Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Avast mi našel rootkit, prosím o radu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Avast mi našel rootkit, prosím o radu
Děkuji za další rady, bohužel mi dnes nezbyl čas na jejich provedení. Zkusím to snad zítra nebo pozítří.
Re: Avast mi našel rootkit, prosím o radu
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT : Normal Boot
DATE : 2013/11/06 (ISO 8601) at 19:29:18
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __SAMSUNG HN-M750MBB (2AR1)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 698.6 Go [Fixed] ==> Unknown MBR Code ==> PARTITION TABLE FAKED !!
MBR_MD5 : C5F0EAFEC406C7F0C82ACAB31114FAEF
MBR_SHA1 : C0D9C3E991C1ABD43FBE0F2F5BEA119904177E9A
Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 51.00 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 22.14 Go 0x27 RE Hidden partition
Device\Harddisk0\Partition4 625.4 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02BF3000
SIZE : 292.0 Ko
DRIVER : C:\windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x0241B000
SIZE : 40.0 Ko
DRIVER : C:\windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C3C000
SIZE : 316.0 Ko
DRIVER : C:\windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C9F000
SIZE : 376.0 Ko
DRIVER : C:\windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CFD000
SIZE : 768.0 Ko
DRIVER : C:\windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EA2000
SIZE : 656.0 Ko
DRIVER : C:\windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F46000
SIZE : 60.0 Ko
DRIVER : C:\windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F55000
SIZE : 348.0 Ko
DRIVER : C:\windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FAC000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FB5000
SIZE : 40.0 Ko
DRIVER : C:\windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00FBF000
SIZE : 204.0 Ko
DRIVER : C:\windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FF2000
SIZE : 52.0 Ko
DRIVER : C:\windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 84.0 Ko
DRIVER : C:\windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E15000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E1E000
SIZE : 48.0 Ko
DRIVER : C:\windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E2A000
SIZE : 84.0 Ko
DRIVER : C:\windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E3F000
SIZE : 368.0 Ko
DRIVER : C:\windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00DBD000
SIZE : 104.0 Ko
DRIVER : C:\windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0107C000
SIZE : 1.33 Mo
DRIVER : C:\windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011D0000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 168.0 Ko
DRIVER : C:\windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x0102A000
SIZE : 44.0 Ko
DRIVER : C:\windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01035000
SIZE : 64.0 Ko
DRIVER : C:\windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01045000
SIZE : 44.0 Ko
DRIVER : C:\windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01259000
SIZE : 304.0 Ko
DRIVER : C:\windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x012A5000
SIZE : 80.0 Ko
DRIVER : C:\windows\System32\Drivers\PxHlpa64.sys => Invisible on the disk
ADDRESS : 0x012B9000
SIZE : 48.0 Ko
DRIVER : C:\windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01419000
SIZE : 1.64 Mo
DRIVER : C:\windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x012C5000
SIZE : 376.0 Ko
DRIVER : C:\windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x015BC000
SIZE : 108.0 Ko
DRIVER : C:\windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01323000
SIZE : 456.0 Ko
DRIVER : C:\windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015D7000
SIZE : 68.0 Ko
DRIVER : C:\windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015E8000
SIZE : 40.0 Ko
DRIVER : C:\windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01611000
SIZE : 972.0 Ko
DRIVER : C:\windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01704000
SIZE : 384.0 Ko
DRIVER : C:\windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01764000
SIZE : 172.0 Ko
DRIVER : C:\windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01818000
SIZE : 2.01 Mo
DRIVER : C:\windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A1B000
SIZE : 296.0 Ko
DRIVER : C:\windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01A65000
SIZE : 304.0 Ko
DRIVER : C:\windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01AB1000
SIZE : 32.0 Ko
DRIVER : C:\windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01AB9000
SIZE : 232.0 Ko
DRIVER : C:\windows\system32\DRIVERS\nvpciflt.sys => Invisible on the disk
ADDRESS : 0x01AF3000
SIZE : 44.0 Ko
DRIVER : C:\windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01AFE000
SIZE : 72.0 Ko
DRIVER : C:\windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B10000
SIZE : 36.0 Ko
DRIVER : C:\windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B19000
SIZE : 232.0 Ko
DRIVER : C:\windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01B53000
SIZE : 88.0 Ko
DRIVER : C:\windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B69000
SIZE : 192.0 Ko
DRIVER : C:\windows\System32\Drivers\aswVmm.sys => Invisible on the disk
ADDRESS : 0x01B99000
SIZE : 208.0 Ko
DRIVER : C:\windows\System32\Drivers\aswRvrt.sys => Invisible on the disk
ADDRESS : 0x01BCD000
SIZE : 76.0 Ko
DRIVER : C:\windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x02D89000
SIZE : 168.0 Ko
DRIVER : C:\windows\system32\drivers\aswSnx.sys => Invisible on the disk
ADDRESS : 0x0304A000
SIZE : 1024.0 Ko
DRIVER : C:\windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0314A000
SIZE : 36.0 Ko
DRIVER : C:\windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03153000
SIZE : 28.0 Ko
DRIVER : C:\windows\System32\Drivers\aswKbd.SYS => Invisible on the disk
ADDRESS : 0x0315A000
SIZE : 40.0 Ko
DRIVER : C:\windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03164000
SIZE : 56.0 Ko
DRIVER : C:\windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03172000
SIZE : 148.0 Ko
DRIVER : C:\windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03197000
SIZE : 64.0 Ko
DRIVER : C:\windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x031A7000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x031B0000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x031B9000
SIZE : 36.0 Ko
DRIVER : C:\windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x031C2000
SIZE : 44.0 Ko
DRIVER : C:\windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x031CD000
SIZE : 68.0 Ko
DRIVER : C:\windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x031DE000
SIZE : 136.0 Ko
DRIVER : C:\windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03000000
SIZE : 52.0 Ko
DRIVER : C:\windows\system32\drivers\aswTdi.sys => Invisible on the disk
ADDRESS : 0x0300D000
SIZE : 76.0 Ko
DRIVER : C:\windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x034EC000
SIZE : 548.0 Ko
DRIVER : C:\windows\system32\drivers\aswRdr2.sys => Invisible on the disk
ADDRESS : 0x03575000
SIZE : 104.0 Ko
DRIVER : C:\windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x0358F000
SIZE : 276.0 Ko
DRIVER : C:\windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x035D4000
SIZE : 44.0 Ko
DRIVER : C:\windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x035DF000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x03400000
SIZE : 152.0 Ko
DRIVER : C:\windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x03426000
SIZE : 88.0 Ko
DRIVER : C:\windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x0343C000
SIZE : 60.0 Ko
DRIVER : C:\windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x0344B000
SIZE : 108.0 Ko
DRIVER : C:\windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x03466000
SIZE : 80.0 Ko
DRIVER : C:\windows\system32\Drivers\SABI.sys => Invisible on the disk
ADDRESS : 0x0347A000
SIZE : 40.0 Ko
DRIVER : C:\windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x03484000
SIZE : 324.0 Ko
DRIVER : C:\windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x034D5000
SIZE : 48.0 Ko
DRIVER : C:\windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x034E1000
SIZE : 44.0 Ko
DRIVER : C:\windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x035E8000
SIZE : 60.0 Ko
DRIVER : C:\windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03020000
SIZE : 120.0 Ko
DRIVER : C:\windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02DB3000
SIZE : 68.0 Ko
DRIVER : C:\windows\system32\drivers\aswSP.sys => Invisible on the disk
ADDRESS : 0x0178F000
SIZE : 420.0 Ko
DRIVER : C:\windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02DC4000
SIZE : 152.0 Ko
DRIVER : C:\windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x03EB6000
SIZE : 10.96 Mo
DRIVER : C:\windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x03667000
SIZE : 976.0 Ko
DRIVER : C:\windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0375B000
SIZE : 280.0 Ko
DRIVER : C:\windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04A2F000
SIZE : 11.74 Mo
DRIVER : C:\windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x055ED000
SIZE : 68.0 Ko
DRIVER : C:\windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE : 144.0 Ko
DRIVER : C:\windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x04A24000
SIZE : 20.0 Ko
DRIVER : C:\windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x037A1000
SIZE : 120.0 Ko
DRIVER : C:\windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x037BF000
SIZE : 60.0 Ko
DRIVER : C:\windows\system32\DRIVERS\ETD.sys => Invisible on the disk
ADDRESS : 0x037CE000
SIZE : 192.0 Ko
DRIVER : C:\windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x03600000
SIZE : 60.0 Ko
DRIVER : C:\windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x0360F000
SIZE : 88.0 Ko
DRIVER : C:\windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x03625000
SIZE : 64.0 Ko
DRIVER : C:\windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x04A29000
SIZE : 24.0 Ko
DRIVER : C:\windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x049AD000
SIZE : 268.0 Ko
DRIVER : C:\windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x03635000
SIZE : 24.0 Ko
DRIVER : C:\windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x0363B000
SIZE : 88.0 Ko
DRIVER : C:\windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE : 144.0 Ko
DRIVER : C:\windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x03651000
SIZE : 48.0 Ko
DRIVER : C:\windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x03E24000
SIZE : 188.0 Ko
DRIVER : C:\windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x03E53000
SIZE : 108.0 Ko
DRIVER : C:\windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x03E6E000
SIZE : 132.0 Ko
DRIVER : C:\windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x03E8F000
SIZE : 104.0 Ko
DRIVER : C:\windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x055FE000
SIZE : 8.0 Ko
DRIVER : C:\windows\system32\DRIVERS\SGdrv64.sys => Invisible on the disk
ADDRESS : 0x0365D000
SIZE : 32.0 Ko
DRIVER : C:\windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x02DEA000
SIZE : 72.0 Ko
DRIVER : C:\windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x02C00000
SIZE : 84.0 Ko
DRIVER : C:\windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x0381E000
SIZE : 2.78 Mo
DRIVER : C:\windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x03AE5000
SIZE : 244.0 Ko
DRIVER : C:\windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x03B22000
SIZE : 136.0 Ko
DRIVER : C:\windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x03B44000
SIZE : 332.0 Ko
DRIVER : C:\windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x03B97000
SIZE : 56.0 Ko
DRIVER : C:\windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00030000
SIZE : 3.08 Mo
DRIVER : C:\windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x03BB8000
SIZE : 48.0 Ko
DRIVER : C:\windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x03BC4000
SIZE : 56.0 Ko
DRIVER : C:\windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00550000
SIZE : 40.0 Ko
DRIVER : C:\windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00700000
SIZE : 156.0 Ko
DRIVER : C:\windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x03BD2000
SIZE : 140.0 Ko
DRIVER : C:\windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x01395000
SIZE : 180.0 Ko
DRIVER : C:\windows\system32\drivers\aswFsBlk.sys => Invisible on the disk
ADDRESS : 0x03800000
SIZE : 48.0 Ko
DRIVER : C:\windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x013C2000
SIZE : 132.0 Ko
DRIVER : C:\windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x02D69000
SIZE : 84.0 Ko
DRIVER : C:\windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE : 332.0 Ko
DRIVER : C:\windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 76.0 Ko
DRIVER : C:\windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x01BE0000
SIZE : 96.0 Ko
DRIVER : C:\windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x174EE000
SIZE : 804.0 Ko
DRIVER : C:\windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x175B7000
SIZE : 120.0 Ko
DRIVER : C:\windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x175D5000
SIZE : 96.0 Ko
DRIVER : C:\windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x17400000
SIZE : 180.0 Ko
DRIVER : C:\windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x1742D000
SIZE : 312.0 Ko
DRIVER : C:\windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x1747B000
SIZE : 144.0 Ko
DRIVER : C:\windows\system32\drivers\aksdf.sys => Invisible on the disk
ADDRESS : 0x1749F000
SIZE : 80.0 Ko
DRIVER : C:\windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x174B3000
SIZE : 216.0 Ko
DRIVER : C:\windows\system32\drivers\aksfridge.sys => Invisible on the disk
ADDRESS : 0x01050000
SIZE : 132.0 Ko
DRIVER : C:\windows\system32\drivers\hardlock.sys => Invisible on the disk
ADDRESS : 0x17A82000
SIZE : 316.0 Ko
DRIVER : C:\windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x17AD1000
SIZE : 664.0 Ko
DRIVER : C:\windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x17B77000
SIZE : 44.0 Ko
DRIVER : C:\windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x17B82000
SIZE : 196.0 Ko
DRIVER : C:\windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x17BB3000
SIZE : 72.0 Ko
DRIVER : C:\windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x17A00000
SIZE : 468.0 Ko
DRIVER : C:\windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x17BC5000
SIZE : 68.0 Ko
DRIVER : C:\windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x1921D000
SIZE : 344.0 Ko
DRIVER : C:\windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x19273000
SIZE : 360.0 Ko
DRIVER : C:\windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x192CD000
SIZE : 56.0 Ko
DRIVER : C:\windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x192DB000
SIZE : 100.0 Ko
DRIVER : C:\windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x192F4000
SIZE : 36.0 Ko
DRIVER : C:\windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x192FD000
SIZE : 8.0 Ko
DRIVER : C:\windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x192FF000
SIZE : 52.0 Ko
DRIVER : C:\windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x19376000
SIZE : 420.0 Ko
DRIVER : C:\windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x1995F000
SIZE : 608.0 Ko
DRIVER : C:\windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x19800000
SIZE : 116.0 Ko
DRIVER : C:\windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x19879000
SIZE : 184.0 Ko
DRIVER : C:\windows\system32\DRIVERS\NETwNs64.sys => Invisible on the disk
ADDRESS : 0x1B8AE000
SIZE : 11.21 Mo
DRIVER : C:\windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x1C3E4000
SIZE : 52.0 Ko
DRIVER : C:\windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x1C3F1000
SIZE : 40.0 Ko
DRIVER : C:\windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x479F0000
SIZE : 128.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN
________________________________________________________________________________
_____FAKED \Device\Harddisk0\DR0
0x00000000 50 41 53 53 00 00 00 00 00 00 00 00 00 00 00 00 PASS............
0x00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__ORIGINAL \Device\Harddisk0\DR0
0x00000000 33 C0 8E D8 8E C0 8E D0 BC 00 7C 8B F4 BF 00 06 3À.Ø.À.м.|.ô¿..
0x00000010 B9 00 01 FC F3 A5 EA 1B 00 60 00 0E 1F 06 E8 95 ¹..üó¥ê..`....è.
0x00000020 00 07 80 3E 97 01 01 74 75 80 3E 97 01 02 74 00 ...>...tu.>...t.
0x00000030 C6 06 94 01 00 E8 04 01 BE BE 01 B3 04 F6 04 80 Æ....è..¾¾.³.ö..
0x00000040 75 0F 83 C6 10 FE CB 75 F4 CD 18 BE 5D 01 E8 FC u..Æ.þËuôÍ.¾].èü
0x00000050 00 BB 00 7C 06 53 50 55 8B EC C7 46 02 00 00 5D .».|.SPU.ìÇF...]
0x00000060 50 55 8B EC C7 46 02 00 00 5D FF 74 0A FF 74 08 PU.ìÇF...].t..t.
0x00000070 06 53 50 55 8B EC C7 46 02 01 00 5D 50 55 8B EC .SPU.ìÇF...]PU.ì
0x00000080 C7 46 02 10 00 5D 16 1F 8B F4 B4 42 CD 13 83 C4 ÇF...]...ô´BÍ..Ä
0x00000090 10 EB 00 CB C6 06 95 01 00 E8 A0 00 EB 00 BB 00 .ë.ËÆ....è..ë.».
0x000000A0 7C 06 53 B8 01 02 B5 00 B1 05 B6 00 B2 80 CD 13 |.S¸..µ.±.¶.².Í.
0x000000B0 C6 06 94 01 01 CB B8 00 F0 8E C0 33 C0 8B F0 BB Æ....˸.ð.À3À.ð»
0x000000C0 FF FF 26 81 3C 53 77 74 08 83 C6 01 4B 75 F3 EB ..&.<Swt..Æ.Kuóë
0x000000D0 1A 26 81 7C 02 53 6D 74 02 EB EE 26 81 7C 04 69 .&.|.Smt.ëî&.|.i
0x000000E0 40 74 02 EB E4 83 C6 06 E8 01 00 C3 1E 57 26 8B @t.ëä.Æ.è..Ã.W&.
0x000000F0 14 26 8A 44 03 EE 26 8B 44 07 8E D8 26 8B 44 05 .&.D.î&.D..Ø&.D.
0x00000100 8B F8 C7 05 43 58 C7 45 02 5C 00 26 8A 44 02 EE .øÇ.CXÇE.\.&.D.î
0x00000110 B1 02 8A 65 05 80 FC FF 74 13 80 FC 80 76 0E C7 ±..e..ü.t..ü.v.Ç
0x00000120 45 02 5D 00 80 EC 80 88 65 05 EE B1 01 26 8B 14 E.]..ì..e.î±.&..
0x00000130 26 8A 44 04 EE 5F 1F 88 0E 97 01 C3 BB 00 06 B8 &.D.î_.....û..¸
0x00000140 01 03 B5 00 B1 01 B6 00 B2 80 CD 13 C3 AC 3C 00 ..µ.±.¶.².Í.ì<.
0x00000150 74 0A B4 0E B7 00 B3 07 CD 10 EB F1 C3 4D 69 73 t.´.·.³.Í.ëñÃMis
0x00000160 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 sing operating s
0x00000170 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 00 ystem...........
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 46 44 53 54 00 00 3E 02 00 27 00 00 BC 0A 8D 7E FDST..>..'..¼..~
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 00 B0 42 C7 00 00 80 20 em...c{..°BÇ...
0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 03 !..ß....... ....
0x000001D0 14 CD 07 0F FF FF 00 28 03 00 00 00 60 06 00 0F .Í.....(....`...
0x000001E0 FF FF 0F 0F FF FF 00 28 63 06 00 D0 2C 4E 00 0F .......(c..Ð,N..
