ZDENEK\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2016.03.30 08:11:53 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016.03.30 07:37:50 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016.03.30 08:00:10 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2016.03.29 10:44:36 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2016.03.29 10:44:36 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2016.03.29 15:42:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"data" = wscript.exe //B "C:\Users\ZDENEK\AppData\Local\Temp\data.vbs" -- [2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2016.03.16 02:47:10 | 000,392,136 | ---- | M] (Mozilla Corporation) MD5=80B72881A9BDDA484867F22DDC2E84DD -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2010.11.20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2016.03.27 08:59:05 | 000,874,136 | ---- | M] (Google Inc.) MD5=FAB888AC8D8609A963FCCC6F120FF1BA -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016.03.30 07:43:16 | 000,000,512 | ---- | M] () MD5=C8C8C8E64A816D8C6BEA620B78E57251 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2014.09.03 00:27:24 | 000,268,432 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014.09.03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.09.03 00:27:24 | 000,364,176 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2014.09.03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.12.02 15:08:05 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Ace32Loader.exe
[2012.10.01 20:47:24 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109A20000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2012.10.01 20:47:24 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109A20000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2012.10.01 20:47:24 | 000,364,128 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109A20000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2012.10.01 20:47:24 | 000,268,384 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109A20000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2012.10.01 20:30:04 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005119110000000000000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2012.10.01 20:30:04 | 000,268,384 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005119110000000000000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2016.03.29 13:12:19 | 000,015,528 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.InfoPath.CLRLoader\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.CLRLoader.dll
[2009.07.14 13:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2010.11.20 12:09:38 | 000,004,290 | ---- | M] () -- \Windows\SoftwareDistribution\Download\fe6e9e7840acaadec5a70941ba6ff546\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_73a52105efe44483.manifest
[2010.11.20 14:33:18 | 000,004,338 | ---- | M] () -- \Windows\SoftwareDistribution\Download\fe6e9e7840acaadec5a70941ba6ff546\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_344529e2e1c53ac6.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\fe6e9e7840acaadec5a70941ba6ff546\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 16:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 16:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 16:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 16:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 16:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2016.03.29 15:43:20 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2016.03.29 15:43:20 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89_winload.efi_75834aa0
[2016.03.29 15:43:20 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89_winload.exe_75835076
[2016.03.29 15:43:21 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89_winresume.efi_85cd069f
[2016.03.29 15:43:21 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 16:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

Re: okyy.vbs na FLASH disku

Napsal: 30 bře 2016 17:03
od Rudy
MAO píše:Dobry den, OS je legalni (klic nalepen na bedne), KMSpico je tam kvuli office, na ty zatim nezbyly penize.

Dekuji
Tak co v systému potom dělá nelegální aktivátor?

Re: okyy.vbs na FLASH disku

Napsal: 31 bře 2016 06:25
od MAO
Dobry den, jak rikam ten je tam kvuli office, nikoliv kvuli operacnimu systemu.

Re: okyy.vbs na FLASH disku

Napsal: 31 bře 2016 17:44
od Rudy
Ale kdepak. Ten jsem také viděl, ale ještě něco jiného, co nelegálně aktivuje právě Windows a ne Office.

Re: okyy.vbs na FLASH disku

Napsal: 31 bře 2016 22:45
od MAO
Nevim co vse v PC presne je, vim ze jsem jeste pouzival Microsoft Toolkit na prave zminene office.

Rozumim tomu ze je spravne pomahat pouze lidem co maji legalni OS, a nemam Vam to za zle.

Je zrejme ze jsem timto "sitem" neprosel, zkusim si tedy odstraneni dohledat svepomoci.

Neberte to prosim spatne, vazim si Vasi prace a diky za vse.

Re: okyy.vbs na FLASH disku

Napsal: 01 dub 2016 17:11
od Rudy
Opravdu tam je aktivátor, který se používá na nelegální aktivaci pouze win (a ničeho jiného). Nelegální oper. systémy a cracklé antiviry opravdu netolerujeme. Viz pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=115512 .
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz