Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - pomalejší noťas

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - pomalejší noťas

#16 Příspěvek od Márty84 »

:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\Thymallus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-12-27] ()

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2229627116-1106471772-112158516-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

2017-04-25 17:38 - 2014-01-02 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: {7B5F99EC-B04C-4DAD-A812-69531FD7535F} - System32\Tasks\{EF7646F1-7FAA-479E-B1E1-0CAFD3712210} => pcalua.exe -a C:\Users\Thymallus\AppData\Local\Temp\Data\MapSource\MapSource_6163.exe -d C:\Users\Thymallus\AppData\Local\Temp\ <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#17 Příspěvek od gomik »

Tak tady to je pane :-)

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-04-2017
Ran by Thymallus (26-04-2017 17:42:39) Run:1
Running from C:\Users\Thymallus\Desktop
Loaded Profiles: Thymallus (Available Profiles: Thymallus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\Thymallus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-12-27] ()

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2229627116-1106471772-112158516-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

2017-04-25 17:38 - 2014-01-02 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: {7B5F99EC-B04C-4DAD-A812-69531FD7535F} - System32\Tasks\{EF7646F1-7FAA-479E-B1E1-0CAFD3712210} => pcalua.exe -a C:\Users\Thymallus\AppData\Local\Temp\Data\MapSource\MapSource_6163.exe -d C:\Users\Thymallus\AppData\Local\Temp\ <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Users\Thymallus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key removed successfully
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-2229627116-1106471772-112158516-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
C:\ProgramData\Malwarebytes => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B5F99EC-B04C-4DAD-A812-69531FD7535F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5F99EC-B04C-4DAD-A812-69531FD7535F} => key removed successfully
C:\windows\System32\Tasks\{EF7646F1-7FAA-479E-B1E1-0CAFD3712210} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF7646F1-7FAA-479E-B1E1-0CAFD3712210} => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 162262125 B
Java, Flash, Steam htmlcache => 2914 B
Windows/system/drivers => 69180591 B
Edge => 0 B
Chrome => 0 B
Firefox => 379116710 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 407101394 B
systemprofile32 => 49569 B
LocalService => 66228 B
NetworkService => 66228 B
Thymallus => 446762575 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:52:04 ====
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#18 Příspěvek od gomik »

Jinak teď po proběhnutí toho fixu se po každém startu počítače otevře okno průzkumníku s adresou:
C:\Users\Thymallus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

to mi nedělalo :-/


edit:
koukl jsem do start>po spuštění a byla tam dána tato prázdná složka, takže jsem to smazal a snad to bude dobré...

edit2:
jo, je to dobré :-)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - pomalejší noťas

#19 Příspěvek od Márty84 »

Dobre jste to vyresil :thumbsup:


:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak to s pc vypada.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#20 Příspěvek od gomik »

supr, díky.
CCleaner používám už leta, vynikající program na čištění...

budeme i odinstalovávat crystaldiskinfo?

teď jdu spustit deferagmentaci, to bude určo na dlouho...
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - pomalejší noťas

#21 Příspěvek od Márty84 »

gomik píše:budeme i odinstalovávat crystaldiskinfo?
Zalezi na vas. Ja si ho v pc nechavam a jednou za pul roku si disk proverim :-) Ale samozrejme muzete ho odinstalovat a v pripade potreby znovu nainstalovat ;-)
gomik píše:teď jdu spustit deferagmentaci, to bude určo na dlouho...
Byva delsi, zvlast pokud se delsi dobu nedelala :-D
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#22 Příspěvek od gomik »

Tak já bych si disk taky jednou za čas nechal prověřit tímto programem, ale výstupu vůbec nerozumím, takže je to pro mne zbytečné :-)
Defragmentaci provádím tak jednou ročně, když si zrovna vzpomenu...
Uvidíme jak to bude šlapat, je to už kapku staroch, ale stále funguje jak má.
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - pomalejší noťas

#23 Příspěvek od Márty84 »

Az dobehne defragmentace, restartujte stroj a pak otestujte, jak bezi a napiste. Kdyby to jeste nebylo ono, muzeme kouknout jeste hloubeji. Ale jak sam pisete, muze to byt i vekem :-D
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#24 Příspěvek od gomik »

Určitě dám vědět. Ráno to bylo na 11%, takže předpokládám, že defragmentace doběhne až zítra...
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#25 Příspěvek od gomik »

dneska mám už defragmentováno komplet, po víkendu napíšu jak to frčí...
první starty po defragmentaci nic moc.
zlobil průzkumník, jakoby dlouho indexoval soubory...
to si ale sedne
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - pomalejší noťas