0x000001F0 FF FF 27 0F FF FF 00 F8 8F 54 00 68 C4 02 55 AA ..'....ø.T.hÄ.Uª
__________________________16_BIT_ASM_CODE
0x0000 50 PUSH AX
0x0001 41 INC CX
0x0002 53 PUSH BX
0x0003 53 PUSH BX
0x0004 0000 ADD [BX+SI], AL
0x0006 0000 ADD [BX+SI], AL
0x0008 0000 ADD [BX+SI], AL
0x000A 0000 ADD [BX+SI], AL
0x000C 0000 ADD [BX+SI], AL
0x000E 0000 ADD [BX+SI], AL
0x0010 0000 ADD [BX+SI], AL
0x0012 0000 ADD [BX+SI], AL
0x0014 0000 ADD [BX+SI], AL
0x0016 0000 ADD [BX+SI], AL
0x0018 0000 ADD [BX+SI], AL
0x001A 0000 ADD [BX+SI], AL
0x001C 0000 ADD [BX+SI], AL
0x001E 0000 ADD [BX+SI], AL
0x0020 0000 ADD [BX+SI], AL
0x0022 0000 ADD [BX+SI], AL
0x0024 0000 ADD [BX+SI], AL
0x0026 0000 ADD [BX+SI], AL
0x0028 0000 ADD [BX+SI], AL
0x002A 0000 ADD [BX+SI], AL
0x002C 0000 ADD [BX+SI], AL
0x002E 0000 ADD [BX+SI], AL
0x0030 0000 ADD [BX+SI], AL
0x0032 0000 ADD [BX+SI], AL
0x0034 0000 ADD [BX+SI], AL
0x0036 0000 ADD [BX+SI], AL
0x0038 0000 ADD [BX+SI], AL
0x003A 0000 ADD [BX+SI], AL
0x003C 0000 ADD [BX+SI], AL
0x003E 0000 ADD [BX+SI], AL
0x0040 0000 ADD [BX+SI], AL
0x0042 0000 ADD [BX+SI], AL
0x0044 0000 ADD [BX+SI], AL
0x0046 0000 ADD [BX+SI], AL
0x0048 0000 ADD [BX+SI], AL
0x004A 0000 ADD [BX+SI], AL
0x004C 0000 ADD [BX+SI], AL
0x004E 0000 ADD [BX+SI], AL
0x0050 0000 ADD [BX+SI], AL
0x0052 0000 ADD [BX+SI], AL
0x0054 0000 ADD [BX+SI], AL
0x0056 0000 ADD [BX+SI], AL
0x0058 0000 ADD [BX+SI], AL
0x005A 0000 ADD [BX+SI], AL
0x005C 0000 ADD [BX+SI], AL
0x005E 0000 ADD [BX+SI], AL
0x0060 0000 ADD [BX+SI], AL
0x0062 0000 ADD [BX+SI], AL
0x0064 0000 ADD [BX+SI], AL
0x0066 0000 ADD [BX+SI], AL
0x0068 0000 ADD [BX+SI], AL
0x006A 0000 ADD [BX+SI], AL
0x006C 0000 ADD [BX+SI], AL
0x006E 0000 ADD [BX+SI], AL
0x0070 0000 ADD [BX+SI], AL
0x0072 0000 ADD [BX+SI], AL
0x0074 0000 ADD [BX+SI], AL
0x0076 0000 ADD [BX+SI], AL
0x0078 0000 ADD [BX+SI], AL
0x007A 0000 ADD [BX+SI], AL
0x007C 0000 ADD [BX+SI], AL
0x007E 0000 ADD [BX+SI], AL
0x0080 0000 ADD [BX+SI], AL
0x0082 0000 ADD [BX+SI], AL
0x0084 0000 ADD [BX+SI], AL
0x0086 0000 ADD [BX+SI], AL
0x0088 0000 ADD [BX+SI], AL
0x008A 0000 ADD [BX+SI], AL
0x008C 0000 ADD [BX+SI], AL
0x008E 0000 ADD [BX+SI], AL
0x0090 0000 ADD [BX+SI], AL
0x0092 0000 ADD [BX+SI], AL
0x0094 0000 ADD [BX+SI], AL
0x0096 0000 ADD [BX+SI], AL
0x0098 0000 ADD [BX+SI], AL
0x009A 0000 ADD [BX+SI], AL
0x009C 0000 ADD [BX+SI], AL
0x009E 0000 ADD [BX+SI], AL
0x00A0 0000 ADD [BX+SI], AL
0x00A2 0000 ADD [BX+SI], AL
0x00A4 0000 ADD [BX+SI], AL
0x00A6 0000 ADD [BX+SI], AL
0x00A8 0000 ADD [BX+SI], AL
0x00AA 0000 ADD [BX+SI], AL
0x00AC 0000 ADD [BX+SI], AL
0x00AE 0000 ADD [BX+SI], AL
0x00B0 0000 ADD [BX+SI], AL
0x00B2 0000 ADD [BX+SI], AL
0x00B4 0000 ADD [BX+SI], AL
0x00B6 0000 ADD [BX+SI], AL
0x00B8 0000 ADD [BX+SI], AL
0x00BA 0000 ADD [BX+SI], AL
0x00BC 0000 ADD [BX+SI], AL
0x00BE 0000 ADD [BX+SI], AL
0x00C0 0000 ADD [BX+SI], AL
0x00C2 0000 ADD [BX+SI], AL
0x00C4 0000 ADD [BX+SI], AL
0x00C6 0000 ADD [BX+SI], AL
0x00C8 0000 ADD [BX+SI], AL
0x00CA 0000 ADD [BX+SI], AL
0x00CC 0000 ADD [BX+SI], AL
0x00CE 0000 ADD [BX+SI], AL
0x00D0 0000 ADD [BX+SI], AL
0x00D2 0000 ADD [BX+SI], AL
0x00D4 0000 ADD [BX+SI], AL
0x00D6 0000 ADD [BX+SI], AL
0x00D8 0000 ADD [BX+SI], AL
0x00DA 0000 ADD [BX+SI], AL
0x00DC 0000 ADD [BX+SI], AL
0x00DE 0000 ADD [BX+SI], AL
0x00E0 0000 ADD [BX+SI], AL
0x00E2 0000 ADD [BX+SI], AL
0x00E4 0000 ADD [BX+SI], AL
0x00E6 0000 ADD [BX+SI], AL
0x00E8 0000 ADD [BX+SI], AL
0x00EA 0000 ADD [BX+SI], AL
0x00EC 0000 ADD [BX+SI], AL
0x00EE 0000 ADD [BX+SI], AL
0x00F0 0000 ADD [BX+SI], AL
0x00F2 0000 ADD [BX+SI], AL
0x00F4 0000 ADD [BX+SI], AL
0x00F6 0000 ADD [BX+SI], AL
0x00F8 0000 ADD [BX+SI], AL
0x00FA 0000 ADD [BX+SI], AL
0x00FC 0000 ADD [BX+SI], AL
0x00FE 0000 ADD [BX+SI], AL
0x0100 0000 ADD [BX+SI], AL
0x0102 0000 ADD [BX+SI], AL
0x0104 0000 ADD [BX+SI], AL
0x0106 0000 ADD [BX+SI], AL
0x0108 0000 ADD [BX+SI], AL
0x010A 0000 ADD [BX+SI], AL
0x010C 0000 ADD [BX+SI], AL
0x010E 0000 ADD [BX+SI], AL
0x0110 0000 ADD [BX+SI], AL
0x0112 0000 ADD [BX+SI], AL
0x0114 0000 ADD [BX+SI], AL
0x0116 0000 ADD [BX+SI], AL
0x0118 0000 ADD [BX+SI], AL
0x011A 0000 ADD [BX+SI], AL
0x011C 0000 ADD [BX+SI], AL
0x011E 0000 ADD [BX+SI], AL
0x0120 0000 ADD [BX+SI], AL
0x0122 0000 ADD [BX+SI], AL
0x0124 0000 ADD [BX+SI], AL
0x0126 0000 ADD [BX+SI], AL
0x0128 0000 ADD [BX+SI], AL
0x012A 0000 ADD [BX+SI], AL
0x012C 0000 ADD [BX+SI], AL
0x012E 0000 ADD [BX+SI], AL
0x0130 0000 ADD [BX+SI], AL
0x0132 0000 ADD [BX+SI], AL
0x0134 0000 ADD [BX+SI], AL
0x0136 0000 ADD [BX+SI], AL
0x0138 0000 ADD [BX+SI], AL
0x013A 0000 ADD [BX+SI], AL
0x013C 0000 ADD [BX+SI], AL
0x013E 0000 ADD [BX+SI], AL
0x0140 0000 ADD [BX+SI], AL
0x0142 0000 ADD [BX+SI], AL
0x0144 0000 ADD [BX+SI], AL
0x0146 0000 ADD [BX+SI], AL
0x0148 0000 ADD [BX+SI], AL
0x014A 0000 ADD [BX+SI], AL
0x014C 0000 ADD [BX+SI], AL
0x014E 0000 ADD [BX+SI], AL
0x0150 0000 ADD [BX+SI], AL
0x0152 0000 ADD [BX+SI], AL
0x0154 0000 ADD [BX+SI], AL
0x0156 0000 ADD [BX+SI], AL
0x0158 0000 ADD [BX+SI], AL
0x015A 0000 ADD [BX+SI], AL
0x015C 0000 ADD [BX+SI], AL
0x015E 0000 ADD [BX+SI], AL
0x0160 0000 ADD [BX+SI], AL
0x0162 0000 ADD [BX+SI], AL
0x0164 0000 ADD [BX+SI], AL
0x0166 0000 ADD [BX+SI], AL
0x0168 0000 ADD [BX+SI], AL
0x016A 0000 ADD [BX+SI], AL
0x016C 0000 ADD [BX+SI], AL
0x016E 0000 ADD [BX+SI], AL
0x0170 0000 ADD [BX+SI], AL
0x0172 0000 ADD [BX+SI], AL
0x0174 0000 ADD [BX+SI], AL
0x0176 0000 ADD [BX+SI], AL
0x0178 0000 ADD [BX+SI], AL
0x017A 0000 ADD [BX+SI], AL
0x017C 0000 ADD [BX+SI], AL
0x017E 0000 ADD [BX+SI], AL
0x0180 0000 ADD [BX+SI], AL
0x0182 0000 ADD [BX+SI], AL
0x0184 0000 ADD [BX+SI], AL
0x0186 0000 ADD [BX+SI], AL
0x0188 0000 ADD [BX+SI], AL
0x018A 0000 ADD [BX+SI], AL
0x018C 0000 ADD [BX+SI], AL
0x018E 0000 ADD [BX+SI], AL
0x0190 0000 ADD [BX+SI], AL
0x0192 0000 ADD [BX+SI], AL
0x0194 0000 ADD [BX+SI], AL
0x0196 0000 ADD [BX+SI], AL
0x0198 0000 ADD [BX+SI], AL
0x019A 0000 ADD [BX+SI], AL
0x019C 0000 ADD [BX+SI], AL
0x019E 0000 ADD [BX+SI], AL
0x01A0 0000 ADD [BX+SI], AL
0x01A2 0000 ADD [BX+SI], AL
0x01A4 0000 ADD [BX+SI], AL
0x01A6 0000 ADD [BX+SI], AL
0x01A8 0000 ADD [BX+SI], AL
0x01AA 0000 ADD [BX+SI], AL
0x01AC 0000 ADD [BX+SI], AL
0x01AE 0000 ADD [BX+SI], AL
0x01B0 0000 ADD [BX+SI], AL
0x01B2 0000 ADD [BX+SI], AL
0x01B4 0000 ADD [BX+SI], AL
0x01B6 0000 ADD [BX+SI], AL
0x01B8 0000 ADD [BX+SI], AL
0x01BA 0000 ADD [BX+SI], AL
0x01BC 0000 ADD [BX+SI], AL
0x01BE 0000 ADD [BX+SI], AL
0x01C0 0000 ADD [BX+SI], AL
0x01C2 0000 ADD [BX+SI], AL
0x01C4 0000 ADD [BX+SI], AL
0x01C6 0000 ADD [BX+SI], AL
0x01C8 0000 ADD [BX+SI], AL
0x01CA 0000 ADD [BX+SI], AL
0x01CC 0000 ADD [BX+SI], AL
0x01CE 0000 ADD [BX+SI], AL
0x01D0 0000 ADD [BX+SI], AL
0x01D2 0000 ADD [BX+SI], AL
0x01D4 0000 ADD [BX+SI], AL
0x01D6 0000 ADD [BX+SI], AL
0x01D8 0000 ADD [BX+SI], AL
0x01DA 0000 ADD [BX+SI], AL
0x01DC 0000 ADD [BX+SI], AL
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 0000 ADD [BX+SI], AL
Re: Avast mi našel rootkit, prosím o radu
Soubory oskenované na virustotal.com
File already analysed
This file was already analysed by VirusTotal on 2013-11-01 23:47:54 .
Detection ratio: 0/47
You can take a look at the last analysis or analyse it again now.
A druhý soubor:
SHA256: 41f91e1043480eafe0faaa2f3d557d5e403d0d5b0cf6346a919347d81941feda
File name: Dump_Hdd0_DR0.old
Detection ratio: 2 / 47
Analysis date: 2013-11-06 18:35:53 UTC ( 0 minut ago )
A dole vypsané antiviry - všchno v pořádku, kromě
NANO-Antivirus Virus.Boot.Gen-Resident-Crypt.ccnj 20131106
VBA32 suspected of Unknown.BootVirus.I 20131106
File already analysed
This file was already analysed by VirusTotal on 2013-11-01 23:47:54 .
Detection ratio: 0/47
You can take a look at the last analysis or analyse it again now.
A druhý soubor:
SHA256: 41f91e1043480eafe0faaa2f3d557d5e403d0d5b0cf6346a919347d81941feda
File name: Dump_Hdd0_DR0.old
Detection ratio: 2 / 47
Analysis date: 2013-11-06 18:35:53 UTC ( 0 minut ago )
A dole vypsané antiviry - všchno v pořádku, kromě
NANO-Antivirus Virus.Boot.Gen-Resident-Crypt.ccnj 20131106
VBA32 suspected of Unknown.BootVirus.I 20131106
Re: Avast mi našel rootkit, prosím o radu
19:48:42.0457 5656 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:48:46.0061 5656 ============================================================
19:48:46.0061 5656 Current date / time: 2013/11/06 19:48:46.0061
19:48:46.0061 5656 SystemInfo:
19:48:46.0061 5656
19:48:46.0061 5656 OS Version: 6.1.7601 ServicePack: 1.0
19:48:46.0061 5656 Product type: Workstation
19:48:46.0061 5656 ComputerName: ABECOMPUTER
19:48:46.0061 5656 UserName: Abe
19:48:46.0061 5656 Windows directory: C:\windows
19:48:46.0061 5656 System windows directory: C:\windows
19:48:46.0061 5656 Running under WOW64
19:48:46.0061 5656 Processor architecture: Intel x64
19:48:46.0061 5656 Number of processors: 4
19:48:46.0061 5656 Page size: 0x1000
19:48:46.0061 5656 Boot type: Normal boot
19:48:46.0061 5656 ============================================================
19:48:46.0544 5656 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
19:48:46.0544 5656 ============================================================
19:48:46.0544 5656 \Device\Harddisk0\DR0:
19:48:46.0544 5656 MBR partitions:
19:48:46.0544 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:48:46.0544 5656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6600000
19:48:46.0560 5656 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6633000, BlocksNum 0x4E2CC800
19:48:46.0560 5656 ============================================================
19:48:46.0591 5656 C: <-> \Device\Harddisk0\DR0\Partition2
19:48:46.0638 5656 D: <-> \Device\Harddisk0\DR0\Partition3
19:48:46.0638 5656 ============================================================
19:48:46.0638 5656 Initialize success
19:48:46.0638 5656 ============================================================
19:48:54.0797 2744 ============================================================
19:48:54.0797 2744 Scan started
19:48:54.0797 2744 Mode: Manual; SigCheck; TDLFS;
19:48:54.0797 2744 ============================================================
19:48:54.0937 2744 ================ Scan system memory ========================
19:48:54.0937 2744 System memory - ok
19:48:54.0937 2744 ================ Scan services =============================
19:48:55.0078 2744 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:48:55.0140 2744 1394ohci - ok
19:48:55.0171 2744 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:48:55.0187 2744 ACPI - ok
19:48:55.0218 2744 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:48:55.0234 2744 AcpiPmi - ok
19:48:55.0358 2744 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:48:55.0374 2744 AdobeARMservice - ok
19:48:55.0499 2744 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:55.0514 2744 AdobeFlashPlayerUpdateSvc - ok
19:48:55.0561 2744 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:48:55.0592 2744 adp94xx - ok
19:48:55.0608 2744 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:48:55.0624 2744 adpahci - ok
19:48:55.0639 2744 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:48:55.0655 2744 adpu320 - ok
19:48:55.0686 2744 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:48:55.0733 2744 AeLookupSvc - ok
19:48:55.0795 2744 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:48:55.0811 2744 AFD - ok
19:48:55.0842 2744 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:48:55.0858 2744 agp440 - ok
19:48:55.0904 2744 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\windows\system32\drivers\aksdf.sys
19:48:55.0920 2744 aksdf - ok
19:48:56.0014 2744 [ 43415AF4F20E9867974623840A22FE98 ] aksfridge C:\windows\system32\drivers\aksfridge.sys
19:48:56.0014 2744 aksfridge - ok
19:48:56.0045 2744 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:48:56.0060 2744 ALG - ok
19:48:56.0060 2744 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:48:56.0076 2744 aliide - ok
19:48:56.0092 2744 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:48:56.0107 2744 amdide - ok
19:48:56.0123 2744 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:48:56.0138 2744 AmdK8 - ok
19:48:56.0138 2744 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:48:56.0154 2744 AmdPPM - ok
19:48:56.0201 2744 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:48:56.0216 2744 amdsata - ok
19:48:56.0248 2744 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:48:56.0263 2744 amdsbs - ok
19:48:56.0279 2744 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:48:56.0294 2744 amdxata - ok
19:48:56.0341 2744 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
19:48:56.0357 2744 AMPPAL - ok
19:48:56.0357 2744 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
19:48:56.0388 2744 AMPPALP - ok
19:48:56.0497 2744 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:48:56.0544 2744 AMPPALR3 - ok
19:48:56.0560 2744 Andbus - ok
19:48:56.0560 2744 AndDiag - ok
19:48:56.0560 2744 AndGps - ok
19:48:56.0575 2744 ANDModem - ok
19:48:56.0575 2744 androidusb - ok
19:48:56.0606 2744 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:48:56.0653 2744 AppID - ok
19:48:56.0684 2744 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:48:56.0731 2744 AppIDSvc - ok
19:48:56.0747 2744 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:48:56.0794 2744 Appinfo - ok
19:48:56.0840 2744 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:48:56.0872 2744 arc - ok
19:48:56.0887 2744 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:48:56.0903 2744 arcsas - ok
19:48:57.0043 2744 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:48:57.0059 2744 aspnet_state - ok
19:48:57.0074 2744 [ 1EC6777695564CA7EB3ADB36C78322E5 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
19:48:57.0106 2744 aswFsBlk - ok
19:48:57.0121 2744 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\windows\system32\drivers\aswKbd.sys
19:48:57.0137 2744 aswKbd - ok
19:48:57.0152 2744 [ FAF7B0B0C44A2FBD6FBC54E3E0F38545 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
19:48:57.0168 2744 aswMonFlt - ok
19:48:57.0184 2744 [ 679712B7A353EE665B9301592164A172 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
19:48:57.0199 2744 aswRdr - ok
19:48:57.0246 2744 [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
19:48:57.0277 2744 aswRvrt - ok
19:48:57.0308 2744 [ 3E07C93A2CB67840E4CD56C00959A402 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
19:48:57.0355 2744 aswSnx - ok
19:48:57.0402 2744 [ 79ADA401A6E2054F110E7FBDFAC71942 ] aswSP C:\windows\system32\drivers\aswSP.sys
19:48:57.0418 2744 aswSP - ok
19:48:57.0464 2744 [ 81C42096CE90B45C03DCFF017A8A49C7 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
19:48:57.0480 2744 aswTdi - ok
19:48:57.0527 2744 [ 59787B95DD9CA44CB139D96863438587 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
19:48:57.0542 2744 aswVmm - ok
19:48:57.0558 2744 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:48:57.0620 2744 AsyncMac - ok
19:48:57.0636 2744 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:48:57.0652 2744 atapi - ok
19:48:57.0683 2744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:48:57.0745 2744 AudioEndpointBuilder - ok
19:48:57.0761 2744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:48:57.0823 2744 AudioSrv - ok
19:48:57.0901 2744 [ 7A189530FD0CFD415DBE41123F8A6A59 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:48:57.0917 2744 avast! Antivirus - ok
19:48:57.0932 2744 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:48:57.0948 2744 AxInstSV - ok
19:48:58.0010 2744 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:48:58.0042 2744 b06bdrv - ok
19:48:58.0057 2744 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:48:58.0073 2744 b57nd60a - ok
19:48:58.0104 2744 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:48:58.0120 2744 BDESVC - ok
19:48:58.0135 2744 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:48:58.0182 2744 Beep - ok
19:48:58.0229 2744 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:48:58.0291 2744 BFE - ok
19:48:58.0338 2744 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
19:48:58.0400 2744 BITS - ok
19:48:58.0432 2744 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:48:58.0447 2744 blbdrive - ok
19:48:58.0556 2744 [ 2E251B39ABEA79351E5633E5A7C36BE4 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:48:58.0572 2744 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
19:48:58.0572 2744 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
19:48:58.0634 2744 [ 1EC546F8B6222F1F984220C1324EA945 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:48:58.0666 2744 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
19:48:58.0666 2744 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
19:48:58.0728 2744 [ ADB9C79CCBEF779D56A9AC931F9C8DF0 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:48:58.0744 2744 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
19:48:58.0744 2744 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
19:48:58.0775 2744 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:48:58.0790 2744 bowser - ok
19:48:58.0822 2744 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:48:58.0853 2744 BrFiltLo - ok
19:48:58.0853 2744 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:48:58.0868 2744 BrFiltUp - ok
19:48:58.0900 2744 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:48:58.0946 2744 BridgeMP - ok
19:48:58.0962 2744 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
19:48:59.0024 2744 Browser - ok
19:48:59.0056 2744 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:48:59.0087 2744 Brserid - ok
19:48:59.0087 2744 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:48:59.0102 2744 BrSerWdm - ok
19:48:59.0118 2744 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:48:59.0134 2744 BrUsbMdm - ok
19:48:59.0134 2744 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:48:59.0149 2744 BrUsbSer - ok
19:48:59.0196 2744 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
19:48:59.0212 2744 BthEnum - ok
19:48:59.0243 2744 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:48:59.0274 2744 BTHMODEM - ok
19:48:59.0290 2744 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:48:59.0321 2744 BthPan - ok
19:48:59.0336 2744 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
19:48:59.0368 2744 BTHPORT - ok
19:48:59.0399 2744 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:48:59.0461 2744 bthserv - ok
19:48:59.0492 2744 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:48:59.0492 2744 BTHSSecurityMgr - ok
19:48:59.0524 2744 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
19:48:59.0539 2744 BTHUSB - ok
19:48:59.0570 2744 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys
19:48:59.0586 2744 btmaudio - ok
19:48:59.0617 2744 [ 76A1340ADB32798D18394AA424D584E2 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
19:48:59.0633 2744 btmaux - ok
19:48:59.0680 2744 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
19:48:59.0711 2744 btmhsf - ok
19:48:59.0758 2744 catchme - ok
19:48:59.0789 2744 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:48:59.0851 2744 cdfs - ok
19:48:59.0867 2744 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:48:59.0882 2744 cdrom - ok
19:48:59.0914 2744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:48:59.0960 2744 CertPropSvc - ok
19:48:59.0992 2744 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:49:00.0007 2744 circlass - ok
19:49:00.0038 2744 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:49:00.0054 2744 CLFS - ok
19:49:00.0132 2744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:00.0148 2744 clr_optimization_v2.0.50727_32 - ok
19:49:00.0194 2744 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:49:00.0210 2744 clr_optimization_v2.0.50727_64 - ok
19:49:00.0272 2744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:49:00.0288 2744 clr_optimization_v4.0.30319_32 - ok
19:49:00.0304 2744 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:49:00.0319 2744 clr_optimization_v4.0.30319_64 - ok
19:49:00.0350 2744 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
19:49:00.0366 2744 clwvd - ok
19:49:00.0366 2744 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:49:00.0382 2744 CmBatt - ok
19:49:00.0413 2744 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:49:00.0428 2744 cmdide - ok
19:49:00.0491 2744 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
19:49:00.0522 2744 CNG - ok
19:49:00.0538 2744 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:49:00.0553 2744 Compbatt - ok
19:49:00.0569 2744 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:49:00.0584 2744 CompositeBus - ok
19:49:00.0584 2744 COMSysApp - ok
19:49:00.0600 2744 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:49:00.0616 2744 crcdisk - ok
19:49:00.0647 2744 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
19:49:00.0709 2744 CryptSvc - ok
19:49:00.0740 2744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:49:00.0787 2744 DcomLaunch - ok
19:49:00.0834 2744 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:49:00.0896 2744 defragsvc - ok
19:49:00.0912 2744 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:49:00.0959 2744 DfsC - ok
19:49:00.0974 2744 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:49:01.0021 2744 Dhcp - ok
19:49:01.0052 2744 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:49:01.0099 2744 discache - ok
19:49:01.0115 2744 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:49:01.0130 2744 Disk - ok
19:49:01.0177 2744 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:49:01.0193 2744 Dnscache - ok
19:49:01.0224 2744 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:49:01.0286 2744 dot3svc - ok
19:49:01.0318 2744 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
19:49:01.0333 2744 Dot4 - ok
19:49:01.0349 2744 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
19:49:01.0364 2744 Dot4Print - ok
19:49:01.0380 2744 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
19:49:01.0411 2744 dot4usb - ok
19:49:01.0427 2744 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:49:01.0474 2744 DPS - ok
19:49:01.0505 2744 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:49:01.0520 2744 drmkaud - ok
19:49:01.0552 2744 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:49:01.0583 2744 DXGKrnl - ok
19:49:01.0614 2744 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:49:01.0676 2744 EapHost - ok
19:49:01.0786 2744 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:49:01.0864 2744 ebdrv - ok
19:49:01.0895 2744 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:49:01.0910 2744 EFS - ok
19:49:01.0942 2744 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:49:01.0973 2744 elxstor - ok
19:49:01.0988 2744 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:49:02.0004 2744 ErrDev - ok
19:49:02.0035 2744 [ 98B103D1D5C426A10219437E36E03FE8 ] ETD C:\windows\system32\DRIVERS\ETD.sys
19:49:02.0051 2744 ETD - ok
19:49:02.0098 2744 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:49:02.0144 2744 EventSystem - ok
19:49:02.0176 2744 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:49:02.0222 2744 exfat - ok
19:49:02.0254 2744 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:49:02.0300 2744 fastfat - ok
19:49:02.0347 2744 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:49:02.0378 2744 Fax - ok
19:49:02.0394 2744 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:49:02.0410 2744 fdc - ok
19:49:02.0425 2744 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:49:02.0472 2744 fdPHost - ok
19:49:02.0488 2744 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:49:02.0534 2744 FDResPub - ok
19:49:02.0566 2744 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:49:02.0581 2744 FileInfo - ok
19:49:02.0612 2744 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:49:02.0659 2744 Filetrace - ok
19:49:02.0659 2744 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:49:02.0675 2744 flpydisk - ok
19:49:02.0706 2744 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:49:02.0722 2744 FltMgr - ok
19:49:02.0784 2744 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:49:02.0831 2744 FontCache - ok
19:49:02.0878 2744 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:49:02.0893 2744 FontCache3.0.0.0 - ok
19:49:02.0909 2744 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:49:02.0924 2744 FsDepends - ok
19:49:02.0956 2744 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:49:02.0971 2744 Fs_Rec - ok
19:49:03.0002 2744 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:49:03.0018 2744 fvevol - ok
19:49:03.0065 2744 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:49:03.0080 2744 gagp30kx - ok
19:49:03.0127 2744 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:49:03.0190 2744 gpsvc - ok
19:49:03.0268 2744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:03.0283 2744 gupdate - ok
19:49:03.0283 2744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:03.0299 2744 gupdatem - ok
19:49:03.0330 2744 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:49:03.0346 2744 gusvc - ok
19:49:03.0377 2744 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\windows\system32\drivers\hardlock.sys
19:49:03.0408 2744 hardlock - ok
19:49:03.0408 2744 hasplms - ok
19:49:03.0439 2744 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:49:03.0455 2744 hcw85cir - ok
19:49:03.0486 2744 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:49:03.0517 2744 HdAudAddService - ok
19:49:03.0548 2744 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:49:03.0580 2744 HDAudBus - ok
19:49:03.0595 2744 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:49:03.0611 2744 HidBatt - ok
19:49:03.0626 2744 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:49:03.0642 2744 HidBth - ok
19:49:03.0658 2744 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:49:03.0689 2744 HidIr - ok
19:49:03.0720 2744 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
19:49:03.0767 2744 hidserv - ok
19:49:03.0782 2744 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:49:03.0798 2744 HidUsb - ok
19:49:03.0829 2744 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:49:03.0876 2744 hkmsvc - ok
19:49:03.0892 2744 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:49:03.0923 2744 HomeGroupListener - ok
19:49:03.0938 2744 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:49:03.0970 2744 HomeGroupProvider - ok
19:49:04.0048 2744 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:49:04.0063 2744 hpqcxs08 - ok
19:49:04.0126 2744 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:49:04.0126 2744 hpqddsvc - ok
19:49:04.0172 2744 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:49:04.0188 2744 HpSAMD - ok
19:49:04.0219 2744 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:49:04.0282 2744 HTTP - ok
19:49:04.0297 2744 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:49:04.0313 2744 hwpolicy - ok
19:49:04.0313 2744 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:49:04.0344 2744 i8042prt - ok
19:49:04.0375 2744 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:49:04.0406 2744 iaStor - ok
19:49:04.0453 2744 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:49:04.0469 2744 iaStorV - ok
19:49:04.0516 2744 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
19:49:04.0516 2744 iBtFltCoex - ok
19:49:04.0578 2744 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:49:04.0609 2744 idsvc - ok
19:49:04.0906 2744 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:49:05.0124 2744 igfx - ok
19:49:05.0171 2744 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:49:05.0186 2744 iirsp - ok
19:49:05.0233 2744 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:49:05.0296 2744 IKEEXT - ok
19:49:05.0420 2744 [ 8E05ADB4B809B478B2EC65A1A1633DEB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:49:05.0498 2744 IntcAzAudAddService - ok
19:49:05.0530 2744 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:49:05.0545 2744 IntcDAud - ok
19:49:05.0576 2744 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:49:05.0592 2744 intelide - ok
19:49:05.0623 2744 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:49:05.0639 2744 intelppm - ok
19:49:05.0670 2744 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:49:05.0717 2744 IPBusEnum - ok
19:49:05.0732 2744 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:49:05.0779 2744 IpFilterDriver - ok
19:49:05.0826 2744 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:49:05.0888 2744 iphlpsvc - ok
19:49:05.0904 2744 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:49:05.0935 2744 IPMIDRV - ok
19:49:05.0951 2744 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:49:05.0998 2744 IPNAT - ok
19:49:06.0029 2744 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:49:06.0044 2744 IRENUM - ok
19:49:06.0076 2744 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:49:06.0076 2744 isapnp - ok
19:49:06.0122 2744 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:49:06.0138 2744 iScsiPrt - ok
19:49:06.0154 2744 IT9135BDA - ok
19:49:06.0169 2744 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:49:06.0185 2744 kbdclass - ok
19:49:06.0216 2744 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:49:06.0232 2744 kbdhid - ok
19:49:06.0247 2744 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:49:06.0263 2744 KeyIso - ok
19:49:06.0294 2744 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:49:06.0310 2744 KSecDD - ok
19:49:06.0341 2744 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:49:06.0356 2744 KSecPkg - ok
19:49:06.0372 2744 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:49:06.0419 2744 ksthunk - ok
19:49:06.0450 2744 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:49:06.0512 2744 KtmRm - ok
19:49:06.0544 2744 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
19:49:06.0590 2744 LanmanServer - ok
19:49:06.0637 2744 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:49:06.0684 2744 LanmanWorkstation - ok
19:49:06.0700 2744 LgBttPort - ok
19:49:06.0731 2744 lgbusenum - ok
19:49:06.0746 2744 LGVMODEM - ok
19:49:06.0778 2744 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:49:06.0824 2744 lltdio - ok
19:49:06.0856 2744 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:49:06.0918 2744 lltdsvc - ok
19:49:06.0934 2744 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:49:06.0980 2744 lmhosts - ok
19:49:07.0027 2744 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:49:07.0043 2744 LMS - ok
19:49:07.0074 2744 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:49:07.0090 2744 LSI_FC - ok
19:49:07.0121 2744 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:49:07.0136 2744 LSI_SAS - ok
19:49:07.0152 2744 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:49:07.0168 2744 LSI_SAS2 - ok
19:49:07.0183 2744 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:49:07.0199 2744 LSI_SCSI - ok
19:49:07.0214 2744 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:49:07.0277 2744 luafv - ok
19:49:07.0292 2744 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:49:07.0324 2744 megasas - ok
19:49:07.0339 2744 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:49:07.0355 2744 MegaSR - ok
19:49:07.0386 2744 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:49:07.0402 2744 MEIx64 - ok
19:49:07.0417 2744 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:49:07.0464 2744 MMCSS - ok
19:49:07.0495 2744 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:49:07.0558 2744 Modem - ok
19:49:07.0589 2744 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:49:07.0604 2744 monitor - ok
19:49:07.0620 2744 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:49:07.0636 2744 mouclass - ok
19:49:07.0667 2744 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:49:07.0682 2744 mouhid - ok
19:49:07.0698 2744 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:49:07.0714 2744 mountmgr - ok
19:49:07.0792 2744 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:49:07.0807 2744 MozillaMaintenance - ok
19:49:07.0823 2744 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:49:07.0838 2744 mpio - ok
19:49:07.0854 2744 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:49:07.0901 2744 mpsdrv - ok
19:49:07.0948 2744 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:49:08.0010 2744 MpsSvc - ok
19:49:08.0057 2744 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:49:08.0072 2744 MRxDAV - ok
19:49:08.0119 2744 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:49:08.0135 2744 mrxsmb - ok
19:49:08.0166 2744 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:49:08.0182 2744 mrxsmb10 - ok
19:49:08.0213 2744 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:49:08.0244 2744 mrxsmb20 - ok
19:49:08.0275 2744 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:49:08.0291 2744 msahci - ok
19:49:08.0306 2744 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:49:08.0322 2744 msdsm - ok
19:49:08.0338 2744 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:49:08.0369 2744 MSDTC - ok
19:49:08.0400 2744 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:49:08.0447 2744 Msfs - ok
19:49:08.0478 2744 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:49:08.0525 2744 mshidkmdf - ok
19:49:08.0540 2744 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:49:08.0556 2744 msisadrv - ok
19:49:08.0587 2744 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:49:08.0650 2744 MSiSCSI - ok
19:49:08.0650 2744 msiserver - ok
19:49:08.0665 2744 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:49:08.0712 2744 MSKSSRV - ok
19:49:08.0743 2744 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:49:08.0790 2744 MSPCLOCK - ok
19:49:08.0806 2744 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:49:08.0852 2744 MSPQM - ok
19:49:08.0884 2744 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:49:08.0915 2744 MsRPC - ok
19:49:08.0946 2744 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:49:08.0962 2744 mssmbios - ok
19:49:08.0977 2744 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:49:09.0040 2744 MSTEE - ok
19:49:09.0040 2744 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:49:09.0055 2744 MTConfig - ok
19:49:09.0071 2744 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:49:09.0086 2744 Mup - ok
19:49:09.0133 2744 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:49:09.0196 2744 napagent - ok
19:49:09.0211 2744 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:49:09.0258 2744 NativeWifiP - ok
19:49:09.0289 2744 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
19:49:09.0320 2744 NDIS - ok
19:49:09.0352 2744 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:49:09.0398 2744 NdisCap - ok
19:49:09.0430 2744 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:49:09.0476 2744 NdisTapi - ok
19:49:09.0492 2744 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:49:09.0539 2744 Ndisuio - ok
19:49:09.0554 2744 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:49:09.0601 2744 NdisWan - ok
19:49:09.0617 2744 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:49:09.0664 2744 NDProxy - ok
19:49:09.0695 2744 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:49:09.0710 2744 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:49:09.0710 2744 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:49:09.0726 2744 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:49:09.0773 2744 NetBIOS - ok
19:49:09.0788 2744 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:49:09.0851 2744 NetBT - ok
19:49:09.0866 2744 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:49:09.0882 2744 Netlogon - ok
19:49:09.0913 2744 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:49:09.0960 2744 Netman - ok
19:49:09.0991 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0007 2744 NetMsmqActivator - ok
19:49:10.0022 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0022 2744 NetPipeActivator - ok
19:49:10.0054 2744 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:49:10.0132 2744 netprofm - ok
19:49:10.0147 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0163 2744 NetTcpActivator - ok
19:49:10.0163 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0178 2744 NetTcpPortSharing - ok
19:49:10.0444 2744 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
19:49:10.0678 2744 NETwNs64 - ok
19:49:10.0709 2744 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:49:10.0740 2744 nfrd960 - ok
19:49:10.0771 2744 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
19:49:10.0818 2744 NlaSvc - ok
19:49:10.0896 2744 [ B6E56578E167AD7D146F1B316490AC03 ] nlsX86cc C:\windows\SysWOW64\NLSSRV32.EXE
19:49:10.0912 2744 nlsX86cc - ok
19:49:10.0943 2744 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:49:10.0990 2744 Npfs - ok
19:49:11.0021 2744 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:49:11.0068 2744 nsi - ok
19:49:11.0083 2744 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:49:11.0130 2744 nsiproxy - ok
19:49:11.0208 2744 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:49:11.0255 2744 Ntfs - ok
19:49:11.0286 2744 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:49:11.0333 2744 Null - ok
19:49:11.0629 2744 [ CE1B54F1ED2080B15DAF9044EC92075A ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:49:11.0972 2744 nvlddmkm - ok
19:49:12.0004 2744 [ A12E1047131E957456F63DB1FEAF6F64 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
19:49:12.0019 2744 nvpciflt - ok
19:49:12.0035 2744 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:49:12.0066 2744 nvraid - ok
19:49:12.0097 2744 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:49:12.0113 2744 nvstor - ok
19:49:12.0206 2744 [ 67E9F641C1B5387F298F3063FAFA022B ] nvsvc C:\windows\system32\nvvsvc.exe
19:49:12.0238 2744 nvsvc - ok
19:49:12.0394 2744 [ 005E474630A7AA05A617C574B702FEED ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:49:12.0456 2744 nvUpdatusService - ok
19:49:12.0503 2744 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:49:12.0518 2744 nv_agp - ok
19:49:12.0534 2744 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:49:12.0550 2744 ohci1394 - ok
19:49:12.0628 2744 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:49:12.0643 2744 ose - ok
19:49:12.0830 2744 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:49:12.0955 2744 osppsvc - ok
19:49:13.0033 2744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:49:13.0049 2744 p2pimsvc - ok
19:49:13.0080 2744 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:49:13.0096 2744 p2psvc - ok
19:49:13.0111 2744 papycpu - ok
19:49:13.0111 2744 papyjoy - ok
19:49:13.0158 2744 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:49:13.0174 2744 Parport - ok
19:49:13.0220 2744 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:49:13.0236 2744 partmgr - ok
19:49:13.0252 2744 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:49:13.0283 2744 PcaSvc - ok
19:49:13.0298 2744 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:49:13.0314 2744 pci - ok
19:49:13.0330 2744 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:49:13.0361 2744 pciide - ok
19:49:13.0376 2744 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:49:13.0392 2744 pcmcia - ok
19:49:13.0423 2744 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:49:13.0439 2744 pcw - ok
19:49:13.0470 2744 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:49:13.0548 2744 PEAUTH - ok
19:49:13.0579 2744 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:49:13.0595 2744 PerfHost - ok
19:49:13.0704 2744 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:49:13.0782 2744 pla - ok
19:49:13.0813 2744 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:49:13.0844 2744 PlugPlay - ok
19:49:13.0860 2744 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:49:13.0876 2744 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:49:13.0876 2744 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:49:13.0907 2744 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:49:13.0922 2744 PNRPAutoReg - ok
19:49:13.0954 2744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:49:13.0969 2744 PNRPsvc - ok
19:49:14.0016 2744 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:49:14.0094 2744 PolicyAgent - ok
19:49:14.0125 2744 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:49:14.0188 2744 Power - ok
19:49:14.0219 2744 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:49:14.0281 2744 PptpMiniport - ok
19:49:14.0297 2744 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:49:14.0312 2744 Processor - ok
19:49:14.0328 2744 prodrv06 - ok
19:49:14.0359 2744 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
19:49:14.0406 2744 ProfSvc - ok
19:49:14.0406 2744 prohlp02 - ok
19:49:14.0437 2744 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:49:14.0453 2744 ProtectedStorage - ok
19:49:14.0468 2744 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:49:14.0515 2744 Psched - ok
19:49:14.0546 2744 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
19:49:14.0562 2744 PxHlpa64 - ok
19:49:14.0624 2744 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:49:14.0687 2744 ql2300 - ok
19:49:14.0687 2744 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:49:14.0718 2744 ql40xx - ok
19:49:14.0780 2744 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:49:14.0812 2744 QWAVE - ok
19:49:14.0843 2744 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:49:14.0874 2744 QWAVEdrv - ok
19:49:14.0890 2744 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:49:14.0936 2744 RasAcd - ok
19:49:14.0968 2744 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:49:15.0046 2744 RasAgileVpn - ok
19:49:15.0061 2744 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:49:15.0124 2744 RasAuto - ok
19:49:15.0139 2744 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:49:15.0186 2744 Rasl2tp - ok
19:49:15.0217 2744 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:49:15.0264 2744 RasMan - ok
19:49:15.0280 2744 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:49:15.0342 2744 RasPppoe - ok
19:49:15.0358 2744 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:49:15.0404 2744 RasSstp - ok
19:49:15.0420 2744 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:49:15.0482 2744 rdbss - ok
19:49:15.0498 2744 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:49:15.0514 2744 rdpbus - ok
19:49:15.0545 2744 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:49:15.0592 2744 RDPCDD - ok
19:49:15.0623 2744 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:49:15.0670 2744 RDPENCDD - ok
19:49:15.0685 2744 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:49:15.0732 2744 RDPREFMP - ok
19:49:15.0779 2744 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:49:15.0794 2744 RDPWD - ok
19:49:15.0841 2744 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:49:15.0857 2744 rdyboost - ok
19:49:15.0904 2744 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:49:15.0966 2744 RemoteAccess - ok
19:49:16.0013 2744 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:49:16.0060 2744 RemoteRegistry - ok
19:49:16.0091 2744 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:49:16.0122 2744 RFCOMM - ok
19:49:16.0153 2744 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:49:16.0200 2744 RpcEptMapper - ok
19:49:16.0231 2744 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:49:16.0247 2744 RpcLocator - ok
19:49:16.0294 2744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:49:16.0356 2744 RpcSs - ok
19:49:16.0403 2744 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:49:16.0450 2744 rspndr - ok
19:49:16.0496 2744 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:49:16.0512 2744 RTL8167 - ok
19:49:16.0574 2744 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
19:49:16.0590 2744 rtport - ok
19:49:16.0621 2744 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
19:49:16.0637 2744 SABI - ok
19:49:16.0652 2744 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:49:16.0668 2744 SamSs - ok
19:49:16.0730 2744 [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
19:49:16.0746 2744 SamsungDeviceConfigurationWinService - ok
19:49:16.0777 2744 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:49:16.0793 2744 sbp2port - ok
19:49:16.0855 2744 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:49:16.0902 2744 SCardSvr - ok
19:49:16.0933 2744 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:49:16.0980 2744 scfilter - ok
19:49:17.0027 2744 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:49:17.0089 2744 Schedule - ok
19:49:17.0120 2744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:49:17.0167 2744 SCPolicySvc - ok
19:49:17.0198 2744 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:49:17.0230 2744 SDRSVC - ok
19:49:17.0261 2744 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:49:17.0308 2744 secdrv - ok
19:49:17.0323 2744 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:49:17.0370 2744 seclogon - ok
19:49:17.0386 2744 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
19:49:17.0448 2744 SENS - ok
19:49:17.0464 2744 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:49:17.0479 2744 SensrSvc - ok
19:49:17.0495 2744 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:49:17.0526 2744 Serenum - ok
19:49:17.0542 2744 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:49:17.0557 2744 Serial - ok
19:49:17.0557 2744 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:49:17.0573 2744 sermouse - ok
19:49:17.0635 2744 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:49:17.0682 2744 SessionEnv - ok
19:49:17.0713 2744 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:49:17.0729 2744 sffdisk - ok
19:49:17.0729 2744 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:49:17.0760 2744 sffp_mmc - ok
19:49:17.0760 2744 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:49:17.0791 2744 sffp_sd - ok
19:49:17.0791 2744 sfhlp01 - ok
19:49:17.0807 2744 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:49:17.0822 2744 sfloppy - ok
19:49:17.0869 2744 [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys
19:49:17.0869 2744 SGDrv - ok
19:49:17.0947 2744 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:49:18.0010 2744 SharedAccess - ok
19:49:18.0072 2744 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:49:18.0134 2744 ShellHWDetection - ok
19:49:18.0150 2744 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:49:18.0166 2744 SiSRaid2 - ok
19:49:18.0197 2744 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:49:18.0212 2744 SiSRaid4 - ok
19:49:18.0228 2744 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:49:18.0275 2744 Smb - ok
19:49:18.0306 2744 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:49:18.0337 2744 SNMPTRAP - ok
19:49:18.0368 2744 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:49:18.0384 2744 spldr - ok
19:49:18.0415 2744 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
19:49:18.0462 2744 Spooler - ok
19:49:18.0587 2744 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:49:18.0696 2744 sppsvc - ok
19:49:18.0743 2744 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:49:18.0790 2744 sppuinotify - ok
19:49:18.0852 2744 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:49:18.0883 2744 srv - ok
19:49:18.0899 2744 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:49:18.0930 2744 srv2 - ok
19:49:18.0961 2744 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:49:18.0977 2744 srvnet - ok
19:49:19.0008 2744 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:49:19.0070 2744 SSDPSRV - ok
19:49:19.0102 2744 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:49:19.0164 2744 SstpSvc - ok
19:49:19.0195 2744 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:49:19.0211 2744 stexstor - ok
19:49:19.0258 2744 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:49:19.0304 2744 stisvc - ok
19:49:19.0320 2744 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:49:19.0351 2744 swenum - ok
19:49:19.0382 2744 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:49:19.0445 2744 swprv - ok
19:49:19.0523 2744 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:49:19.0570 2744 SysMain - ok
19:49:19.0616 2744 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:49:19.0648 2744 TabletInputService - ok
19:49:19.0679 2744 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:49:19.0741 2744 TapiSrv - ok
19:49:19.0757 2744 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:49:19.0819 2744 TBS - ok
19:49:19.0897 2744 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:49:19.0960 2744 Tcpip - ok
19:49:19.0991 2744 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:49:20.0053 2744 TCPIP6 - ok
19:49:20.0100 2744 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:49:20.0147 2744 tcpipreg - ok
19:49:20.0178 2744 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:49:20.0194 2744 TDPIPE - ok
19:49:20.0225 2744 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:49:20.0240 2744 TDTCP - ok
19:49:20.0272 2744 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:49:20.0318 2744 tdx - ok
19:49:20.0490 2744 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:49:20.0584 2744 TeamViewer8 - ok
19:49:20.0615 2744 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:49:20.0630 2744 TermDD - ok
19:49:20.0693 2744 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:49:20.0755 2744 TermService - ok
19:49:20.0802 2744 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:49:20.0818 2744 Themes - ok
19:49:20.0849 2744 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:49:20.0911 2744 THREADORDER - ok
19:49:20.0927 2744 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:49:20.0989 2744 TrkWks - ok
19:49:21.0036 2744 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:49:21.0083 2744 TrustedInstaller - ok
19:49:21.0114 2744 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:49:21.0161 2744 tssecsrv - ok
19:49:21.0192 2744 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:49:21.0208 2744 TsUsbFlt - ok
19:49:21.0223 2744 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:49:21.0254 2744 TsUsbGD - ok
19:49:21.0270 2744 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:49:21.0317 2744 tunnel - ok
19:49:21.0348 2744 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:49:21.0364 2744 uagp35 - ok
19:49:21.0395 2744 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:49:21.0457 2744 udfs - ok
19:49:21.0504 2744 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:49:21.0520 2744 UI0Detect - ok
19:49:21.0535 2744 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:49:21.0551 2744 uliagpkx - ok
19:49:21.0582 2744 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:49:21.0598 2744 umbus - ok
19:49:21.0613 2744 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:49:21.0629 2744 UmPass - ok
19:49:21.0769 2744 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:49:21.0863 2744 UNS - ok
19:49:21.0894 2744 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:49:21.0956 2744 upnphost - ok
19:49:22.0003 2744 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:49:22.0019 2744 usbaudio - ok
19:49:22.0066 2744 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:49:22.0081 2744 usbccgp - ok
19:49:22.0128 2744 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:49:22.0144 2744 usbcir - ok
19:49:22.0159 2744 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
19:49:22.0190 2744 usbehci - ok
19:49:22.0222 2744 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:49:22.0237 2744 usbhub - ok
19:49:22.0268 2744 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:49:22.0284 2744 usbohci - ok
19:49:22.0315 2744 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:49:22.0331 2744 usbprint - ok
19:49:22.0362 2744 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:49:22.0393 2744 usbscan - ok
19:49:22.0424 2744 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:49:22.0440 2744 USBSTOR - ok
19:49:22.0456 2744 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:49:22.0487 2744 usbuhci - ok
19:49:22.0518 2744 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:49:22.0549 2744 usbvideo - ok
19:49:22.0580 2744 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:49:22.0658 2744 UxSms - ok
19:49:22.0674 2744 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:49:22.0690 2744 VaultSvc - ok
19:49:22.0705 2744 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:49:22.0705 2744 vdrvroot - ok
19:49:22.0752 2744 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:49:22.0814 2744 vds - ok
19:49:22.0846 2744 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:49:22.0861 2744 vga - ok
19:49:22.0892 2744 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:49:22.0939 2744 VgaSave - ok
19:49:22.0970 2744 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:49:23.0002 2744 vhdmp - ok
19:49:23.0033 2744 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:49:23.0048 2744 viaide - ok
19:49:23.0080 2744 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:49:23.0095 2744 volmgr - ok
19:49:23.0126 2744 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:49:23.0142 2744 volmgrx - ok
19:49:23.0204 2744 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
19:49:23.0220 2744 volsnap - ok
19:49:23.0251 2744 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:49:23.0267 2744 vsmraid - ok
19:49:23.0345 2744 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:49:23.0423 2744 VSS - ok
19:49:23.0438 2744 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:49:23.0454 2744 vwifibus - ok
19:49:23.0501 2744 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:49:23.0516 2744 vwififlt - ok
19:49:23.0532 2744 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:49:23.0548 2744 vwifimp - ok
19:49:23.0579 2744 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:49:23.0641 2744 W32Time - ok
19:49:23.0688 2744 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:49:23.0704 2744 WacomPen - ok
19:49:23.0719 2744 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:49:23.0766 2744 WANARP - ok
19:49:23.0782 2744 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:49:23.0828 2744 Wanarpv6 - ok
19:49:23.0891 2744 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:49:23.0953 2744 WatAdminSvc - ok
19:49:24.0031 2744 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:49:24.0062 2744 wbengine - ok
19:49:24.0109 2744 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:49:24.0140 2744 WbioSrvc - ok
19:49:24.0187 2744 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:49:24.0218 2744 wcncsvc - ok
19:49:24.0250 2744 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:49:24.0281 2744 WcsPlugInService - ok
19:49:24.0312 2744 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:49:24.0328 2744 Wd - ok
19:49:24.0359 2744 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:49:24.0390 2744 Wdf01000 - ok
19:49:24.0421 2744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:49:24.0452 2744 WdiServiceHost - ok
19:49:24.0452 2744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:49:24.0484 2744 WdiSystemHost - ok
19:49:24.0515 2744 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:49:24.0546 2744 WebClient - ok
19:49:24.0577 2744 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:49:24.0640 2744 Wecsvc - ok
19:49:24.0655 2744 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:49:24.0718 2744 wercplsupport - ok
19:49:24.0733 2744 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:49:24.0796 2744 WerSvc - ok
19:49:24.0796 2744 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:49:24.0842 2744 WfpLwf - ok
19:49:24.0874 2744 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:49:24.0889 2744 WIMMount - ok
19:49:24.0905 2744 WinDefend - ok
19:49:24.0936 2744 WinHttpAutoProxySvc - ok
19:49:24.0998 2744 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:49:25.0061 2744 Winmgmt - ok
19:49:25.0154 2744 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:49:25.0232 2744 WinRM - ok
19:49:25.0326 2744 [ 2768A2E8C1EF5088DAD9B78109A1803F ] Wisaroc C:\windows\Wisaroc.exe
19:49:25.0357 2744 Wisaroc ( UnsignedFile.Multi.Generic ) - warning
19:49:25.0357 2744 Wisaroc - detected UnsignedFile.Multi.Generic (1)
19:49:25.0404 2744 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:49:25.0451 2744 Wlansvc - ok
19:49:25.0576 2744 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:49:25.0638 2744 wlidsvc - ok
19:49:25.0669 2744 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:49:25.0685 2744 WmiAcpi - ok
19:49:25.0716 2744 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:49:25.0732 2744 wmiApSrv - ok
19:49:25.0763 2744 WMPNetworkSvc - ok
19:49:25.0810 2744 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:49:25.0841 2744 WPCSvc - ok
19:49:25.0872 2744 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:49:25.0903 2744 WPDBusEnum - ok
19:49:25.0950 2744 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:49:25.0997 2744 ws2ifsl - ok
19:49:26.0028 2744 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
19:49:26.0059 2744 wscsvc - ok
19:49:26.0059 2744 WSearch - ok
19:49:26.0184 2744 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:49:26.0262 2744 wuauserv - ok
19:49:26.0278 2744 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:49:26.0340 2744 WudfPf - ok
19:49:26.0371 2744 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:49:26.0418 2744 WUDFRd - ok
19:49:26.0465 2744 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:49:26.0512 2744 wudfsvc - ok
19:49:26.0543 2744 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:49:26.0590 2744 WwanSvc - ok
19:49:26.0668 2744 ================ Scan global ===============================
19:49:26.0730 2744 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:49:26.0761 2744 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
19:49:26.0777 2744 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
19:49:26.0792 2744 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:49:26.0855 2744 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:49:26.0855 2744 [Global] - ok
19:49:26.0855 2744 ================ Scan MBR ==================================
19:49:26.0870 2744 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:49:27.0182 2744 \Device\Harddisk0\DR0 - ok
19:49:27.0198 2744 ================ Scan VBR ==================================
19:49:27.0198 2744 [ 7680EBE5EECBE461C987984EE924839A ] \Device\Harddisk0\DR0\Partition1
19:49:27.0198 2744 \Device\Harddisk0\DR0\Partition1 - ok
19:49:27.0229 2744 [ D68D32630C073222511E80507DD50F81 ] \Device\Harddisk0\DR0\Partition2
19:49:27.0229 2744 \Device\Harddisk0\DR0\Partition2 - ok
19:49:27.0245 2744 [ E2224E034F698E6BB40DA9BC7BBFB4CF ] \Device\Harddisk0\DR0\Partition3
19:49:27.0260 2744 \Device\Harddisk0\DR0\Partition3 - ok
19:49:27.0260 2744 ============================================================
19:49:27.0260 2744 Scan finished
19:49:27.0260 2744 ============================================================
19:49:27.0260 0788 Detected object count: 6
19:49:27.0260 0788 Actual detected object count: 6
19:49:59.0974 0788 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0974 0788 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0974 0788 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0974 0788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0989 0788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0989 0788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0989 0788 Wisaroc ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0989 0788 Wisaroc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:11.0705 0120 Deinitialize success
19:48:46.0061 5656 ============================================================
19:48:46.0061 5656 Current date / time: 2013/11/06 19:48:46.0061
19:48:46.0061 5656 SystemInfo:
19:48:46.0061 5656
19:48:46.0061 5656 OS Version: 6.1.7601 ServicePack: 1.0
19:48:46.0061 5656 Product type: Workstation
19:48:46.0061 5656 ComputerName: ABECOMPUTER
19:48:46.0061 5656 UserName: Abe
19:48:46.0061 5656 Windows directory: C:\windows
19:48:46.0061 5656 System windows directory: C:\windows
19:48:46.0061 5656 Running under WOW64
19:48:46.0061 5656 Processor architecture: Intel x64
19:48:46.0061 5656 Number of processors: 4
19:48:46.0061 5656 Page size: 0x1000
19:48:46.0061 5656 Boot type: Normal boot
19:48:46.0061 5656 ============================================================
19:48:46.0544 5656 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
19:48:46.0544 5656 ============================================================
19:48:46.0544 5656 \Device\Harddisk0\DR0:
19:48:46.0544 5656 MBR partitions:
19:48:46.0544 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:48:46.0544 5656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6600000
19:48:46.0560 5656 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6633000, BlocksNum 0x4E2CC800
19:48:46.0560 5656 ============================================================
19:48:46.0591 5656 C: <-> \Device\Harddisk0\DR0\Partition2
19:48:46.0638 5656 D: <-> \Device\Harddisk0\DR0\Partition3
19:48:46.0638 5656 ============================================================
19:48:46.0638 5656 Initialize success
19:48:46.0638 5656 ============================================================
19:48:54.0797 2744 ============================================================
19:48:54.0797 2744 Scan started
19:48:54.0797 2744 Mode: Manual; SigCheck; TDLFS;
19:48:54.0797 2744 ============================================================
19:48:54.0937 2744 ================ Scan system memory ========================
19:48:54.0937 2744 System memory - ok
19:48:54.0937 2744 ================ Scan services =============================
19:48:55.0078 2744 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:48:55.0140 2744 1394ohci - ok
19:48:55.0171 2744 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:48:55.0187 2744 ACPI - ok
19:48:55.0218 2744 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:48:55.0234 2744 AcpiPmi - ok
19:48:55.0358 2744 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:48:55.0374 2744 AdobeARMservice - ok
19:48:55.0499 2744 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:55.0514 2744 AdobeFlashPlayerUpdateSvc - ok
19:48:55.0561 2744 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:48:55.0592 2744 adp94xx - ok
19:48:55.0608 2744 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:48:55.0624 2744 adpahci - ok
19:48:55.0639 2744 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:48:55.0655 2744 adpu320 - ok
19:48:55.0686 2744 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:48:55.0733 2744 AeLookupSvc - ok
19:48:55.0795 2744 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:48:55.0811 2744 AFD - ok
19:48:55.0842 2744 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:48:55.0858 2744 agp440 - ok
19:48:55.0904 2744 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\windows\system32\drivers\aksdf.sys
19:48:55.0920 2744 aksdf - ok
19:48:56.0014 2744 [ 43415AF4F20E9867974623840A22FE98 ] aksfridge C:\windows\system32\drivers\aksfridge.sys
19:48:56.0014 2744 aksfridge - ok
19:48:56.0045 2744 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:48:56.0060 2744 ALG - ok
19:48:56.0060 2744 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:48:56.0076 2744 aliide - ok
19:48:56.0092 2744 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:48:56.0107 2744 amdide - ok
19:48:56.0123 2744 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:48:56.0138 2744 AmdK8 - ok
19:48:56.0138 2744 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:48:56.0154 2744 AmdPPM - ok
19:48:56.0201 2744 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:48:56.0216 2744 amdsata - ok
19:48:56.0248 2744 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:48:56.0263 2744 amdsbs - ok
19:48:56.0279 2744 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:48:56.0294 2744 amdxata - ok
19:48:56.0341 2744 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
19:48:56.0357 2744 AMPPAL - ok
19:48:56.0357 2744 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
19:48:56.0388 2744 AMPPALP - ok
19:48:56.0497 2744 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:48:56.0544 2744 AMPPALR3 - ok
19:48:56.0560 2744 Andbus - ok
19:48:56.0560 2744 AndDiag - ok
19:48:56.0560 2744 AndGps - ok
19:48:56.0575 2744 ANDModem - ok
19:48:56.0575 2744 androidusb - ok
19:48:56.0606 2744 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:48:56.0653 2744 AppID - ok
19:48:56.0684 2744 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:48:56.0731 2744 AppIDSvc - ok
19:48:56.0747 2744 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:48:56.0794 2744 Appinfo - ok
19:48:56.0840 2744 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:48:56.0872 2744 arc - ok
19:48:56.0887 2744 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:48:56.0903 2744 arcsas - ok
19:48:57.0043 2744 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:48:57.0059 2744 aspnet_state - ok
19:48:57.0074 2744 [ 1EC6777695564CA7EB3ADB36C78322E5 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
19:48:57.0106 2744 aswFsBlk - ok
19:48:57.0121 2744 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\windows\system32\drivers\aswKbd.sys
19:48:57.0137 2744 aswKbd - ok
19:48:57.0152 2744 [ FAF7B0B0C44A2FBD6FBC54E3E0F38545 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
19:48:57.0168 2744 aswMonFlt - ok
19:48:57.0184 2744 [ 679712B7A353EE665B9301592164A172 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
19:48:57.0199 2744 aswRdr - ok
19:48:57.0246 2744 [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
19:48:57.0277 2744 aswRvrt - ok
19:48:57.0308 2744 [ 3E07C93A2CB67840E4CD56C00959A402 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
19:48:57.0355 2744 aswSnx - ok
19:48:57.0402 2744 [ 79ADA401A6E2054F110E7FBDFAC71942 ] aswSP C:\windows\system32\drivers\aswSP.sys
19:48:57.0418 2744 aswSP - ok
19:48:57.0464 2744 [ 81C42096CE90B45C03DCFF017A8A49C7 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
19:48:57.0480 2744 aswTdi - ok
19:48:57.0527 2744 [ 59787B95DD9CA44CB139D96863438587 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
19:48:57.0542 2744 aswVmm - ok
19:48:57.0558 2744 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:48:57.0620 2744 AsyncMac - ok
19:48:57.0636 2744 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:48:57.0652 2744 atapi - ok
19:48:57.0683 2744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:48:57.0745 2744 AudioEndpointBuilder - ok
19:48:57.0761 2744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:48:57.0823 2744 AudioSrv - ok
19:48:57.0901 2744 [ 7A189530FD0CFD415DBE41123F8A6A59 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:48:57.0917 2744 avast! Antivirus - ok
19:48:57.0932 2744 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:48:57.0948 2744 AxInstSV - ok
19:48:58.0010 2744 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:48:58.0042 2744 b06bdrv - ok
19:48:58.0057 2744 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:48:58.0073 2744 b57nd60a - ok
19:48:58.0104 2744 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:48:58.0120 2744 BDESVC - ok
19:48:58.0135 2744 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:48:58.0182 2744 Beep - ok
19:48:58.0229 2744 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:48:58.0291 2744 BFE - ok
19:48:58.0338 2744 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
19:48:58.0400 2744 BITS - ok
19:48:58.0432 2744 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:48:58.0447 2744 blbdrive - ok
19:48:58.0556 2744 [ 2E251B39ABEA79351E5633E5A7C36BE4 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:48:58.0572 2744 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
19:48:58.0572 2744 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
19:48:58.0634 2744 [ 1EC546F8B6222F1F984220C1324EA945 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:48:58.0666 2744 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
19:48:58.0666 2744 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
19:48:58.0728 2744 [ ADB9C79CCBEF779D56A9AC931F9C8DF0 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:48:58.0744 2744 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
19:48:58.0744 2744 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
19:48:58.0775 2744 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:48:58.0790 2744 bowser - ok
19:48:58.0822 2744 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:48:58.0853 2744 BrFiltLo - ok
19:48:58.0853 2744 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:48:58.0868 2744 BrFiltUp - ok
19:48:58.0900 2744 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:48:58.0946 2744 BridgeMP - ok
19:48:58.0962 2744 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
19:48:59.0024 2744 Browser - ok
19:48:59.0056 2744 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:48:59.0087 2744 Brserid - ok
19:48:59.0087 2744 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:48:59.0102 2744 BrSerWdm - ok
19:48:59.0118 2744 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:48:59.0134 2744 BrUsbMdm - ok
19:48:59.0134 2744 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:48:59.0149 2744 BrUsbSer - ok
19:48:59.0196 2744 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
19:48:59.0212 2744 BthEnum - ok
19:48:59.0243 2744 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:48:59.0274 2744 BTHMODEM - ok
19:48:59.0290 2744 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:48:59.0321 2744 BthPan - ok
19:48:59.0336 2744 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
19:48:59.0368 2744 BTHPORT - ok
19:48:59.0399 2744 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:48:59.0461 2744 bthserv - ok
19:48:59.0492 2744 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:48:59.0492 2744 BTHSSecurityMgr - ok
19:48:59.0524 2744 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
19:48:59.0539 2744 BTHUSB - ok
19:48:59.0570 2744 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys
19:48:59.0586 2744 btmaudio - ok
19:48:59.0617 2744 [ 76A1340ADB32798D18394AA424D584E2 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
19:48:59.0633 2744 btmaux - ok
19:48:59.0680 2744 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
19:48:59.0711 2744 btmhsf - ok
19:48:59.0758 2744 catchme - ok
19:48:59.0789 2744 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:48:59.0851 2744 cdfs - ok
19:48:59.0867 2744 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:48:59.0882 2744 cdrom - ok
19:48:59.0914 2744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:48:59.0960 2744 CertPropSvc - ok
19:48:59.0992 2744 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:49:00.0007 2744 circlass - ok
19:49:00.0038 2744 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:49:00.0054 2744 CLFS - ok
19:49:00.0132 2744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:00.0148 2744 clr_optimization_v2.0.50727_32 - ok
19:49:00.0194 2744 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:49:00.0210 2744 clr_optimization_v2.0.50727_64 - ok
19:49:00.0272 2744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:49:00.0288 2744 clr_optimization_v4.0.30319_32 - ok
19:49:00.0304 2744 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:49:00.0319 2744 clr_optimization_v4.0.30319_64 - ok
19:49:00.0350 2744 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
19:49:00.0366 2744 clwvd - ok
19:49:00.0366 2744 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:49:00.0382 2744 CmBatt - ok
19:49:00.0413 2744 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:49:00.0428 2744 cmdide - ok
19:49:00.0491 2744 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
19:49:00.0522 2744 CNG - ok
19:49:00.0538 2744 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:49:00.0553 2744 Compbatt - ok
19:49:00.0569 2744 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:49:00.0584 2744 CompositeBus - ok
19:49:00.0584 2744 COMSysApp - ok
19:49:00.0600 2744 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:49:00.0616 2744 crcdisk - ok
19:49:00.0647 2744 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
19:49:00.0709 2744 CryptSvc - ok
19:49:00.0740 2744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:49:00.0787 2744 DcomLaunch - ok
19:49:00.0834 2744 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:49:00.0896 2744 defragsvc - ok
19:49:00.0912 2744 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:49:00.0959 2744 DfsC - ok
19:49:00.0974 2744 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:49:01.0021 2744 Dhcp - ok
19:49:01.0052 2744 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:49:01.0099 2744 discache - ok
19:49:01.0115 2744 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:49:01.0130 2744 Disk - ok
19:49:01.0177 2744 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:49:01.0193 2744 Dnscache - ok
19:49:01.0224 2744 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:49:01.0286 2744 dot3svc - ok
19:49:01.0318 2744 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
19:49:01.0333 2744 Dot4 - ok
19:49:01.0349 2744 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
19:49:01.0364 2744 Dot4Print - ok
19:49:01.0380 2744 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
19:49:01.0411 2744 dot4usb - ok
19:49:01.0427 2744 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:49:01.0474 2744 DPS - ok
19:49:01.0505 2744 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:49:01.0520 2744 drmkaud - ok
19:49:01.0552 2744 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:49:01.0583 2744 DXGKrnl - ok
19:49:01.0614 2744 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:49:01.0676 2744 EapHost - ok
19:49:01.0786 2744 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:49:01.0864 2744 ebdrv - ok
19:49:01.0895 2744 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:49:01.0910 2744 EFS - ok
19:49:01.0942 2744 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:49:01.0973 2744 elxstor - ok
19:49:01.0988 2744 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:49:02.0004 2744 ErrDev - ok
19:49:02.0035 2744 [ 98B103D1D5C426A10219437E36E03FE8 ] ETD C:\windows\system32\DRIVERS\ETD.sys
19:49:02.0051 2744 ETD - ok
19:49:02.0098 2744 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:49:02.0144 2744 EventSystem - ok
19:49:02.0176 2744 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:49:02.0222 2744 exfat - ok
19:49:02.0254 2744 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:49:02.0300 2744 fastfat - ok
19:49:02.0347 2744 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:49:02.0378 2744 Fax - ok
19:49:02.0394 2744 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:49:02.0410 2744 fdc - ok
19:49:02.0425 2744 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:49:02.0472 2744 fdPHost - ok
19:49:02.0488 2744 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:49:02.0534 2744 FDResPub - ok
19:49:02.0566 2744 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:49:02.0581 2744 FileInfo - ok
19:49:02.0612 2744 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:49:02.0659 2744 Filetrace - ok
19:49:02.0659 2744 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:49:02.0675 2744 flpydisk - ok
19:49:02.0706 2744 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:49:02.0722 2744 FltMgr - ok
19:49:02.0784 2744 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:49:02.0831 2744 FontCache - ok
19:49:02.0878 2744 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:49:02.0893 2744 FontCache3.0.0.0 - ok
19:49:02.0909 2744 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:49:02.0924 2744 FsDepends - ok
19:49:02.0956 2744 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:49:02.0971 2744 Fs_Rec - ok
19:49:03.0002 2744 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:49:03.0018 2744 fvevol - ok
19:49:03.0065 2744 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:49:03.0080 2744 gagp30kx - ok
19:49:03.0127 2744 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:49:03.0190 2744 gpsvc - ok
19:49:03.0268 2744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:03.0283 2744 gupdate - ok
19:49:03.0283 2744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:03.0299 2744 gupdatem - ok
19:49:03.0330 2744 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:49:03.0346 2744 gusvc - ok
19:49:03.0377 2744 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\windows\system32\drivers\hardlock.sys
19:49:03.0408 2744 hardlock - ok
19:49:03.0408 2744 hasplms - ok
19:49:03.0439 2744 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:49:03.0455 2744 hcw85cir - ok
19:49:03.0486 2744 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:49:03.0517 2744 HdAudAddService - ok
19:49:03.0548 2744 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:49:03.0580 2744 HDAudBus - ok
19:49:03.0595 2744 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:49:03.0611 2744 HidBatt - ok
19:49:03.0626 2744 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:49:03.0642 2744 HidBth - ok
19:49:03.0658 2744 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:49:03.0689 2744 HidIr - ok
19:49:03.0720 2744 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
19:49:03.0767 2744 hidserv - ok
19:49:03.0782 2744 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:49:03.0798 2744 HidUsb - ok
19:49:03.0829 2744 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:49:03.0876 2744 hkmsvc - ok
19:49:03.0892 2744 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:49:03.0923 2744 HomeGroupListener - ok
19:49:03.0938 2744 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:49:03.0970 2744 HomeGroupProvider - ok
19:49:04.0048 2744 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:49:04.0063 2744 hpqcxs08 - ok
19:49:04.0126 2744 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:49:04.0126 2744 hpqddsvc - ok
19:49:04.0172 2744 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:49:04.0188 2744 HpSAMD - ok
19:49:04.0219 2744 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:49:04.0282 2744 HTTP - ok
19:49:04.0297 2744 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:49:04.0313 2744 hwpolicy - ok
19:49:04.0313 2744 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:49:04.0344 2744 i8042prt - ok
19:49:04.0375 2744 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:49:04.0406 2744 iaStor - ok
19:49:04.0453 2744 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:49:04.0469 2744 iaStorV - ok
19:49:04.0516 2744 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
19:49:04.0516 2744 iBtFltCoex - ok
19:49:04.0578 2744 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:49:04.0609 2744 idsvc - ok
19:49:04.0906 2744 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:49:05.0124 2744 igfx - ok
19:49:05.0171 2744 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:49:05.0186 2744 iirsp - ok
19:49:05.0233 2744 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:49:05.0296 2744 IKEEXT - ok
19:49:05.0420 2744 [ 8E05ADB4B809B478B2EC65A1A1633DEB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:49:05.0498 2744 IntcAzAudAddService - ok
19:49:05.0530 2744 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:49:05.0545 2744 IntcDAud - ok
19:49:05.0576 2744 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:49:05.0592 2744 intelide - ok
19:49:05.0623 2744 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:49:05.0639 2744 intelppm - ok
19:49:05.0670 2744 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:49:05.0717 2744 IPBusEnum - ok
19:49:05.0732 2744 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:49:05.0779 2744 IpFilterDriver - ok
19:49:05.0826 2744 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:49:05.0888 2744 iphlpsvc - ok
19:49:05.0904 2744 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:49:05.0935 2744 IPMIDRV - ok
19:49:05.0951 2744 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:49:05.0998 2744 IPNAT - ok
19:49:06.0029 2744 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:49:06.0044 2744 IRENUM - ok
19:49:06.0076 2744 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:49:06.0076 2744 isapnp - ok
19:49:06.0122 2744 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:49:06.0138 2744 iScsiPrt - ok
19:49:06.0154 2744 IT9135BDA - ok
19:49:06.0169 2744 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:49:06.0185 2744 kbdclass - ok
19:49:06.0216 2744 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:49:06.0232 2744 kbdhid - ok
19:49:06.0247 2744 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:49:06.0263 2744 KeyIso - ok
19:49:06.0294 2744 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:49:06.0310 2744 KSecDD - ok
19:49:06.0341 2744 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:49:06.0356 2744 KSecPkg - ok
19:49:06.0372 2744 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:49:06.0419 2744 ksthunk - ok
19:49:06.0450 2744 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:49:06.0512 2744 KtmRm - ok
19:49:06.0544 2744 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
19:49:06.0590 2744 LanmanServer - ok
19:49:06.0637 2744 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:49:06.0684 2744 LanmanWorkstation - ok
19:49:06.0700 2744 LgBttPort - ok
19:49:06.0731 2744 lgbusenum - ok
19:49:06.0746 2744 LGVMODEM - ok
19:49:06.0778 2744 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:49:06.0824 2744 lltdio - ok
19:49:06.0856 2744 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:49:06.0918 2744 lltdsvc - ok
19:49:06.0934 2744 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:49:06.0980 2744 lmhosts - ok
19:49:07.0027 2744 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:49:07.0043 2744 LMS - ok
19:49:07.0074 2744 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:49:07.0090 2744 LSI_FC - ok
19:49:07.0121 2744 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:49:07.0136 2744 LSI_SAS - ok
19:49:07.0152 2744 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:49:07.0168 2744 LSI_SAS2 - ok
19:49:07.0183 2744 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:49:07.0199 2744 LSI_SCSI - ok
19:49:07.0214 2744 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:49:07.0277 2744 luafv - ok
19:49:07.0292 2744 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:49:07.0324 2744 megasas - ok
19:49:07.0339 2744 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:49:07.0355 2744 MegaSR - ok
19:49:07.0386 2744 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:49:07.0402 2744 MEIx64 - ok
19:49:07.0417 2744 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:49:07.0464 2744 MMCSS - ok
19:49:07.0495 2744 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:49:07.0558 2744 Modem - ok
19:49:07.0589 2744 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:49:07.0604 2744 monitor - ok
19:49:07.0620 2744 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:49:07.0636 2744 mouclass - ok
19:49:07.0667 2744 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:49:07.0682 2744 mouhid - ok
19:49:07.0698 2744 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:49:07.0714 2744 mountmgr - ok
19:49:07.0792 2744 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:49:07.0807 2744 MozillaMaintenance - ok
19:49:07.0823 2744 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:49:07.0838 2744 mpio - ok
19:49:07.0854 2744 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:49:07.0901 2744 mpsdrv - ok
19:49:07.0948 2744 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:49:08.0010 2744 MpsSvc - ok
19:49:08.0057 2744 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:49:08.0072 2744 MRxDAV - ok
19:49:08.0119 2744 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:49:08.0135 2744 mrxsmb - ok
19:49:08.0166 2744 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:49:08.0182 2744 mrxsmb10 - ok
19:49:08.0213 2744 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:49:08.0244 2744 mrxsmb20 - ok
19:49:08.0275 2744 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:49:08.0291 2744 msahci - ok
19:49:08.0306 2744 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:49:08.0322 2744 msdsm - ok
19:49:08.0338 2744 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:49:08.0369 2744 MSDTC - ok
19:49:08.0400 2744 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:49:08.0447 2744 Msfs - ok
19:49:08.0478 2744 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:49:08.0525 2744 mshidkmdf - ok
19:49:08.0540 2744 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:49:08.0556 2744 msisadrv - ok
19:49:08.0587 2744 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:49:08.0650 2744 MSiSCSI - ok
19:49:08.0650 2744 msiserver - ok
19:49:08.0665 2744 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:49:08.0712 2744 MSKSSRV - ok
19:49:08.0743 2744 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:49:08.0790 2744 MSPCLOCK - ok
19:49:08.0806 2744 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:49:08.0852 2744 MSPQM - ok
19:49:08.0884 2744 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:49:08.0915 2744 MsRPC - ok
19:49:08.0946 2744 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:49:08.0962 2744 mssmbios - ok
19:49:08.0977 2744 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:49:09.0040 2744 MSTEE - ok
19:49:09.0040 2744 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:49:09.0055 2744 MTConfig - ok
19:49:09.0071 2744 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:49:09.0086 2744 Mup - ok
19:49:09.0133 2744 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:49:09.0196 2744 napagent - ok
19:49:09.0211 2744 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:49:09.0258 2744 NativeWifiP - ok
19:49:09.0289 2744 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
19:49:09.0320 2744 NDIS - ok
19:49:09.0352 2744 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:49:09.0398 2744 NdisCap - ok
19:49:09.0430 2744 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:49:09.0476 2744 NdisTapi - ok
19:49:09.0492 2744 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:49:09.0539 2744 Ndisuio - ok
19:49:09.0554 2744 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:49:09.0601 2744 NdisWan - ok
19:49:09.0617 2744 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:49:09.0664 2744 NDProxy - ok
19:49:09.0695 2744 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:49:09.0710 2744 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:49:09.0710 2744 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:49:09.0726 2744 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:49:09.0773 2744 NetBIOS - ok
19:49:09.0788 2744 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:49:09.0851 2744 NetBT - ok
19:49:09.0866 2744 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:49:09.0882 2744 Netlogon - ok
19:49:09.0913 2744 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:49:09.0960 2744 Netman - ok
19:49:09.0991 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0007 2744 NetMsmqActivator - ok
19:49:10.0022 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0022 2744 NetPipeActivator - ok
19:49:10.0054 2744 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:49:10.0132 2744 netprofm - ok
19:49:10.0147 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0163 2744 NetTcpActivator - ok
19:49:10.0163 2744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:49:10.0178 2744 NetTcpPortSharing - ok
19:49:10.0444 2744 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
19:49:10.0678 2744 NETwNs64 - ok
19:49:10.0709 2744 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:49:10.0740 2744 nfrd960 - ok
19:49:10.0771 2744 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
19:49:10.0818 2744 NlaSvc - ok
19:49:10.0896 2744 [ B6E56578E167AD7D146F1B316490AC03 ] nlsX86cc C:\windows\SysWOW64\NLSSRV32.EXE
19:49:10.0912 2744 nlsX86cc - ok
19:49:10.0943 2744 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:49:10.0990 2744 Npfs - ok
19:49:11.0021 2744 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:49:11.0068 2744 nsi - ok
19:49:11.0083 2744 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:49:11.0130 2744 nsiproxy - ok
19:49:11.0208 2744 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:49:11.0255 2744 Ntfs - ok
19:49:11.0286 2744 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:49:11.0333 2744 Null - ok
19:49:11.0629 2744 [ CE1B54F1ED2080B15DAF9044EC92075A ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:49:11.0972 2744 nvlddmkm - ok
19:49:12.0004 2744 [ A12E1047131E957456F63DB1FEAF6F64 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
19:49:12.0019 2744 nvpciflt - ok
19:49:12.0035 2744 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:49:12.0066 2744 nvraid - ok
19:49:12.0097 2744 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:49:12.0113 2744 nvstor - ok
19:49:12.0206 2744 [ 67E9F641C1B5387F298F3063FAFA022B ] nvsvc C:\windows\system32\nvvsvc.exe
19:49:12.0238 2744 nvsvc - ok
19:49:12.0394 2744 [ 005E474630A7AA05A617C574B702FEED ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:49:12.0456 2744 nvUpdatusService - ok
19:49:12.0503 2744 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:49:12.0518 2744 nv_agp - ok
19:49:12.0534 2744 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:49:12.0550 2744 ohci1394 - ok
19:49:12.0628 2744 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:49:12.0643 2744 ose - ok
19:49:12.0830 2744 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:49:12.0955 2744 osppsvc - ok
19:49:13.0033 2744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:49:13.0049 2744 p2pimsvc - ok
19:49:13.0080 2744 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:49:13.0096 2744 p2psvc - ok
19:49:13.0111 2744 papycpu - ok
19:49:13.0111 2744 papyjoy - ok
19:49:13.0158 2744 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:49:13.0174 2744 Parport - ok
19:49:13.0220 2744 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:49:13.0236 2744 partmgr - ok
19:49:13.0252 2744 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:49:13.0283 2744 PcaSvc - ok
19:49:13.0298 2744 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:49:13.0314 2744 pci - ok
19:49:13.0330 2744 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:49:13.0361 2744 pciide - ok
19:49:13.0376 2744 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:49:13.0392 2744 pcmcia - ok
19:49:13.0423 2744 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:49:13.0439 2744 pcw - ok
19:49:13.0470 2744 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:49:13.0548 2744 PEAUTH - ok
19:49:13.0579 2744 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:49:13.0595 2744 PerfHost - ok
19:49:13.0704 2744 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:49:13.0782 2744 pla - ok
19:49:13.0813 2744 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:49:13.0844 2744 PlugPlay - ok
19:49:13.0860 2744 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:49:13.0876 2744 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:49:13.0876 2744 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:49:13.0907 2744 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:49:13.0922 2744 PNRPAutoReg - ok
19:49:13.0954 2744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:49:13.0969 2744 PNRPsvc - ok
19:49:14.0016 2744 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:49:14.0094 2744 PolicyAgent - ok
19:49:14.0125 2744 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:49:14.0188 2744 Power - ok
19:49:14.0219 2744 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:49:14.0281 2744 PptpMiniport - ok
19:49:14.0297 2744 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:49:14.0312 2744 Processor - ok
19:49:14.0328 2744 prodrv06 - ok
19:49:14.0359 2744 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
19:49:14.0406 2744 ProfSvc - ok
19:49:14.0406 2744 prohlp02 - ok
19:49:14.0437 2744 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:49:14.0453 2744 ProtectedStorage - ok
19:49:14.0468 2744 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:49:14.0515 2744 Psched - ok
19:49:14.0546 2744 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
19:49:14.0562 2744 PxHlpa64 - ok
19:49:14.0624 2744 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:49:14.0687 2744 ql2300 - ok
19:49:14.0687 2744 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:49:14.0718 2744 ql40xx - ok
19:49:14.0780 2744 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:49:14.0812 2744 QWAVE - ok
19:49:14.0843 2744 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:49:14.0874 2744 QWAVEdrv - ok
19:49:14.0890 2744 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:49:14.0936 2744 RasAcd - ok
19:49:14.0968 2744 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:49:15.0046 2744 RasAgileVpn - ok
19:49:15.0061 2744 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:49:15.0124 2744 RasAuto - ok
19:49:15.0139 2744 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:49:15.0186 2744 Rasl2tp - ok
19:49:15.0217 2744 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:49:15.0264 2744 RasMan - ok
19:49:15.0280 2744 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:49:15.0342 2744 RasPppoe - ok
19:49:15.0358 2744 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:49:15.0404 2744 RasSstp - ok
19:49:15.0420 2744 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:49:15.0482 2744 rdbss - ok
19:49:15.0498 2744 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:49:15.0514 2744 rdpbus - ok
19:49:15.0545 2744 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:49:15.0592 2744 RDPCDD - ok
19:49:15.0623 2744 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:49:15.0670 2744 RDPENCDD - ok
19:49:15.0685 2744 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:49:15.0732 2744 RDPREFMP - ok
19:49:15.0779 2744 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:49:15.0794 2744 RDPWD - ok
19:49:15.0841 2744 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:49:15.0857 2744 rdyboost - ok
19:49:15.0904 2744 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:49:15.0966 2744 RemoteAccess - ok
19:49:16.0013 2744 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:49:16.0060 2744 RemoteRegistry - ok
19:49:16.0091 2744 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:49:16.0122 2744 RFCOMM - ok
19:49:16.0153 2744 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:49:16.0200 2744 RpcEptMapper - ok
19:49:16.0231 2744 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:49:16.0247 2744 RpcLocator - ok
19:49:16.0294 2744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:49:16.0356 2744 RpcSs - ok
19:49:16.0403 2744 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:49:16.0450 2744 rspndr - ok
19:49:16.0496 2744 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:49:16.0512 2744 RTL8167 - ok
19:49:16.0574 2744 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
19:49:16.0590 2744 rtport - ok
19:49:16.0621 2744 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
19:49:16.0637 2744 SABI - ok
19:49:16.0652 2744 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:49:16.0668 2744 SamSs - ok
19:49:16.0730 2744 [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
19:49:16.0746 2744 SamsungDeviceConfigurationWinService - ok
19:49:16.0777 2744 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:49:16.0793 2744 sbp2port - ok
19:49:16.0855 2744 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:49:16.0902 2744 SCardSvr - ok
19:49:16.0933 2744 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:49:16.0980 2744 scfilter - ok
19:49:17.0027 2744 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:49:17.0089 2744 Schedule - ok
19:49:17.0120 2744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:49:17.0167 2744 SCPolicySvc - ok
19:49:17.0198 2744 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:49:17.0230 2744 SDRSVC - ok
19:49:17.0261 2744 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:49:17.0308 2744 secdrv - ok
19:49:17.0323 2744 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:49:17.0370 2744 seclogon - ok
19:49:17.0386 2744 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
19:49:17.0448 2744 SENS - ok
19:49:17.0464 2744 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:49:17.0479 2744 SensrSvc - ok
19:49:17.0495 2744 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:49:17.0526 2744 Serenum - ok
19:49:17.0542 2744 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:49:17.0557 2744 Serial - ok
19:49:17.0557 2744 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:49:17.0573 2744 sermouse - ok
19:49:17.0635 2744 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:49:17.0682 2744 SessionEnv - ok
19:49:17.0713 2744 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:49:17.0729 2744 sffdisk - ok
19:49:17.0729 2744 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:49:17.0760 2744 sffp_mmc - ok
19:49:17.0760 2744 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:49:17.0791 2744 sffp_sd - ok
19:49:17.0791 2744 sfhlp01 - ok
19:49:17.0807 2744 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:49:17.0822 2744 sfloppy - ok
19:49:17.0869 2744 [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys
19:49:17.0869 2744 SGDrv - ok
19:49:17.0947 2744 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:49:18.0010 2744 SharedAccess - ok
19:49:18.0072 2744 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:49:18.0134 2744 ShellHWDetection - ok
19:49:18.0150 2744 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:49:18.0166 2744 SiSRaid2 - ok
19:49:18.0197 2744 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:49:18.0212 2744 SiSRaid4 - ok
19:49:18.0228 2744 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:49:18.0275 2744 Smb - ok
19:49:18.0306 2744 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:49:18.0337 2744 SNMPTRAP - ok
19:49:18.0368 2744 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:49:18.0384 2744 spldr - ok
19:49:18.0415 2744 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
19:49:18.0462 2744 Spooler - ok
19:49:18.0587 2744 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:49:18.0696 2744 sppsvc - ok
19:49:18.0743 2744 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:49:18.0790 2744 sppuinotify - ok
19:49:18.0852 2744 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:49:18.0883 2744 srv - ok
19:49:18.0899 2744 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:49:18.0930 2744 srv2 - ok
19:49:18.0961 2744 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:49:18.0977 2744 srvnet - ok
19:49:19.0008 2744 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:49:19.0070 2744 SSDPSRV - ok
19:49:19.0102 2744 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:49:19.0164 2744 SstpSvc - ok
19:49:19.0195 2744 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:49:19.0211 2744 stexstor - ok
19:49:19.0258 2744 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:49:19.0304 2744 stisvc - ok
19:49:19.0320 2744 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:49:19.0351 2744 swenum - ok
19:49:19.0382 2744 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:49:19.0445 2744 swprv - ok
19:49:19.0523 2744 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:49:19.0570 2744 SysMain - ok
19:49:19.0616 2744 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:49:19.0648 2744 TabletInputService - ok
19:49:19.0679 2744 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:49:19.0741 2744 TapiSrv - ok
19:49:19.0757 2744 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:49:19.0819 2744 TBS - ok
19:49:19.0897 2744 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:49:19.0960 2744 Tcpip - ok
19:49:19.0991 2744 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:49:20.0053 2744 TCPIP6 - ok
19:49:20.0100 2744 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:49:20.0147 2744 tcpipreg - ok
19:49:20.0178 2744 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:49:20.0194 2744 TDPIPE - ok
19:49:20.0225 2744 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:49:20.0240 2744 TDTCP - ok
19:49:20.0272 2744 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:49:20.0318 2744 tdx - ok
19:49:20.0490 2744 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:49:20.0584 2744 TeamViewer8 - ok
19:49:20.0615 2744 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:49:20.0630 2744 TermDD - ok
19:49:20.0693 2744 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:49:20.0755 2744 TermService - ok
19:49:20.0802 2744 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:49:20.0818 2744 Themes - ok
19:49:20.0849 2744 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:49:20.0911 2744 THREADORDER - ok
19:49:20.0927 2744 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:49:20.0989 2744 TrkWks - ok
19:49:21.0036 2744 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:49:21.0083 2744 TrustedInstaller - ok
19:49:21.0114 2744 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:49:21.0161 2744 tssecsrv - ok
19:49:21.0192 2744 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:49:21.0208 2744 TsUsbFlt - ok
19:49:21.0223 2744 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:49:21.0254 2744 TsUsbGD - ok
19:49:21.0270 2744 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:49:21.0317 2744 tunnel - ok
19:49:21.0348 2744 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:49:21.0364 2744 uagp35 - ok
19:49:21.0395 2744 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:49:21.0457 2744 udfs - ok
19:49:21.0504 2744 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:49:21.0520 2744 UI0Detect - ok
19:49:21.0535 2744 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:49:21.0551 2744 uliagpkx - ok
19:49:21.0582 2744 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:49:21.0598 2744 umbus - ok
19:49:21.0613 2744 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:49:21.0629 2744 UmPass - ok
19:49:21.0769 2744 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:49:21.0863 2744 UNS - ok
19:49:21.0894 2744 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:49:21.0956 2744 upnphost - ok
19:49:22.0003 2744 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:49:22.0019 2744 usbaudio - ok
19:49:22.0066 2744 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:49:22.0081 2744 usbccgp - ok
19:49:22.0128 2744 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:49:22.0144 2744 usbcir - ok
19:49:22.0159 2744 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
19:49:22.0190 2744 usbehci - ok
19:49:22.0222 2744 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:49:22.0237 2744 usbhub - ok
19:49:22.0268 2744 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:49:22.0284 2744 usbohci - ok
19:49:22.0315 2744 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:49:22.0331 2744 usbprint - ok
19:49:22.0362 2744 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:49:22.0393 2744 usbscan - ok
19:49:22.0424 2744 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:49:22.0440 2744 USBSTOR - ok
19:49:22.0456 2744 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:49:22.0487 2744 usbuhci - ok
19:49:22.0518 2744 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:49:22.0549 2744 usbvideo - ok
19:49:22.0580 2744 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:49:22.0658 2744 UxSms - ok
19:49:22.0674 2744 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:49:22.0690 2744 VaultSvc - ok
19:49:22.0705 2744 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:49:22.0705 2744 vdrvroot - ok
19:49:22.0752 2744 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:49:22.0814 2744 vds - ok
19:49:22.0846 2744 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:49:22.0861 2744 vga - ok
19:49:22.0892 2744 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:49:22.0939 2744 VgaSave - ok
19:49:22.0970 2744 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:49:23.0002 2744 vhdmp - ok
19:49:23.0033 2744 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:49:23.0048 2744 viaide - ok
19:49:23.0080 2744 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:49:23.0095 2744 volmgr - ok
19:49:23.0126 2744 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:49:23.0142 2744 volmgrx - ok
19:49:23.0204 2744 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
19:49:23.0220 2744 volsnap - ok
19:49:23.0251 2744 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:49:23.0267 2744 vsmraid - ok
19:49:23.0345 2744 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:49:23.0423 2744 VSS - ok
19:49:23.0438 2744 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:49:23.0454 2744 vwifibus - ok
19:49:23.0501 2744 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:49:23.0516 2744 vwififlt - ok
19:49:23.0532 2744 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:49:23.0548 2744 vwifimp - ok
19:49:23.0579 2744 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:49:23.0641 2744 W32Time - ok
19:49:23.0688 2744 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:49:23.0704 2744 WacomPen - ok
19:49:23.0719 2744 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:49:23.0766 2744 WANARP - ok
19:49:23.0782 2744 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:49:23.0828 2744 Wanarpv6 - ok
19:49:23.0891 2744 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:49:23.0953 2744 WatAdminSvc - ok
19:49:24.0031 2744 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:49:24.0062 2744 wbengine - ok
19:49:24.0109 2744 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:49:24.0140 2744 WbioSrvc - ok
19:49:24.0187 2744 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:49:24.0218 2744 wcncsvc - ok
19:49:24.0250 2744 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:49:24.0281 2744 WcsPlugInService - ok
19:49:24.0312 2744 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:49:24.0328 2744 Wd - ok
19:49:24.0359 2744 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:49:24.0390 2744 Wdf01000 - ok
19:49:24.0421 2744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:49:24.0452 2744 WdiServiceHost - ok
19:49:24.0452 2744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:49:24.0484 2744 WdiSystemHost - ok
19:49:24.0515 2744 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:49:24.0546 2744 WebClient - ok
19:49:24.0577 2744 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:49:24.0640 2744 Wecsvc - ok
19:49:24.0655 2744 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:49:24.0718 2744 wercplsupport - ok
19:49:24.0733 2744 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:49:24.0796 2744 WerSvc - ok
19:49:24.0796 2744 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:49:24.0842 2744 WfpLwf - ok
19:49:24.0874 2744 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:49:24.0889 2744 WIMMount - ok
19:49:24.0905 2744 WinDefend - ok
19:49:24.0936 2744 WinHttpAutoProxySvc - ok
19:49:24.0998 2744 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:49:25.0061 2744 Winmgmt - ok
19:49:25.0154 2744 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:49:25.0232 2744 WinRM - ok
19:49:25.0326 2744 [ 2768A2E8C1EF5088DAD9B78109A1803F ] Wisaroc C:\windows\Wisaroc.exe
19:49:25.0357 2744 Wisaroc ( UnsignedFile.Multi.Generic ) - warning
19:49:25.0357 2744 Wisaroc - detected UnsignedFile.Multi.Generic (1)
19:49:25.0404 2744 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:49:25.0451 2744 Wlansvc - ok
19:49:25.0576 2744 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:49:25.0638 2744 wlidsvc - ok
19:49:25.0669 2744 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:49:25.0685 2744 WmiAcpi - ok
19:49:25.0716 2744 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:49:25.0732 2744 wmiApSrv - ok
19:49:25.0763 2744 WMPNetworkSvc - ok
19:49:25.0810 2744 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:49:25.0841 2744 WPCSvc - ok
19:49:25.0872 2744 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:49:25.0903 2744 WPDBusEnum - ok
19:49:25.0950 2744 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:49:25.0997 2744 ws2ifsl - ok
19:49:26.0028 2744 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
19:49:26.0059 2744 wscsvc - ok
19:49:26.0059 2744 WSearch - ok
19:49:26.0184 2744 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:49:26.0262 2744 wuauserv - ok
19:49:26.0278 2744 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:49:26.0340 2744 WudfPf - ok
19:49:26.0371 2744 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:49:26.0418 2744 WUDFRd - ok
19:49:26.0465 2744 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:49:26.0512 2744 wudfsvc - ok
19:49:26.0543 2744 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:49:26.0590 2744 WwanSvc - ok
19:49:26.0668 2744 ================ Scan global ===============================
19:49:26.0730 2744 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:49:26.0761 2744 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
19:49:26.0777 2744 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
19:49:26.0792 2744 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:49:26.0855 2744 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:49:26.0855 2744 [Global] - ok
19:49:26.0855 2744 ================ Scan MBR ==================================
19:49:26.0870 2744 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:49:27.0182 2744 \Device\Harddisk0\DR0 - ok
19:49:27.0198 2744 ================ Scan VBR ==================================
19:49:27.0198 2744 [ 7680EBE5EECBE461C987984EE924839A ] \Device\Harddisk0\DR0\Partition1
19:49:27.0198 2744 \Device\Harddisk0\DR0\Partition1 - ok
19:49:27.0229 2744 [ D68D32630C073222511E80507DD50F81 ] \Device\Harddisk0\DR0\Partition2
19:49:27.0229 2744 \Device\Harddisk0\DR0\Partition2 - ok
19:49:27.0245 2744 [ E2224E034F698E6BB40DA9BC7BBFB4CF ] \Device\Harddisk0\DR0\Partition3
19:49:27.0260 2744 \Device\Harddisk0\DR0\Partition3 - ok
19:49:27.0260 2744 ============================================================
19:49:27.0260 2744 Scan finished
19:49:27.0260 2744 ============================================================
19:49:27.0260 0788 Detected object count: 6
19:49:27.0260 0788 Actual detected object count: 6
19:49:59.0974 0788 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0974 0788 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0974 0788 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0974 0788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0974 0788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0989 0788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0989 0788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:59.0989 0788 Wisaroc ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:59.0989 0788 Wisaroc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:11.0705 0120 Deinitialize success
Re: Avast mi našel rootkit, prosím o radu
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Abe [Práva správce]
Mód : Kontrola -- Datum : 11/06/2013 19:59:05
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 14 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] Seagate 2GE4DYGC Product Registration (Abe) : C:\Users\Abe\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GE4DYGC Product Registration.exe - /remind /language=CSY /SRNM="2GE4DYGC" /BRND="Seagate" /BDSR="Seagate 2GE4DYGC" /loadsrnm="2GE4DYGC" [7][x][x][x][x] -> NALEZENO
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HN-M750MBB +++++
--- User ---
[MBR] 738ee056a13c9cf03c9e930449167599
[BSP] db077060c83f0d80ae2bd2b75de78fd3 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 52224 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 107161600 | Size: 640410 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1418721280 | Size: 22669 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_11062013_195905.txt >>
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Abe [Práva správce]
Mód : Kontrola -- Datum : 11/06/2013 19:59:05
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 14 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] Seagate 2GE4DYGC Product Registration (Abe) : C:\Users\Abe\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GE4DYGC Product Registration.exe - /remind /language=CSY /SRNM="2GE4DYGC" /BRND="Seagate" /BDSR="Seagate 2GE4DYGC" /loadsrnm="2GE4DYGC" [7][x][x][x][x] -> NALEZENO
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HN-M750MBB +++++
--- User ---
[MBR] 738ee056a13c9cf03c9e930449167599
[BSP] db077060c83f0d80ae2bd2b75de78fd3 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 52224 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 107161600 | Size: 640410 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1418721280 | Size: 22669 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_11062013_195905.txt >>
Re: Avast mi našel rootkit, prosím o radu
PCHunter
log v příloze
log v příloze
- Přílohy
-
- PCHunter Report.zip
- (109.22 KiB) Staženo 32 x
Re: Avast mi našel rootkit, prosím o radu
OTL
OTL log
OTL logfile created on: 6.11.2013 20:37:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Abe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,92 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 72,35% Memory free
15,83 Gb Paging File | 13,92 Gb Available in Paging File | 87,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,00 Gb Total Space | 6,36 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
Drive D: | 625,40 Gb Total Space | 407,59 Gb Free Space | 65,17% Space Free | Partition Type: NTFS
Computer Name: ABECOMPUTER | User Name: Abe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013.11.06 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
PRC - [2013.11.03 14:01:27 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.11.03 14:01:27 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.10.26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.08.27 22:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.05.30 20:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012.05.02 08:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012.02.13 15:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2011.11.14 16:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.11.14 16:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.11.14 16:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.11.14 16:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (All) ==========
MOD - [2013.11.06 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
MOD - [2013.11.06 13:28:07 | 000,046,736 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\13110600\uiext.dll
MOD - [2013.11.03 14:01:31 | 000,163,632 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MOD - [2013.11.03 14:01:30 | 000,272,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2013.11.03 14:01:28 | 000,544,744 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MOD - [2013.11.03 14:01:28 | 000,391,280 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MOD - [2013.11.03 14:01:28 | 000,335,672 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswData.dll
MOD - [2013.11.03 14:01:28 | 000,241,936 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswLog.dll
MOD - [2013.11.03 14:01:28 | 000,204,856 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2013.11.03 14:01:28 | 000,069,384 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastIP.dll
MOD - [2013.11.03 14:01:28 | 000,064,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MOD - [2013.11.03 14:01:28 | 000,062,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2013.11.03 14:01:28 | 000,044,152 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswUtil.dll
MOD - [2013.11.03 14:01:28 | 000,025,616 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2013.11.03 14:01:27 | 004,087,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommonRes.dll
MOD - [2013.11.03 14:01:27 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
MOD - [2013.11.03 14:01:27 | 000,795,040 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2013.11.03 14:01:27 | 000,658,568 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2013.11.03 14:01:27 | 000,358,832 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2013.11.03 14:01:27 | 000,353,176 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2013.11.03 14:01:27 | 000,270,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2013.11.03 14:01:27 | 000,159,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2013.11.03 14:01:27 | 000,124,016 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2013.11.03 14:01:27 | 000,078,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MOD - [2013.11.03 14:01:26 | 001,179,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2013.11.03 14:01:26 | 000,279,528 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1029\uiLangRes.dll
MOD - [2013.11.03 14:01:26 | 000,089,984 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1029\Base.dll
MOD - [2013.11.03 13:59:47 | 003,166,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\HTMLayout.dll
MOD - [2013.11.03 13:52:47 | 001,441,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAra.dll
MOD - [2013.10.26 02:54:20 | 000,272,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MOD - [2013.10.26 02:54:19 | 022,028,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll
MOD - [2013.10.26 02:53:49 | 000,153,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MOD - [2013.10.26 02:53:45 | 000,092,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MOD - [2013.10.26 02:53:44 | 000,393,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MOD - [2013.10.26 02:53:43 | 001,775,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MOD - [2013.10.26 02:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.10.26 02:53:35 | 000,130,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MOD - [2013.10.26 02:53:34 | 000,017,008 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MOD - [2013.10.26 02:53:28 | 003,459,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MOD - [2013.10.26 02:53:22 | 000,302,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MOD - [2013.10.26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2013.10.21 18:32:13 | 004,456,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\mfc110u.dll
MOD - [2013.10.21 18:32:13 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcr110.dll
MOD - [2013.10.21 18:32:13 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcp110.dll
MOD - [2013.10.21 18:32:12 | 001,176,064 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\AVAST Software\Avast\libeay32.dll
MOD - [2013.10.21 18:32:12 | 000,269,312 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\AVAST Software\Avast\ssleay32.dll
MOD - [2013.10.21 18:32:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.10.21 18:32:11 | 006,289,024 | ---- | M] (The ICU Project) -- C:\Program Files\AVAST Software\Avast\icudt.dll
MOD - [2013.05.25 01:36:40 | 000,130,736 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
MOD - [2012.11.23 14:41:29 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2012.11.23 14:41:29 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2012.11.23 14:41:29 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2012.11.23 14:41:29 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2012.11.23 14:41:29 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2012.11.23 14:41:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2012.06.16 18:06:37 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2012.06.16 18:06:22 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
MOD - [2012.06.16 18:06:07 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2012.05.30 20:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
MOD - [2012.05.02 08:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
MOD - [2012.04.01 03:49:58 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2012.04.01 03:49:58 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2012.04.01 03:43:00 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2012.03.05 11:10:22 | 000,321,416 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SUS.dll
MOD - [2012.01.31 15:58:48 | 000,221,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\GPSTurboModeDLL.dll
MOD - [2012.01.10 12:55:06 | 007,988,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igd10umd32.dll
MOD - [2012.01.10 12:15:14 | 000,024,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxexps32.dll
MOD - [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2012.01.04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2011.12.16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011.11.17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2011.11.17 06:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2011.11.17 06:34:52 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2011.11.17 06:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2011.11.17 06:28:48 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2011.11.14 16:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
MOD - [2011.09.22 14:39:12 | 000,027,704 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\Easy Settings\Sabi3.dll
MOD - [2011.09.07 01:10:31 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2011.09.07 01:10:14 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
MOD - [2011.08.27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2011.08.27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2011.07.16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2011.07.16 05:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2011.06.16 05:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2011.05.24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011.05.24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2011.03.03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2010.11.21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010.11.21 04:25:11 | 003,207,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dll
MOD - [2010.11.21 04:25:11 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2010.11.21 04:25:11 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfreadwrite.dll
MOD - [2010.11.21 04:24:51 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bthprops.cpl
MOD - [2010.11.21 04:24:51 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WinSATAPI.dll
MOD - [2010.11.21 04:24:51 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2010.11.21 04:24:50 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll
MOD - [2010.11.21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2010.11.21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2010.11.21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2010.11.21 04:24:32 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptui.dll
MOD - [2010.11.21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010.11.21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2010.11.21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
MOD - [2010.11.21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010.11.21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010.11.21 04:24:20 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2010.11.21 04:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2010.11.21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2010.11.21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010.11.21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010.11.21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010.11.21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2010.11.21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010.11.21 04:24:15 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2010.11.21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2010.11.21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010.11.21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2010.11.21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2010.11.21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010.11.21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
MOD - [2010.11.21 04:24:09 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\zipfldr.dll
MOD - [2010.11.21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2010.11.21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010.11.21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2010.11.21 04:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll
MOD - [2010.11.21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2010.11.21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010.11.21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2010.11.21 04:24:08 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2010.11.21 04:24:08 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2010.11.21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2010.11.21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010.11.21 04:24:03 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2010.11.21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2010.11.21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010.11.21 04:24:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2010.11.21 04:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2010.11.21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2010.11.21 04:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv
MOD - [2010.11.21 04:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2010.11.21 04:23:59 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2010.11.21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010.11.21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2010.11.21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010.11.21 04:23:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2010.11.21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010.11.21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010.11.21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010.11.21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2010.11.21 04:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010.11.21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010.11.21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010.11.21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
MOD - [2010.11.21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2010.09.21 06:03:14 | 000,145,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
MOD - [2010.05.26 10:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DCompiler_43.dll
MOD - [2010.03.18 17:15:26 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
MOD - [2010.03.18 17:15:26 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
MOD - [2009.07.14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009.07.14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
MOD - [2009.07.14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009.07.14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009.07.14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009.07.14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009.07.14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll
MOD - [2009.07.14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009.07.14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
MOD - [2009.07.14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
MOD - [2009.07.14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009.07.14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009.07.14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009.07.14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009.07.14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009.07.14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009.07.14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009.07.14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009.07.14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009.07.14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009.07.14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009.07.14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
MOD - [2009.07.14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009.07.14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2009.07.14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009.07.14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009.07.14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009.07.14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009.07.14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009.07.14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOAV.dll
MOD - [2009.07.14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll
MOD - [2009.07.14 02:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dll
MOD - [2009.07.14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009.07.14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll
MOD - [2009.07.14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009.07.14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009.07.14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009.07.14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009.07.14 02:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009.07.14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009.07.14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009.07.14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
MOD - [2009.07.14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009.07.14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009.07.14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll
MOD - [2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009.07.14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv
MOD - [2009.07.14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009.07.14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009.07.14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009.07.14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009.02.25 18:31:50 | 001,080,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\AVAST Software\Avast\dbghelp.dll
MOD - [2008.10.15 05:22:52 | 000,452,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx10_40.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.11.03 14:01:27 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.12.30 06:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2011.04.21 08:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 07:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.10.31 21:06:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.11 18:31:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.08.27 22:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.05.16 14:33:14 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012.02.13 15:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2011.11.14 16:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.11.14 16:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.11.14 16:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.08 10:06:28 | 001,686,020 | ---- | M] (Remak) [Auto | Stopped] -- C:\Windows\Wisaroc.exe -- (Wisaroc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1998.10.06 13:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papycpu.sys -- (papycpu)
SRV - [1998.10.06 13:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.11.06 19:14:45 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013.11.03 14:01:31 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.11.03 14:01:30 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.11.03 14:01:30 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.11.03 14:01:30 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.10.21 18:32:12 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.10.21 18:32:12 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.10.21 18:32:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.09.12 09:58:10 | 000,032,032 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.06.16 18:06:07 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.03.07 00:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.01.10 13:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.12.09 10:45:14 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.12.01 22:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.11.22 13:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.22 13:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.11.14 16:13:44 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.14 16:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.14 16:13:38 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011.09.28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.08.23 04:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.08.17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.07.29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011.06.17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.04.22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.09.29 06:11:51 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.01.26 16:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 16:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [1998.10.06 13:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papycpu.sys -- (papycpu)
DRV - [1998.10.06 13:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy)
OTL log
OTL logfile created on: 6.11.2013 20:37:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Abe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,92 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 72,35% Memory free
15,83 Gb Paging File | 13,92 Gb Available in Paging File | 87,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,00 Gb Total Space | 6,36 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
Drive D: | 625,40 Gb Total Space | 407,59 Gb Free Space | 65,17% Space Free | Partition Type: NTFS
Computer Name: ABECOMPUTER | User Name: Abe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013.11.06 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
PRC - [2013.11.03 14:01:27 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.11.03 14:01:27 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.10.26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.08.27 22:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.05.30 20:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012.05.02 08:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012.02.13 15:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2011.11.14 16:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.11.14 16:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.11.14 16:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.11.14 16:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (All) ==========
MOD - [2013.11.06 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
MOD - [2013.11.06 13:28:07 | 000,046,736 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\13110600\uiext.dll
MOD - [2013.11.03 14:01:31 | 000,163,632 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MOD - [2013.11.03 14:01:30 | 000,272,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2013.11.03 14:01:28 | 000,544,744 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MOD - [2013.11.03 14:01:28 | 000,391,280 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MOD - [2013.11.03 14:01:28 | 000,335,672 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswData.dll
MOD - [2013.11.03 14:01:28 | 000,241,936 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswLog.dll
MOD - [2013.11.03 14:01:28 | 000,204,856 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2013.11.03 14:01:28 | 000,069,384 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastIP.dll
MOD - [2013.11.03 14:01:28 | 000,064,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MOD - [2013.11.03 14:01:28 | 000,062,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2013.11.03 14:01:28 | 000,044,152 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswUtil.dll
MOD - [2013.11.03 14:01:28 | 000,025,616 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2013.11.03 14:01:27 | 004,087,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommonRes.dll
MOD - [2013.11.03 14:01:27 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
MOD - [2013.11.03 14:01:27 | 000,795,040 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2013.11.03 14:01:27 | 000,658,568 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2013.11.03 14:01:27 | 000,358,832 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2013.11.03 14:01:27 | 000,353,176 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2013.11.03 14:01:27 | 000,270,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2013.11.03 14:01:27 | 000,159,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2013.11.03 14:01:27 | 000,124,016 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2013.11.03 14:01:27 | 000,078,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MOD - [2013.11.03 14:01:26 | 001,179,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2013.11.03 14:01:26 | 000,279,528 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1029\uiLangRes.dll
MOD - [2013.11.03 14:01:26 | 000,089,984 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1029\Base.dll
MOD - [2013.11.03 13:59:47 | 003,166,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\HTMLayout.dll
MOD - [2013.11.03 13:52:47 | 001,441,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAra.dll
MOD - [2013.10.26 02:54:20 | 000,272,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MOD - [2013.10.26 02:54:19 | 022,028,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll
MOD - [2013.10.26 02:53:49 | 000,153,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MOD - [2013.10.26 02:53:45 | 000,092,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MOD - [2013.10.26 02:53:44 | 000,393,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MOD - [2013.10.26 02:53:43 | 001,775,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MOD - [2013.10.26 02:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.10.26 02:53:35 | 000,130,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MOD - [2013.10.26 02:53:34 | 000,017,008 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MOD - [2013.10.26 02:53:28 | 003,459,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MOD - [2013.10.26 02:53:22 | 000,302,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MOD - [2013.10.26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2013.10.21 18:32:13 | 004,456,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\mfc110u.dll
MOD - [2013.10.21 18:32:13 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcr110.dll
MOD - [2013.10.21 18:32:13 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcp110.dll
MOD - [2013.10.21 18:32:12 | 001,176,064 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\AVAST Software\Avast\libeay32.dll
MOD - [2013.10.21 18:32:12 | 000,269,312 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\AVAST Software\Avast\ssleay32.dll
MOD - [2013.10.21 18:32:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.10.21 18:32:11 | 006,289,024 | ---- | M] (The ICU Project) -- C:\Program Files\AVAST Software\Avast\icudt.dll
MOD - [2013.05.25 01:36:40 | 000,130,736 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
MOD - [2012.11.23 14:41:29 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2012.11.23 14:41:29 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2012.11.23 14:41:29 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2012.11.23 14:41:29 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2012.11.23 14:41:29 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2012.11.23 14:41:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2012.06.16 18:06:37 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2012.06.16 18:06:22 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
MOD - [2012.06.16 18:06:07 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2012.05.30 20:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
MOD - [2012.05.02 08:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
MOD - [2012.04.01 03:49:58 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2012.04.01 03:49:58 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2012.04.01 03:43:00 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2012.03.05 11:10:22 | 000,321,416 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SUS.dll
MOD - [2012.01.31 15:58:48 | 000,221,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\GPSTurboModeDLL.dll
MOD - [2012.01.10 12:55:06 | 007,988,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igd10umd32.dll
MOD - [2012.01.10 12:15:14 | 000,024,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxexps32.dll
MOD - [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2012.01.04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2011.12.16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011.11.17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2011.11.17 06:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2011.11.17 06:34:52 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2011.11.17 06:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2011.11.17 06:28:48 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2011.11.14 16:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
MOD - [2011.09.22 14:39:12 | 000,027,704 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\Easy Settings\Sabi3.dll
MOD - [2011.09.07 01:10:31 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2011.09.07 01:10:14 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
MOD - [2011.08.27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2011.08.27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2011.07.16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2011.07.16 05:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2011.06.16 05:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2011.05.24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011.05.24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2011.03.03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2010.11.21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010.11.21 04:25:11 | 003,207,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dll
MOD - [2010.11.21 04:25:11 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2010.11.21 04:25:11 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfreadwrite.dll
MOD - [2010.11.21 04:24:51 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bthprops.cpl
MOD - [2010.11.21 04:24:51 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WinSATAPI.dll
MOD - [2010.11.21 04:24:51 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2010.11.21 04:24:50 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll
MOD - [2010.11.21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2010.11.21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2010.11.21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2010.11.21 04:24:32 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptui.dll
MOD - [2010.11.21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010.11.21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2010.11.21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
MOD - [2010.11.21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010.11.21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010.11.21 04:24:20 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2010.11.21 04:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2010.11.21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2010.11.21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010.11.21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010.11.21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010.11.21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2010.11.21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010.11.21 04:24:15 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2010.11.21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2010.11.21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010.11.21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2010.11.21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2010.11.21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010.11.21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
MOD - [2010.11.21 04:24:09 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\zipfldr.dll
MOD - [2010.11.21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2010.11.21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010.11.21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2010.11.21 04:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll
MOD - [2010.11.21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2010.11.21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010.11.21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2010.11.21 04:24:08 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2010.11.21 04:24:08 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2010.11.21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2010.11.21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010.11.21 04:24:03 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2010.11.21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2010.11.21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010.11.21 04:24:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2010.11.21 04:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2010.11.21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2010.11.21 04:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv
MOD - [2010.11.21 04:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2010.11.21 04:23:59 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2010.11.21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010.11.21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2010.11.21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010.11.21 04:23:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2010.11.21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010.11.21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010.11.21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010.11.21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2010.11.21 04:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010.11.21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010.11.21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010.11.21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
MOD - [2010.11.21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2010.09.21 06:03:14 | 000,145,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
MOD - [2010.05.26 10:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DCompiler_43.dll
MOD - [2010.03.18 17:15:26 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
MOD - [2010.03.18 17:15:26 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
MOD - [2009.07.14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009.07.14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
MOD - [2009.07.14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009.07.14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009.07.14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009.07.14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009.07.14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll
MOD - [2009.07.14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009.07.14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
MOD - [2009.07.14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
MOD - [2009.07.14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009.07.14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009.07.14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009.07.14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009.07.14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009.07.14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009.07.14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009.07.14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009.07.14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009.07.14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009.07.14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009.07.14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
MOD - [2009.07.14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009.07.14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2009.07.14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009.07.14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009.07.14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009.07.14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009.07.14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009.07.14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOAV.dll
MOD - [2009.07.14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll
MOD - [2009.07.14 02:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dll
MOD - [2009.07.14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009.07.14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll
MOD - [2009.07.14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009.07.14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009.07.14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009.07.14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009.07.14 02:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009.07.14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009.07.14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009.07.14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
MOD - [2009.07.14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009.07.14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009.07.14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll
MOD - [2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009.07.14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv
MOD - [2009.07.14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009.07.14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009.07.14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009.07.14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009.02.25 18:31:50 | 001,080,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\AVAST Software\Avast\dbghelp.dll
MOD - [2008.10.15 05:22:52 | 000,452,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx10_40.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.11.03 14:01:27 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.12.30 06:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2011.04.21 08:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 07:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.10.31 21:06:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.11 18:31:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.08.27 22:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.05.16 14:33:14 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012.02.13 15:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2011.11.14 16:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.11.14 16:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.11.14 16:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.08 10:06:28 | 001,686,020 | ---- | M] (Remak) [Auto | Stopped] -- C:\Windows\Wisaroc.exe -- (Wisaroc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1998.10.06 13:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papycpu.sys -- (papycpu)
SRV - [1998.10.06 13:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.11.06 19:14:45 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013.11.03 14:01:31 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.11.03 14:01:30 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.11.03 14:01:30 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.11.03 14:01:30 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.10.21 18:32:12 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.10.21 18:32:12 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.10.21 18:32:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.09.12 09:58:10 | 000,032,032 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.06.16 18:06:07 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.03.07 00:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.01.10 13:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.12.09 10:45:14 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.12.01 22:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.11.22 13:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.22 13:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.11.14 16:13:44 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.14 16:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.14 16:13:38 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011.09.28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.08.23 04:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.08.17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.07.29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011.06.17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.04.22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.09.29 06:11:51 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.01.26 16:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 16:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [1998.10.06 13:36:26 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papycpu.sys -- (papycpu)
DRV - [1998.10.06 13:36:26 | 000,001,888 | ---- | M] () [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy)
Re: Avast mi našel rootkit, prosím o radu
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Upload\AmateurLapdencer
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pinktube.com/index.php?s=user.login
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.03 14:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2013.11.03 18:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abe\AppData\Roaming\Mozilla\Extensions
[2013.10.31 21:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.11.03 18:45:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.candidlooks.com/cfmanager/menu.php
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Disk Google = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: avast! Online Security = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
O1 HOSTS File: ([2013.11.03 19:04:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1128..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1128..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Carka mezera na carka.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Carka mezera na mezera.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Abe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST Site and URL.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST Tagy 2.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST Tagy.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JZ login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkTube webmaster.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PT login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer.ahk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1128\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Abe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Abe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FEA240C-5088-4500-8EF0-295358EACE9C}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.11.06 20:36:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
[2013.11.06 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\Abe\Desktop\RK_Quarantine
[2013.11.05 16:20:20 | 000,000,000 | ---D | C] -- C:\cfd
[2013.11.04 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\Abe\.matplotlib
[2013.11.03 19:04:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.11.03 18:45:10 | 000,000,000 | ---D | C] -- C:\Users\Abe\AppData\Roaming\Mozilla
[2013.11.03 01:13:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.11.03 01:13:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.11.03 01:13:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.11.03 01:12:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.11.03 01:11:48 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.11.03 01:10:57 | 005,143,186 | R--- | C] (Swearware) -- C:\Users\Abe\Desktop\ComboFix.exe
[2013.11.03 01:07:38 | 000,000,000 | ---D | C] -- C:\Users\Abe\AppData\Roaming\GetRightToGo
[2013.10.31 21:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2013.11.06 20:39:28 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.11.06 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
[2013.11.06 19:14:55 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.06 19:14:55 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.06 19:14:45 | 000,409,832 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2013.11.06 19:10:57 | 001,576,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.11.06 19:10:57 | 000,666,398 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2013.11.06 19:10:57 | 000,652,102 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.11.06 19:10:57 | 000,140,062 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2013.11.06 19:10:57 | 000,121,034 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.11.06 19:06:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.11.06 19:06:18 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.05 16:24:38 | 000,000,816 | ---- | M] () -- C:\Users\Abe\Desktop\OpenFOAM Designer.lnk
[2013.11.03 19:04:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.11.03 14:01:31 | 000,065,264 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013.11.03 14:01:30 | 001,032,416 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013.11.03 14:01:30 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013.11.03 14:01:30 | 000,084,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013.11.03 14:01:30 | 000,038,984 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013.11.03 14:01:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013.11.03 01:11:20 | 005,143,186 | R--- | M] (Swearware) -- C:\Users\Abe\Desktop\ComboFix.exe
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.11.06 20:39:28 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.11.05 16:24:38 | 000,000,816 | ---- | C] () -- C:\Users\Abe\Desktop\OpenFOAM Designer.lnk
[2013.11.03 01:13:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.11.03 01:13:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.11.03 01:13:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.11.03 01:13:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.11.03 01:13:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.10.17 21:08:54 | 000,000,325 | ---- | C] () -- C:\Users\Abe\AppData\Roaming\mbam.context.scan
[2013.10.05 12:46:29 | 000,000,307 | ---- | C] () -- C:\windows\game.ini
[2013.07.26 11:47:06 | 000,018,944 | ---- | C] ( ) -- C:\windows\SysWow64\implode.dll
[2012.09.24 23:35:17 | 000,001,984 | ---- | C] () -- C:\windows\SysWow64\drivers\papycpu.sys
[2012.09.24 23:35:17 | 000,001,888 | ---- | C] () -- C:\windows\SysWow64\drivers\papyjoy.sys
[2012.09.24 23:34:15 | 000,000,127 | ---- | C] () -- C:\windows\SIERRA.INI
[2012.08.26 22:15:28 | 000,010,240 | ---- | C] () -- C:\Users\Abe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.15 22:32:27 | 000,000,052 | ---- | C] () -- C:\windows\DESERTDERBY.INI
[2012.07.11 19:25:38 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2012.06.19 12:09:46 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2012.06.19 12:09:46 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2012.05.05 18:53:06 | 000,260,531 | ---- | C] () -- C:\windows\pdfcvt.dat
[2012.04.15 23:40:04 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2012.04.09 01:15:04 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012.04.03 09:22:58 | 000,180,834 | ---- | C] () -- C:\windows\hpoins36.dat
[2012.04.03 09:22:58 | 000,000,578 | ---- | C] () -- C:\windows\hpomdl36.dat
[2012.03.31 20:13:52 | 000,007,626 | ---- | C] () -- C:\Users\Abe\AppData\Local\Resmon.ResmonCfg
[2012.03.31 18:56:04 | 000,000,095 | ---- | C] () -- C:\windows\winamp.ini
[2012.03.31 16:08:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.03.31 13:24:42 | 001,556,196 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.01.10 13:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.01.10 13:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.01.10 13:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.01.10 12:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Upload\AmateurLapdencer
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pinktube.com/index.php?s=user.login
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.11.03 14:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2013.11.03 18:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abe\AppData\Roaming\Mozilla\Extensions
[2013.10.31 21:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.11.03 18:45:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.candidlooks.com/cfmanager/menu.php
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Disk Google = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: avast! Online Security = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
O1 HOSTS File: ([2013.11.03 19:04:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1128..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1128..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Carka mezera na carka.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Carka mezera na mezera.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Abe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST Site and URL.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST Tagy 2.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HST Tagy.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JZ login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkTube webmaster.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PT login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT login.ahk ()
O4 - Startup: C:\Users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer.ahk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1571869238-3936240484-2151935606-1128\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Abe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Abe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FEA240C-5088-4500-8EF0-295358EACE9C}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.11.06 20:36:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
[2013.11.06 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\Abe\Desktop\RK_Quarantine
[2013.11.05 16:20:20 | 000,000,000 | ---D | C] -- C:\cfd
[2013.11.04 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\Abe\.matplotlib
[2013.11.03 19:04:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.11.03 18:45:10 | 000,000,000 | ---D | C] -- C:\Users\Abe\AppData\Roaming\Mozilla
[2013.11.03 01:13:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.11.03 01:13:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.11.03 01:13:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.11.03 01:12:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.11.03 01:11:48 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.11.03 01:10:57 | 005,143,186 | R--- | C] (Swearware) -- C:\Users\Abe\Desktop\ComboFix.exe
[2013.11.03 01:07:38 | 000,000,000 | ---D | C] -- C:\Users\Abe\AppData\Roaming\GetRightToGo
[2013.10.31 21:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2013.11.06 20:39:28 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.11.06 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abe\Desktop\OTL.exe
[2013.11.06 19:14:55 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.06 19:14:55 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.06 19:14:45 | 000,409,832 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2013.11.06 19:10:57 | 001,576,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.11.06 19:10:57 | 000,666,398 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2013.11.06 19:10:57 | 000,652,102 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.11.06 19:10:57 | 000,140,062 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2013.11.06 19:10:57 | 000,121,034 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.11.06 19:06:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.11.06 19:06:18 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.05 16:24:38 | 000,000,816 | ---- | M] () -- C:\Users\Abe\Desktop\OpenFOAM Designer.lnk
[2013.11.03 19:04:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.11.03 14:01:31 | 000,065,264 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013.11.03 14:01:30 | 001,032,416 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013.11.03 14:01:30 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013.11.03 14:01:30 | 000,084,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013.11.03 14:01:30 | 000,038,984 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013.11.03 14:01:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013.11.03 01:11:20 | 005,143,186 | R--- | M] (Swearware) -- C:\Users\Abe\Desktop\ComboFix.exe
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.11.06 20:39:28 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.11.05 16:24:38 | 000,000,816 | ---- | C] () -- C:\Users\Abe\Desktop\OpenFOAM Designer.lnk
[2013.11.03 01:13:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.11.03 01:13:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.11.03 01:13:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.11.03 01:13:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.11.03 01:13:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.10.17 21:08:54 | 000,000,325 | ---- | C] () -- C:\Users\Abe\AppData\Roaming\mbam.context.scan
[2013.10.05 12:46:29 | 000,000,307 | ---- | C] () -- C:\windows\game.ini
[2013.07.26 11:47:06 | 000,018,944 | ---- | C] ( ) -- C:\windows\SysWow64\implode.dll
[2012.09.24 23:35:17 | 000,001,984 | ---- | C] () -- C:\windows\SysWow64\drivers\papycpu.sys
[2012.09.24 23:35:17 | 000,001,888 | ---- | C] () -- C:\windows\SysWow64\drivers\papyjoy.sys
[2012.09.24 23:34:15 | 000,000,127 | ---- | C] () -- C:\windows\SIERRA.INI
[2012.08.26 22:15:28 | 000,010,240 | ---- | C] () -- C:\Users\Abe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.15 22:32:27 | 000,000,052 | ---- | C] () -- C:\windows\DESERTDERBY.INI
[2012.07.11 19:25:38 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2012.06.19 12:09:46 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2012.06.19 12:09:46 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2012.05.05 18:53:06 | 000,260,531 | ---- | C] () -- C:\windows\pdfcvt.dat
[2012.04.15 23:40:04 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2012.04.09 01:15:04 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012.04.03 09:22:58 | 000,180,834 | ---- | C] () -- C:\windows\hpoins36.dat
[2012.04.03 09:22:58 | 000,000,578 | ---- | C] () -- C:\windows\hpomdl36.dat
[2012.03.31 20:13:52 | 000,007,626 | ---- | C] () -- C:\Users\Abe\AppData\Local\Resmon.ResmonCfg
[2012.03.31 18:56:04 | 000,000,095 | ---- | C] () -- C:\windows\winamp.ini
[2012.03.31 16:08:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.03.31 13:24:42 | 001,556,196 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.01.10 13:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.01.10 13:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.01.10 13:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.01.10 12:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
Re: Avast mi našel rootkit, prosím o radu
========== LOP Check ==========
[2013.10.21 18:37:38 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\AVAST Software
[2012.07.12 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\avidemux
[2013.09.16 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Blender Foundation
[2013.08.19 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Downloaded Installations
[2013.11.06 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Dropbox
[2012.12.18 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\DVDVideoSoft
[2012.11.17 02:45:43 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Easy File Share
[2012.05.18 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FileOpen
[2012.06.11 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FM Software Studio
[2013.11.03 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\GetRightToGo
[2013.01.06 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\IObit
[2013.03.16 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Leadertech
[2013.04.05 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\MotionDSP
[2012.03.31 20:25:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Nemetschek
[2013.10.18 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\ParaView
[2013.06.05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\SoftGrid Client
[2012.08.28 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.01.20 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TeamViewer
[2012.03.31 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Thunderbird
[2012.03.31 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TP
[2013.09.20 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\VitySoft
========== Purity Check ==========
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HN-M750MBB
Partitions: 4
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 51,00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 625,00GB
Starting Offset: 54866739200
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 22,00GB
Starting Offset: 726385295360
Hidden sectors: 0
[2013.10.11 22:12:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.09.06 09:26:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2013.04.29 22:24:52 | 014,965,064 | -H-- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Picasa3\setup.exe
[2012.11.05 18:30:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel\WiFi\bin\WLANProfiles
[2013.10.21 17:27:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012.04.22 20:23:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\Power2Go\6.1
[2012.06.03 21:31:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDirector\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\3.1
[2012.04.22 20:25:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Media+ Player\10.0
[2012.04.22 20:29:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MEDIASHOW\5.0
[2012.04.22 20:23:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Power2Go\6.1
[2012.04.22 20:29:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERDIRECTOR\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\3.1
[2012.11.05 18:30:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Intel\Wireless\PANDevices
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\Intel\Wireless\WLANProfiles
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2012.09.03 17:28:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\SafeNet Sentinel\Sentinel LDK\5aad7b38-12f0-a0ed-7119-5e1b04bad3ff\.434e4631
[2013.11.03 01:34:19 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2012.03.31 17:34:09 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData
[2013.08.13 13:01:56 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\CardSpace
[2013.10.04 12:04:16 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2012.03.31 18:02:18 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2013.01.10 23:06:45 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012.03.31 10:06:48 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2012.05.25 19:53:30 | 000,000,000 | RH-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Windows\Burn\Burn
[2012.07.11 19:23:38 | 000,000,000 | RH-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Windows\Burn\Burn1
[2013.01.02 21:57:42 | 000,000,000 | RH-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Windows\Burn\Burn2
[2012.06.11 16:35:11 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\VirtualStore\ProgramData
[2013.09.26 19:26:49 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\MediaCache
[2012.03.30 23:16:47 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2012.04.01 15:05:45 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\PowerDirector\8.0\ShadowEditFiles
[2012.04.01 15:05:44 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\PowerDirector\8.0\SpltrCache
[2012.11.05 18:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\Intel\Wireless\Settings
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\Intel\Wireless\WLANProfiles
[2012.05.16 16:29:28 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013.01.23 19:05:52 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\.picasaoriginals
[2013.06.24 18:41:27 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\Panoramata\.picasaoriginals
[2013.05.13 12:32:35 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\Přednášky Pája Upraveno\Přednášky 1-11\.picasaoriginals
[2013.05.13 12:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\Přednášky Pája Upraveno\Přednášky 12-13\.picasaoriginals
[2013.04.12 17:32:09 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\sadfghjkl\.picasaoriginals
[2013.05.26 18:46:46 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\vzt 1-10 anicka prednasky\.picasaoriginals
[2013.03.15 21:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\.picasaoriginals
[2012.03.30 23:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\EffectManualOrder
[2012.04.14 01:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\FileSharingTmp
[2012.04.14 01:11:35 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\PPT_Split
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Roaming\Intel\Wireless\Settings
[2013.10.21 17:27:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012.04.22 20:23:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\Power2Go\6.1
[2012.06.03 21:31:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDirector\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\YouCam\3.1
[2012.04.22 20:25:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Media+ Player\10.0
[2012.04.22 20:29:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MEDIASHOW\5.0
[2012.04.22 20:23:51 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Power2Go\6.1
[2012.04.22 20:29:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERDIRECTOR\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\YouCam\3.1
[2012.11.05 18:30:01 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Intel\Wireless\PANDevices
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Intel\Wireless\WLANProfiles
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2012.09.03 17:28:14 | 000,000,000 | -H-D | M] -- C:\Users\All Users\SafeNet Sentinel\Sentinel LDK\5aad7b38-12f0-a0ed-7119-5e1b04bad3ff\.434e4631
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\Default\Roaming\Intel\Wireless\Settings
[2013.11.03 14:05:07 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013.01.15 22:53:44 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012.12.16 12:58:58 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2013.04.20 11:20:09 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\6.1
[2013.04.20 11:19:04 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{748DB920-B5DD-4cdb-9EC4-5A3B61A21936}\Version\8.00
[2012.12.16 12:58:58 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{E303BA32-9368-4a3c-AE3A-AFDADCBDE48B}\Version\3.1
[2012.03.31 14:29:36 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2013.09.28 14:22:21 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser.ABECOMPUTER\AppData
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser.ABECOMPUTER\Roaming\Intel\Wireless\Settings
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\Roaming\Intel\Wireless\Settings
[2011.09.06 09:54:58 | 000,000,000 | -H-D | M] -- C:\Windows\ehome\Samsung
[2012.03.31 13:13:01 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2012.06.17 21:26:20 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2012.03.31 18:01:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\windows\SysNative\WLANProfiles
[2012.08.15 22:27:35 | 000,000,000 | -H-D | M] -- C:\Windows\SysWOW64\directx\websetup
========== Base Services ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010.11.21 04:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010.11.21 04:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010.11.21 04:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010.11.21 04:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,550 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
< MD5 for: ACPI.SYS >
[2010.11.21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\windows\SysNative\drivers\acpi.sys
[2010.11.21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\windows\SysNative\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\acpi.sys
[2010.11.21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys
< MD5 for: AFD.SYS >
[2011.12.28 04:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\windows\SysNative\drivers\afd.sys
[2011.12.28 04:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011.12.28 05:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010.11.21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: CMD.EXE >
[2010.11.21 04:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\windows\SysNative\cmd.exe
[2010.11.21 04:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe
[2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\SysWOW64\cmd.exe
[2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\windows\SysNative\cryptsvc.dll
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2009.07.14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009.07.14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: FASTFAT.SYS >
[2009.07.14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\windows\SysNative\drivers\fastfat.sys
[2009.07.14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: I8042PRT.SYS >
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\drivers\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
< MD5 for: IASTOR.SYS >
[2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys
[2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys
< MD5 for: KBDCLASS.SYS >
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\erdnt\cache64\kbdclass.sys
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\windows\SysNative\drivers\kbdclass.sys
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\erdnt\cache64\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\windows\SysNative\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
< MD5 for: NDIS.SYS >
[2010.12.29 11:33:33 | 000,950,656 | ---- | M] (Microsoft Corporation) MD5=303310C91F8C0740ED1C76851C759874 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21628_none_066fff3d4bd0b870\ndis.sys
[2010.11.21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2010.12.29 11:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\erdnt\cache64\ndis.sys
[2010.12.29 11:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\windows\SysNative\drivers\ndis.sys
[2010.12.29 11:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17530_none_05d3903632c269df\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NTFS.SYS >
[2010.11.21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011.03.11 07:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011.03.11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\erdnt\cache64\ntfs.sys
[2011.03.11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\windows\SysNative\drivers\ntfs.sys
[2011.03.11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
< MD5 for: NTKRNLPA.EXE >
[2011.04.09 07:02:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=102A6182087B18C795664BCD22EB52E9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[2010.11.21 04:23:51 | 003,966,848 | ---- | M] (Microsoft Corporation) MD5=144BD78C6103C8616DE047B3532142DB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[2011.11.19 12:11:29 | 003,971,440 | ---- | M] (Microsoft Corporation) MD5=2EDA0DCCF5F00CDB91A9ECBE45CB0B3D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[2011.11.19 15:50:02 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=31C59B0CA08B1203E35D2BA19319279E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[2011.06.23 06:55:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=3624D782F8B061B6FBA3A35E2FE53CFD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=4A56DB06360F59130CAED69FA7526F0A -- C:\Windows\erdnt\cache86\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=4A56DB06360F59130CAED69FA7526F0A -- C:\Windows\SysWOW64\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=4A56DB06360F59130CAED69FA7526F0A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[2012.06.16 18:21:38 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=8F6D5704D7522AAB8B4B82C0D35D9184 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[2012.06.16 18:21:38 | 003,971,952 | ---- | M] (Microsoft Corporation) MD5=93358348D0B79812CAAA83A1377E4449 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[2011.04.09 07:01:20 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=9CF7F5D025183FA10E130445BC071B70 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[2011.06.23 05:33:57 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=A4A8EF2ACE5FA5863AA0B04C9BBFECA7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,971,952 | ---- | M] (Microsoft Corporation) MD5=AFF886D9D718D3747E5031816C0DA7D2 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[2011.04.08 08:35:10 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=CD1B3477BA75660EE7AE3DECCCEC9F28 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17591_none_6dde4b4e12a8bef6\ntkrnlpa.exe
[2011.04.08 07:47:46 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=F09089C2F523C5CAFA3ECBE76AFE88FA -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21700_none_6ec839012b7e4717\ntkrnlpa.exe
< MD5 for: NTOSKRNL.EXE >
[2011.11.19 12:11:28 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=00B12EA93ED392FBD09F07B63E926647 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[2012.06.16 18:21:38 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=03B5C6DBA5A770CEEFD1615E380C6BC3 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[2011.04.08 08:35:09 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=0F8186D2A0E4BAF407088BA10C4B30E9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17591_none_6dde4b4e12a8bef6\ntoskrnl.exe
[2011.11.19 16:20:37 | 005,559,152 | ---- | M] (Microsoft Corporation) MD5=1AFFF8D5352AECEF2ECD47FFA02D7F7D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe
[2010.11.21 04:23:51 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\Windows\erdnt\cache64\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\windows\SysNative\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[2012.06.16 18:21:38 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=28F44480E411C3DDF04B63F6560E6EF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[2012.06.16 18:21:38 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=2E02A17E8965AD671E4987E503AD38B1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[2011.04.08 08:46:39 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=2F926E1E23AA0D99D2021163ACEF070E -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17591_none_c9fce6d1cb06302c\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\erdnt\cache86\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\SysWOW64\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[2011.06.23 06:43:12 | 005,561,216 | ---- | M] (Microsoft Corporation) MD5=577841951E8BAD6EA8288106693CD39F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[2011.04.09 07:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=6A692DB27A943B463E97B749DD34F3DA -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[2012.06.16 18:21:38 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=708A4C721CEE6B3845B5A54477D873CF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[2011.11.19 13:04:17 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=70A2D18E0B2A1ADBAE90008684E030AC -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe
[2011.04.08 08:28:39 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=8C71CEA8AA6EB34DFCDBA23DAB6E2F6C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21700_none_cae6d484e3dbb84d\ntoskrnl.exe
[2011.06.23 06:55:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=90EFDB506F6140EEA9DEE398D9449D86 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[2011.04.09 07:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=A37A39568C8EC9A17D1B7471445B81A8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[2010.11.21 04:24:26 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011.04.08 07:47:46 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=C84EE04906FC06DC5D69AFC61A454AD6 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21700_none_6ec839012b7e4717\ntoskrnl.exe
[2011.06.23 06:22:01 | 005,561,728 | ---- | M] (Microsoft Corporation) MD5=CE6AF5EC2DB1567B6297ADCB56B39B5D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[2011.04.09 07:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2011.04.09 08:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011.11.19 15:50:02 | 003,913,584 | ---- | M] (Microsoft Corporation) MD5=F0F0E99A65F598A1A7720F5111C4DA8F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[2011.06.23 05:33:57 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=FB58ABD5E1F75A2CF713C9DFF0EC0804 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
< MD5 for: NVRAID.SYS >
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\drivers\nvraid.sys
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\windows\SysNative\smss.exe
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\erdnt\cache64\spoolsv.exe
[2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\windows\SysNative\spoolsv.exe
[2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.03.01 09:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011.03.01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011.03.01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011.03.01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011.03.01 09:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011.03.01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011.03.01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011.03.01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.09.29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.06.16 18:19:16 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.04.25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012.06.16 18:19:16 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012.06.16 18:19:16 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\windows\SysNative\drivers\tcpip.sys
[2012.06.16 18:19:16 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011.04.25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.09.29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: TDX.SYS >
[2010.11.21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\erdnt\cache64\tdx.sys
[2010.11.21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\windows\SysNative\drivers\tdx.sys
[2010.11.21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WDF01000.SYS >
[2009.07.14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\windows\SysNative\drivers\Wdf01000.sys
[2009.07.14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91\Wdf01000.sys
< MD5 for: WIN32K.SYS >
[2012.06.16 18:32:06 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=1D7EDEAD6891810BCF8566B2319A8B11 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21995_none_174da290ca83e41f\win32k.sys
[2011.06.11 04:07:25 | 003,137,536 | ---- | M] (Microsoft Corporation) MD5=7A1BCE8E431CE1083E6807D43C1B0661 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17630_none_16ffe00fb13a23ae\win32k.sys
[2012.06.16 18:21:38 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=88592AB8F8AE4F7264A936AEE682BBE5 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_1778e240ca63745b\win32k.sys
[2012.06.16 18:32:06 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=A0360F2DEFCBC40497A4F3D0599FE71A -- C:\windows\SysNative\win32k.sys
[2012.06.16 18:32:06 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=A0360F2DEFCBC40497A4F3D0599FE71A -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17842_none_16f71483b1406c9b\win32k.sys
[2012.02.03 05:34:34 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=A3A7E9D10745A7CAC5F346370B81D08B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_16d6a2d9b158c347\win32k.sys
[2010.11.21 04:24:16 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=A89392A32BA98468710FD7E38318934B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401\win32k.sys
[2012.02.03 05:15:32 | 003,148,288 | ---- | M] (Microsoft Corporation) MD5=D743EB3F1917EE3D2861064D8A53E07F -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_17a321a6ca43eb40\win32k.sys
[2011.06.11 03:54:15 | 003,140,096 | ---- | M] (Microsoft Corporation) MD5=D9DC465D72719EB413FDD056B0F25EED -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21744_none_1782ae16ca5c44c5\win32k.sys
[2012.06.16 18:21:38 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=F4C456F9235ED440B81107E951555411 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_1723547db11f162e\win32k.sys
< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WINSRV.DLL >
[2011.05.14 08:11:21 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=1A589228B6DC007120F877DBBD6CB79D -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_15276bfecc16de2a\winsrv.dll
[2011.05.14 08:24:33 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=3A8135A7DED2FA0DAD3BDE1B14865A8A -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_14a79ed5b2f20918\winsrv.dll
[2011.06.03 08:01:31 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=5AA1C7B5F471C4657BE38447BC397665 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_151c9c12cc1efa1b\winsrv.dll
[2011.06.03 07:57:44 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=9F761CE1C6C013120B2F0DB27D48C06F -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_149ace55b2fbf25b\winsrv.dll
[2011.06.24 06:27:05 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=C13D05A015346DED3D722BE285814495 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2010.11.21 04:24:16 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2011.06.24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\windows\SysNative\winsrv.dll
[2011.06.24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll
< MD5 for: WS2_32.DLL >
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\erdnt\cache64\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\windows\SysNative\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache86\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
< MD5 for: WSCRIPT.EXE >
[2009.07.14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\windows\SysNative\wscript.exe
[2009.07.14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\SysWOW64\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe
[2013.10.21 18:37:38 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\AVAST Software
[2012.07.12 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\avidemux
[2013.09.16 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Blender Foundation
[2013.08.19 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Downloaded Installations
[2013.11.06 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Dropbox
[2012.12.18 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\DVDVideoSoft
[2012.11.17 02:45:43 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Easy File Share
[2012.05.18 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FileOpen
[2012.06.11 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FM Software Studio
[2013.11.03 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\GetRightToGo
[2013.01.06 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\IObit
[2013.03.16 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Leadertech
[2013.04.05 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\MotionDSP
[2012.03.31 20:25:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Nemetschek
[2013.10.18 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\ParaView
[2013.06.05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\SoftGrid Client
[2012.08.28 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.01.20 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TeamViewer
[2012.03.31 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Thunderbird
[2012.03.31 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TP
[2013.09.20 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\VitySoft
========== Purity Check ==========
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HN-M750MBB
Partitions: 4
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 51,00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 625,00GB
Starting Offset: 54866739200
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 22,00GB
Starting Offset: 726385295360
Hidden sectors: 0
[2013.10.11 22:12:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.09.06 09:26:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2013.04.29 22:24:52 | 014,965,064 | -H-- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Picasa3\setup.exe
[2012.11.05 18:30:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel\WiFi\bin\WLANProfiles
[2013.10.21 17:27:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012.04.22 20:23:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\Power2Go\6.1
[2012.06.03 21:31:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDirector\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\3.1
[2012.04.22 20:25:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Media+ Player\10.0
[2012.04.22 20:29:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MEDIASHOW\5.0
[2012.04.22 20:23:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Power2Go\6.1
[2012.04.22 20:29:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERDIRECTOR\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\3.1
[2012.11.05 18:30:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Intel\Wireless\PANDevices
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\Intel\Wireless\WLANProfiles
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2012.09.03 17:28:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\SafeNet Sentinel\Sentinel LDK\5aad7b38-12f0-a0ed-7119-5e1b04bad3ff\.434e4631
[2013.11.03 01:34:19 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2012.03.31 17:34:09 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData
[2013.08.13 13:01:56 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\CardSpace
[2013.10.04 12:04:16 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2012.03.31 18:02:18 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2013.01.10 23:06:45 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012.03.31 10:06:48 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2012.05.25 19:53:30 | 000,000,000 | RH-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Windows\Burn\Burn
[2012.07.11 19:23:38 | 000,000,000 | RH-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Windows\Burn\Burn1
[2013.01.02 21:57:42 | 000,000,000 | RH-D | M] -- C:\Users\Abe\AppData\Local\Microsoft\Windows\Burn\Burn2
[2012.06.11 16:35:11 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Local\VirtualStore\ProgramData
[2013.09.26 19:26:49 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\MediaCache
[2012.03.30 23:16:47 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2012.04.01 15:05:45 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\PowerDirector\8.0\ShadowEditFiles
[2012.04.01 15:05:44 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink\PowerDirector\8.0\SpltrCache
[2012.11.05 18:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\Intel\Wireless\Settings
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\Intel\Wireless\WLANProfiles
[2012.05.16 16:29:28 | 000,000,000 | -H-D | M] -- C:\Users\Abe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013.01.23 19:05:52 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\.picasaoriginals
[2013.06.24 18:41:27 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\Panoramata\.picasaoriginals
[2013.05.13 12:32:35 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\Přednášky Pája Upraveno\Přednášky 1-11\.picasaoriginals
[2013.05.13 12:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\Přednášky Pája Upraveno\Přednášky 12-13\.picasaoriginals
[2013.04.12 17:32:09 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\sadfghjkl\.picasaoriginals
[2013.05.26 18:46:46 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Picasa\vzt 1-10 anicka prednasky\.picasaoriginals
[2013.03.15 21:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\.picasaoriginals
[2012.03.30 23:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\EffectManualOrder
[2012.04.14 01:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\FileSharingTmp
[2012.04.14 01:11:35 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Documents\Youcam\PPT_Split
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\Abe\Roaming\Intel\Wireless\Settings
[2013.10.21 17:27:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012.04.22 20:23:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\Power2Go\6.1
[2012.06.03 21:31:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDirector\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\YouCam\3.1
[2012.04.22 20:25:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Media+ Player\10.0
[2012.04.22 20:29:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MEDIASHOW\5.0
[2012.04.22 20:23:51 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Power2Go\6.1
[2012.04.22 20:29:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERDIRECTOR\8.00
[2012.04.14 01:04:20 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\YouCam\3.1
[2012.11.05 18:30:01 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Intel\Wireless\PANDevices
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Intel\Wireless\WLANProfiles
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009.07.14 06:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2012.09.03 17:28:14 | 000,000,000 | -H-D | M] -- C:\Users\All Users\SafeNet Sentinel\Sentinel LDK\5aad7b38-12f0-a0ed-7119-5e1b04bad3ff\.434e4631
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\Default\Roaming\Intel\Wireless\Settings
[2013.11.03 14:05:07 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013.01.15 22:53:44 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012.12.16 12:58:58 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2013.04.20 11:20:09 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\6.1
[2013.04.20 11:19:04 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{748DB920-B5DD-4cdb-9EC4-5A3B61A21936}\Version\8.00
[2012.12.16 12:58:58 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{E303BA32-9368-4a3c-AE3A-AFDADCBDE48B}\Version\3.1
[2012.03.31 14:29:36 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2013.09.28 14:22:21 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser.ABECOMPUTER\AppData
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser.ABECOMPUTER\Roaming\Intel\Wireless\Settings
[2012.11.05 18:29:39 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\Roaming\Intel\Wireless\Settings
[2011.09.06 09:54:58 | 000,000,000 | -H-D | M] -- C:\Windows\ehome\Samsung
[2012.03.31 13:13:01 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2012.06.17 21:26:20 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2012.03.31 18:01:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2012.11.05 18:30:00 | 000,000,000 | -H-D | M] -- C:\windows\SysNative\WLANProfiles
[2012.08.15 22:27:35 | 000,000,000 | -H-D | M] -- C:\Windows\SysWOW64\directx\websetup
========== Base Services ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010.11.21 04:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010.11.21 04:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010.11.21 04:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010.11.21 04:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,550 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
< MD5 for: ACPI.SYS >
[2010.11.21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\windows\SysNative\drivers\acpi.sys
[2010.11.21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\windows\SysNative\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\acpi.sys
[2010.11.21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys
< MD5 for: AFD.SYS >
[2011.12.28 04:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\windows\SysNative\drivers\afd.sys
[2011.12.28 04:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011.12.28 05:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010.11.21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: CMD.EXE >
[2010.11.21 04:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\windows\SysNative\cmd.exe
[2010.11.21 04:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe
[2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\SysWOW64\cmd.exe
[2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\windows\SysNative\cryptsvc.dll
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2009.07.14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009.07.14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: FASTFAT.SYS >
[2009.07.14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\windows\SysNative\drivers\fastfat.sys
[2009.07.14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: I8042PRT.SYS >
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\drivers\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009.07.14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
< MD5 for: IASTOR.SYS >
[2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys
[2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys
< MD5 for: KBDCLASS.SYS >
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\erdnt\cache64\kbdclass.sys
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\windows\SysNative\drivers\kbdclass.sys
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009.07.14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\erdnt\cache64\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\windows\SysNative\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
< MD5 for: NDIS.SYS >
[2010.12.29 11:33:33 | 000,950,656 | ---- | M] (Microsoft Corporation) MD5=303310C91F8C0740ED1C76851C759874 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21628_none_066fff3d4bd0b870\ndis.sys
[2010.11.21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2010.12.29 11:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\erdnt\cache64\ndis.sys
[2010.12.29 11:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\windows\SysNative\drivers\ndis.sys
[2010.12.29 11:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17530_none_05d3903632c269df\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NTFS.SYS >
[2010.11.21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011.03.11 07:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011.03.11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\erdnt\cache64\ntfs.sys
[2011.03.11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\windows\SysNative\drivers\ntfs.sys
[2011.03.11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
< MD5 for: NTKRNLPA.EXE >
[2011.04.09 07:02:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=102A6182087B18C795664BCD22EB52E9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[2010.11.21 04:23:51 | 003,966,848 | ---- | M] (Microsoft Corporation) MD5=144BD78C6103C8616DE047B3532142DB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[2011.11.19 12:11:29 | 003,971,440 | ---- | M] (Microsoft Corporation) MD5=2EDA0DCCF5F00CDB91A9ECBE45CB0B3D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[2011.11.19 15:50:02 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=31C59B0CA08B1203E35D2BA19319279E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[2011.06.23 06:55:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=3624D782F8B061B6FBA3A35E2FE53CFD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=4A56DB06360F59130CAED69FA7526F0A -- C:\Windows\erdnt\cache86\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=4A56DB06360F59130CAED69FA7526F0A -- C:\Windows\SysWOW64\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=4A56DB06360F59130CAED69FA7526F0A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[2012.06.16 18:21:38 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=8F6D5704D7522AAB8B4B82C0D35D9184 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[2012.06.16 18:21:38 | 003,971,952 | ---- | M] (Microsoft Corporation) MD5=93358348D0B79812CAAA83A1377E4449 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[2011.04.09 07:01:20 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=9CF7F5D025183FA10E130445BC071B70 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[2011.06.23 05:33:57 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=A4A8EF2ACE5FA5863AA0B04C9BBFECA7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[2012.06.16 18:27:35 | 003,971,952 | ---- | M] (Microsoft Corporation) MD5=AFF886D9D718D3747E5031816C0DA7D2 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[2011.04.08 08:35:10 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=CD1B3477BA75660EE7AE3DECCCEC9F28 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17591_none_6dde4b4e12a8bef6\ntkrnlpa.exe
[2011.04.08 07:47:46 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=F09089C2F523C5CAFA3ECBE76AFE88FA -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21700_none_6ec839012b7e4717\ntkrnlpa.exe
< MD5 for: NTOSKRNL.EXE >
[2011.11.19 12:11:28 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=00B12EA93ED392FBD09F07B63E926647 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[2012.06.16 18:21:38 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=03B5C6DBA5A770CEEFD1615E380C6BC3 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[2011.04.08 08:35:09 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=0F8186D2A0E4BAF407088BA10C4B30E9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17591_none_6dde4b4e12a8bef6\ntoskrnl.exe
[2011.11.19 16:20:37 | 005,559,152 | ---- | M] (Microsoft Corporation) MD5=1AFFF8D5352AECEF2ECD47FFA02D7F7D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe
[2010.11.21 04:23:51 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\Windows\erdnt\cache64\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\windows\SysNative\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[2012.06.16 18:21:38 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=28F44480E411C3DDF04B63F6560E6EF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[2012.06.16 18:21:38 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=2E02A17E8965AD671E4987E503AD38B1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[2011.04.08 08:46:39 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=2F926E1E23AA0D99D2021163ACEF070E -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17591_none_c9fce6d1cb06302c\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\erdnt\cache86\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\SysWOW64\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[2011.06.23 06:43:12 | 005,561,216 | ---- | M] (Microsoft Corporation) MD5=577841951E8BAD6EA8288106693CD39F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[2011.04.09 07:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2012.06.16 18:27:35 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=6A692DB27A943B463E97B749DD34F3DA -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[2012.06.16 18:21:38 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=708A4C721CEE6B3845B5A54477D873CF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[2011.11.19 13:04:17 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=70A2D18E0B2A1ADBAE90008684E030AC -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe
[2011.04.08 08:28:39 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=8C71CEA8AA6EB34DFCDBA23DAB6E2F6C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21700_none_cae6d484e3dbb84d\ntoskrnl.exe
[2011.06.23 06:55:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=90EFDB506F6140EEA9DEE398D9449D86 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[2011.04.09 07:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2012.06.16 18:27:35 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=A37A39568C8EC9A17D1B7471445B81A8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[2010.11.21 04:24:26 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011.04.08 07:47:46 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=C84EE04906FC06DC5D69AFC61A454AD6 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21700_none_6ec839012b7e4717\ntoskrnl.exe
[2011.06.23 06:22:01 | 005,561,728 | ---- | M] (Microsoft Corporation) MD5=CE6AF5EC2DB1567B6297ADCB56B39B5D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[2011.04.09 07:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2011.04.09 08:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011.11.19 15:50:02 | 003,913,584 | ---- | M] (Microsoft Corporation) MD5=F0F0E99A65F598A1A7720F5111C4DA8F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[2011.06.23 05:33:57 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=FB58ABD5E1F75A2CF713C9DFF0EC0804 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
< MD5 for: NVRAID.SYS >
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\drivers\nvraid.sys
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\windows\SysNative\smss.exe
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\erdnt\cache64\spoolsv.exe
[2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\windows\SysNative\spoolsv.exe
[2010.11.21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.03.01 09:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011.03.01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011.03.01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011.03.01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011.03.01 09:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011.03.01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011.03.01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011.03.01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.09.29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.06.16 18:19:16 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.04.25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012.06.16 18:19:16 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012.06.16 18:19:16 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\windows\SysNative\drivers\tcpip.sys
[2012.06.16 18:19:16 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011.04.25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.09.29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: TDX.SYS >
[2010.11.21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\erdnt\cache64\tdx.sys
[2010.11.21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\windows\SysNative\drivers\tdx.sys
[2010.11.21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WDF01000.SYS >
[2009.07.14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\windows\SysNative\drivers\Wdf01000.sys
[2009.07.14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91\Wdf01000.sys
< MD5 for: WIN32K.SYS >
[2012.06.16 18:32:06 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=1D7EDEAD6891810BCF8566B2319A8B11 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21995_none_174da290ca83e41f\win32k.sys
[2011.06.11 04:07:25 | 003,137,536 | ---- | M] (Microsoft Corporation) MD5=7A1BCE8E431CE1083E6807D43C1B0661 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17630_none_16ffe00fb13a23ae\win32k.sys
[2012.06.16 18:21:38 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=88592AB8F8AE4F7264A936AEE682BBE5 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_1778e240ca63745b\win32k.sys
[2012.06.16 18:32:06 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=A0360F2DEFCBC40497A4F3D0599FE71A -- C:\windows\SysNative\win32k.sys
[2012.06.16 18:32:06 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=A0360F2DEFCBC40497A4F3D0599FE71A -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17842_none_16f71483b1406c9b\win32k.sys
[2012.02.03 05:34:34 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=A3A7E9D10745A7CAC5F346370B81D08B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_16d6a2d9b158c347\win32k.sys
[2010.11.21 04:24:16 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=A89392A32BA98468710FD7E38318934B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401\win32k.sys
[2012.02.03 05:15:32 | 003,148,288 | ---- | M] (Microsoft Corporation) MD5=D743EB3F1917EE3D2861064D8A53E07F -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_17a321a6ca43eb40\win32k.sys
[2011.06.11 03:54:15 | 003,140,096 | ---- | M] (Microsoft Corporation) MD5=D9DC465D72719EB413FDD056B0F25EED -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21744_none_1782ae16ca5c44c5\win32k.sys
[2012.06.16 18:21:38 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=F4C456F9235ED440B81107E951555411 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_1723547db11f162e\win32k.sys
< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WINSRV.DLL >
[2011.05.14 08:11:21 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=1A589228B6DC007120F877DBBD6CB79D -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_15276bfecc16de2a\winsrv.dll
[2011.05.14 08:24:33 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=3A8135A7DED2FA0DAD3BDE1B14865A8A -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_14a79ed5b2f20918\winsrv.dll
[2011.06.03 08:01:31 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=5AA1C7B5F471C4657BE38447BC397665 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_151c9c12cc1efa1b\winsrv.dll
[2011.06.03 07:57:44 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=9F761CE1C6C013120B2F0DB27D48C06F -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_149ace55b2fbf25b\winsrv.dll
[2011.06.24 06:27:05 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=C13D05A015346DED3D722BE285814495 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2010.11.21 04:24:16 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2011.06.24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\windows\SysNative\winsrv.dll
[2011.06.24 06:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll
< MD5 for: WS2_32.DLL >
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\erdnt\cache64\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\windows\SysNative\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache86\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
< MD5 for: WSCRIPT.EXE >
[2009.07.14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\windows\SysNative\wscript.exe
[2009.07.14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\SysWOW64\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe
Re: Avast mi našel rootkit, prosím o radu
< >
< %systemroot%\system32\logevent.dll /md5 >
< %systemroot%\system32\sceclt.dll /md5 >
< %systemroot%\system32\ntelogon.dll /md5 >
< %systemroot%\system32\consrv.dll /md5 >
< >
< %systemroot%\system32\logevent.dll /md5 /64 >
< %systemroot%\system32\sceclt.dll /md5 /64 >
< %systemroot%\system32\ntelogon.dll /md5 /64 >
< %systemroot%\system32\consrv.dll /md5 /64 >
< >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.11.06 20:39:28 | 000,000,512 | ---- | M] () MD5=738EE056A13C9CF03C9E930449167599 -- C:\PhysicalMBR.bin
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.10.26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=EF01D104449CC654FDCF423C92BD8846 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.10.09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) MD5=3E399A1328181C2A352472369DE2A93A -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2008.10.06 14:39:18 | 000,254,464 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\Spool\prtprocs\x64\hpfpp083.dll
[2010.11.21 04:24:16 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\x64\winprint.dll
[2011.09.07 01:03:37 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui
< %systemroot%\system32\drivers\*.sys /10 >
< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 22:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009.06.10 22:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /10 >
[2013.11.06 19:09:29 | 000,000,018 | ---- | M] () -- C:\windows\system32\log.txt
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\system32\*.* /lockedfiles >
[2013.11.06 19:09:29 | 000,000,018 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\log.txt
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
< >
< c:\$Recycle.Bin|L,N,U,@;true;true;true /FN >
< c:\Windows\Installer|L,N,U,@;true;true;true /FN >
< >
< %systemroot%\Tasks\*.job >
< %systemroot%\*.* /U /s >
[3 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[2 C:\windows\SysWOW64\*.tmp files -> C:\windows\SysWOW64\*.tmp -> ]
[1 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[162 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\twain_32\*.tmp files -> C:\windows\twain_32\*.tmp -> ]
< %systemroot%\*. /rp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >
< %ALLUSERSPROFILE%\Data Aplikácií\*.* >
< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %APPDATA%\*. >
[2012.08.29 14:26:50 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Adobe
[2013.10.21 18:37:38 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\AVAST Software
[2012.07.12 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\avidemux
[2013.09.16 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Blender Foundation
[2012.04.22 20:28:54 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink
[2013.08.19 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Downloaded Installations
[2013.11.06 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Dropbox
[2012.12.18 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\DVDVideoSoft
[2012.11.17 02:45:43 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Easy File Share
[2012.05.18 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FileOpen
[2012.06.11 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FM Software Studio
[2013.11.03 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\GetRightToGo
[2012.04.03 09:38:51 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\HP
[2012.03.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Identities
[2012.11.05 18:29:51 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Intel
[2013.01.06 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\IObit
[2013.03.16 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Leadertech
[2012.03.31 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Macromedia
[2013.02.25 19:20:16 | 000,000,000 | --SD | M] -- C:\Users\Abe\AppData\Roaming\Microsoft
[2013.04.05 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\MotionDSP
[2013.11.03 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Mozilla
[2012.03.31 20:25:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Nemetschek
[2013.09.28 12:16:04 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\NVIDIA
[2013.10.18 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\ParaView
[2013.11.02 14:07:18 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Skype
[2012.03.31 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\skypePM
[2013.06.05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\SoftGrid Client
[2012.08.28 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.01.20 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TeamViewer
[2012.03.31 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Thunderbird
[2012.03.31 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TP
[2013.09.20 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\VitySoft
< %APPDATA%\*.* >
[2013.10.17 21:08:54 | 000,000,325 | ---- | M] () -- C:\Users\Abe\AppData\Roaming\mbam.context.scan
< %APPDATA%\*.exe /s >
[2013.05.25 01:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013.05.25 01:48:34 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2009.01.16 09:19:56 | 001,731,736 | ---- | M] (Leader Technologies/Seagate) -- C:\Users\Abe\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GE4DYGC Product Registration.exe
[2012.08.28 17:20:10 | 000,010,134 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2013.06.06 19:39:18 | 000,043,385 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_0CE5D65C672A59FCFADCFA.exe
[2013.06.06 19:39:18 | 000,043,385 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_112D608FD02CD87FDC7735.exe
[2013.06.06 19:39:18 | 000,032,579 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_853F67D554F05449430E7E.exe
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32|bak;true;false;false /fp >
< %PROGRAMFILES%|bak;true;false;false /fp >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"GoogleDriveSync" = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart -- [2013.09.25 16:37:00 | 020,133,824 | ---- | M] (Google)
========== Alternate Data Streams ==========
@Alternate Data Stream - 6392 bytes -> C:\windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C25DC0ED
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:302A9871
< End of report >
< %systemroot%\system32\logevent.dll /md5 >
< %systemroot%\system32\sceclt.dll /md5 >
< %systemroot%\system32\ntelogon.dll /md5 >
< %systemroot%\system32\consrv.dll /md5 >
< >
< %systemroot%\system32\logevent.dll /md5 /64 >
< %systemroot%\system32\sceclt.dll /md5 /64 >
< %systemroot%\system32\ntelogon.dll /md5 /64 >
< %systemroot%\system32\consrv.dll /md5 /64 >
< >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.11.06 20:39:28 | 000,000,512 | ---- | M] () MD5=738EE056A13C9CF03C9E930449167599 -- C:\PhysicalMBR.bin
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.10.26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=EF01D104449CC654FDCF423C92BD8846 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.10.09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) MD5=3E399A1328181C2A352472369DE2A93A -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2008.10.06 14:39:18 | 000,254,464 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\Spool\prtprocs\x64\hpfpp083.dll
[2010.11.21 04:24:16 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\x64\winprint.dll
[2011.09.07 01:03:37 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui
< %systemroot%\system32\drivers\*.sys /10 >
< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 22:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009.06.10 22:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /10 >
[2013.11.06 19:09:29 | 000,000,018 | ---- | M] () -- C:\windows\system32\log.txt
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\system32\*.* /lockedfiles >
[2013.11.06 19:09:29 | 000,000,018 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\log.txt
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
< >
< c:\$Recycle.Bin|L,N,U,@;true;true;true /FN >
< c:\Windows\Installer|L,N,U,@;true;true;true /FN >
< >
< %systemroot%\Tasks\*.job >
< %systemroot%\*.* /U /s >
[3 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[2 C:\windows\SysWOW64\*.tmp files -> C:\windows\SysWOW64\*.tmp -> ]
[1 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[162 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\twain_32\*.tmp files -> C:\windows\twain_32\*.tmp -> ]
< %systemroot%\*. /rp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >
< %ALLUSERSPROFILE%\Data Aplikácií\*.* >
< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %APPDATA%\*. >
[2012.08.29 14:26:50 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Adobe
[2013.10.21 18:37:38 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\AVAST Software
[2012.07.12 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\avidemux
[2013.09.16 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Blender Foundation
[2012.04.22 20:28:54 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\CyberLink
[2013.08.19 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Downloaded Installations
[2013.11.06 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Dropbox
[2012.12.18 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\DVDVideoSoft
[2012.11.17 02:45:43 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Easy File Share
[2012.05.18 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FileOpen
[2012.06.11 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\FM Software Studio
[2013.11.03 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\GetRightToGo
[2012.04.03 09:38:51 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\HP
[2012.03.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Identities
[2012.11.05 18:29:51 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Intel
[2013.01.06 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\IObit
[2013.03.16 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Leadertech
[2012.03.31 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Macromedia
[2013.02.25 19:20:16 | 000,000,000 | --SD | M] -- C:\Users\Abe\AppData\Roaming\Microsoft
[2013.04.05 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\MotionDSP
[2013.11.03 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Mozilla
[2012.03.31 20:25:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Nemetschek
[2013.09.28 12:16:04 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\NVIDIA
[2013.10.18 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\ParaView
[2013.11.02 14:07:18 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Skype
[2012.03.31 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\skypePM
[2013.06.05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\SoftGrid Client
[2012.08.28 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.01.20 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TeamViewer
[2012.03.31 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\Thunderbird
[2012.03.31 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\TP
[2013.09.20 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Abe\AppData\Roaming\VitySoft
< %APPDATA%\*.* >
[2013.10.17 21:08:54 | 000,000,325 | ---- | M] () -- C:\Users\Abe\AppData\Roaming\mbam.context.scan
< %APPDATA%\*.exe /s >
[2013.05.25 01:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013.05.25 01:48:34 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Abe\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2009.01.16 09:19:56 | 001,731,736 | ---- | M] (Leader Technologies/Seagate) -- C:\Users\Abe\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GE4DYGC Product Registration.exe
[2012.08.28 17:20:10 | 000,010,134 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2013.06.06 19:39:18 | 000,043,385 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_0CE5D65C672A59FCFADCFA.exe
[2013.06.06 19:39:18 | 000,043,385 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_112D608FD02CD87FDC7735.exe
[2013.06.06 19:39:18 | 000,032,579 | R--- | M] () -- C:\Users\Abe\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_853F67D554F05449430E7E.exe
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32|bak;true;false;false /fp >
< %PROGRAMFILES%|bak;true;false;false /fp >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"GoogleDriveSync" = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart -- [2013.09.25 16:37:00 | 020,133,824 | ---- | M] (Google)
========== Alternate Data Streams ==========
@Alternate Data Stream - 6392 bytes -> C:\windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C25DC0ED
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:302A9871
< End of report >
Re: Avast mi našel rootkit, prosím o radu
OTL
Extras log
Extras log
- Přílohy
-
- Extras.zip
- (16.36 KiB) Staženo 47 x
Re: Avast mi našel rootkit, prosím o radu
C:\windows\Wisaroc.exe
na virus total nic detekováno, všechno ok
C:\Windows\SysWOW64\drivers\papycpu.sys
na virus total nic detekováno, všechno ok
Ohledně webu, sice jsem neměl tušení že je nastaven jako homepage a tak vůbec (asi se stala v minulosti někde chyba) nicméně mám ponětí co je zač (není nebezpečný).
na virus total nic detekováno, všechno ok
C:\Windows\SysWOW64\drivers\papycpu.sys
na virus total nic detekováno, všechno ok
Ohledně webu, sice jsem neměl tušení že je nastaven jako homepage a tak vůbec (asi se stala v minulosti někde chyba) nicméně mám ponětí co je zač (není nebezpečný).
Re: Avast mi našel rootkit, prosím o radu
V tom případě velice děkuji za pomoc a snad je vše v pořádku.
Měl bych ještě jeden dotaz, který je mimo toto téma. Jen mě tak napadlo, jak mají snad všechny notebooky v dnešní době oddíl na disku pro přeinstalování systému, tak jetli když má člověk skutečně zavirovaný počítač a je nutná přeinstalace sytému, tak jestli se viry skutečně smažou, nebo se můžou "vloudit" už na ten instalační oddíl a naistalovat se znovu do systému spolu s instalací systému?
Měl bych ještě jeden dotaz, který je mimo toto téma. Jen mě tak napadlo, jak mají snad všechny notebooky v dnešní době oddíl na disku pro přeinstalování systému, tak jetli když má člověk skutečně zavirovaný počítač a je nutná přeinstalace sytému, tak jestli se viry skutečně smažou, nebo se můžou "vloudit" už na ten instalační oddíl a naistalovat se znovu do systému spolu s instalací systému?
Re: Avast mi našel rootkit, prosím o radu
A ještě jedna otázečka : složku Qoobox po Combofixu můžu normálně smazat předpokládám?
Přispějete na provoz fóra?