#26 Příspěvek od Márty84 »

Jasne, dejte vedet a podle toho se zaridime.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#27 Příspěvek od gomik »

Tak moc děkuji za vyčištění.
Vypadá to, že počítač je kapku svižnější, i když sice ne o moc, ale mi to stačí. Hlavně i ten pocit, že je zase zbaven veškerého bordelu :-)
ještě jednou dík
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - pomalejší noťas

#28 Příspěvek od Márty84 »

Nemate zac! :-)

Jestli chcete, muzeme se jeste podivat hloubeji. Havet tam neni, ale treba jeste nejake zbytecnosti vyhodime...


:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#29 Příspěvek od gomik »

OTL (1):

OTL logfile created on: 2.5.2017 21:30:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thymallus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18638)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,94 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,06% Memory free
15,87 Gb Paging File | 12,82 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 574,02 Gb Total Space | 90,49 Gb Free Space | 15,76% Space Free | Partition Type: NTFS
Drive E: | 16,85 Gb Total Space | 2,55 Gb Free Space | 15,10% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,12 Gb Free Space | 42,64% Space Free | Partition Type: FAT32

Computer Name: THYMALLUS-HP | User Name: Thymallus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2017.05.02 21:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thymallus\Desktop\OTL.exe
PRC - [2017.04.20 16:48:16 | 000,517,064 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2017.04.01 20:06:49 | 009,162,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2017.04.01 20:06:29 | 000,261,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2017.03.17 13:06:22 | 000,099,704 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2017.02.27 10:55:02 | 002,227,312 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
PRC - [2017.02.02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016.10.12 21:11:58 | 000,148,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
PRC - [2016.10.12 18:28:18 | 000,744,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2016.10.12 18:28:18 | 000,190,144 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
PRC - [2016.10.12 18:28:16 | 002,383,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2016.10.12 18:28:16 | 002,360,000 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
PRC - [2016.10.12 02:08:28 | 011,798,680 | ---- | M] (Node.js) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
PRC - [2016.10.01 08:08:12 | 031,723,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2016.04.05 21:07:48 | 001,029,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2015.03.30 15:29:02 | 003,978,600 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.03.05 17:14:50 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Standard Mouse Driver\Monitor.EXE
PRC - [2012.10.08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2012.04.02 15:44:14 | 001,058,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2011.02.11 02:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.02.01 10:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011.01.29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011.01.28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011.01.26 19:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.18 22:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011.01.18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011.01.17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.01.17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 05:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010.11.26 13:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
PRC - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2008.03.07 16:04:28 | 000,237,568 | ---- | M] () -- C:\Program Files\Mouse\Amoumain.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2003.03.28 21:48:50 | 000,881,664 | ---- | M] (Igor Gottwald - OKsoftware) -- C:\Program Files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe


========== Modules (No Company Name) ==========

MOD - [2017.04.01 20:06:38 | 000,653,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2017.04.01 20:06:38 | 000,176,480 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
MOD - [2017.04.01 20:06:32 | 000,170,216 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2017.04.01 20:05:57 | 000,293,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
MOD - [2016.12.19 20:23:46 | 002,403,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1d1fba1368f507b91dd6671554b51794\System.Web.Extensions.ni.dll
MOD - [2016.12.19 20:23:41 | 000,141,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\cb9d2c5c7a9d526304307cdabff8532f\System.Web.Abstractions.ni.dll
MOD - [2016.12.14 21:55:00 | 011,923,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\adfe67511118bea69a48d18fc28bc8a0\System.Web.ni.dll
MOD - [2016.10.15 06:45:13 | 003,352,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\01580d91c22f8e2cf9bc5f337b94025e\WindowsBase.ni.dll
MOD - [2016.10.12 21:11:58 | 000,821,952 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanMessage5.dll
MOD - [2016.10.12 21:11:58 | 000,713,408 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanControl.dll
MOD - [2016.10.12 21:11:58 | 000,109,760 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
MOD - [2016.10.12 18:28:18 | 040,523,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
MOD - [2016.10.12 02:08:26 | 000,223,232 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
MOD - [2016.10.12 02:08:26 | 000,124,928 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
MOD - [2016.10.12 02:08:26 | 000,117,248 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
MOD - [2016.10.12 02:08:22 | 000,166,400 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
MOD - [2016.10.12 02:08:22 | 000,118,272 | ---- | M] () -- \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
MOD - [2016.10.01 08:08:12 | 031,723,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2016.07.05 22:29:33 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016.05.25 18:11:09 | 002,297,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\017700b4ae8431dd45f88fa38324b228\System.Core.ni.dll
MOD - [2016.05.17 19:18:53 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
MOD - [2016.05.17 19:17:48 | 012,438,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
MOD - [2016.05.17 19:17:37 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
MOD - [2016.05.17 19:17:24 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016.05.17 19:17:16 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
MOD - [2016.05.17 19:16:38 | 007,996,416 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2014.09.12 19:43:59 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e8d9058b7f59f6d3d134b086916d8674\IAStorCommon.ni.dll
MOD - [2014.09.12 17:07:20 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2013.07.09 08:33:57 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2013.03.05 17:14:50 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Standard Mouse Driver\Monitor.EXE
MOD - [2013.03.01 16:36:56 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Standard Mouse Driver\lan.dll
MOD - [2012.06.06 10:55:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Standard Mouse Driver\hiddriver.dll
MOD - [2010.11.26 13:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
MOD - [2010.11.13 04:36:45 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.03.07 16:04:28 | 000,237,568 | ---- | M] () -- C:\Program Files\Mouse\Amoumain.exe
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2017.04.01 20:06:29 | 000,261,712 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2017.04.01 20:06:04 | 007,398,336 | ---- | M] (AVAST Software s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent)
SRV:64bit: - [2017.03.25 19:56:51 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016.08.22 18:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.07.14 11:01:44 | 000,655,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.02.27 07:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2011.12.12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011.10.09 23:45:11 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.03.28 08:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011.01.27 11:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011.01.27 03:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011.01.22 04:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.12.16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.03.03 12:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2017.04.20 16:48:15 | 000,173,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017.04.15 21:48:30 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017.03.20 00:48:06 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017.03.17 13:06:22 | 000,099,704 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2017.02.27 13:14:56 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2017.02.27 10:55:02 | 002,227,312 | ---- | M] (Adobe Systems, Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2017.02.02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.10.12 18:28:18 | 000,744,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015.06.10 11:11:26 | 000,155,520 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2015.03.30 15:29:00 | 002,490,216 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2015.03.30 15:25:28 | 000,417,552 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011.04.05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.03.07 22:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011.02.01 10:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011.01.29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.22 04:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011.01.18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011.01.17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.01.17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 05:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.01.07 05:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 20:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2017.04.28 17:56:28 | 000,556,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2017.04.28 17:56:28 | 000,128,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2017.04.01 20:06:59 | 000,164,064 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2017.04.01 20:06:58 | 000,339,696 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2017.04.01 20:06:58 | 000,075,704 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2017.04.01 20:06:57 | 000,038,296 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2017.04.01 20:06:56 | 000,101,152 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2017.04.01 20:06:16 | 001,005,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2017.04.01 20:06:16 | 000,032,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2017.04.01 20:05:57 | 000,334,088 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog)
DRV:64bit: - [2017.04.01 20:05:57 | 000,189,768 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh)
DRV:64bit: - [2017.04.01 20:05:57 | 000,048,528 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv)
DRV:64bit: - [2017.04.01 20:05:56 | 000,307,736 | ---- | M] (AVAST Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver)
DRV:64bit: - [2016.02.05 21:03:08 | 000,147,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015.05.21 10:35:14 | 000,340,336 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2015.05.21 10:35:14 | 000,100,504 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2015.05.21 10:35:12 | 000,170,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2015.05.21 10:35:10 | 000,312,344 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2015.05.21 10:35:10 | 000,069,208 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2015.04.30 00:01:06 | 000,023,200 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2015.04.28 10:08:50 | 000,103,192 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2015.04.28 10:08:50 | 000,015,128 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2015.04.28 10:08:50 | 000,014,104 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2015.03.30 15:25:00 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2014.12.10 04:39:24 | 000,797,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2014.01.22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.01.22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.10.30 03:52:48 | 000,549,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.08.29 03:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013.02.22 08:32:08 | 000,160,256 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012.11.04 10:35:53 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.11.04 10:35:53 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.06.20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.27 03:25:56 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2011.10.27 03:25:56 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2011.10.27 03:25:56 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2011.10.11 22:14:10 | 000,068,608 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\multikey.sys -- (multikey)
DRV:64bit: - [2011.10.10 18:04:26 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011.10.08 11:12:52 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.28 09:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.28 08:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.31 12:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.27 11:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.27 07:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.12 20:11:20 | 002,611,704 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2011.01.07 05:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.01.07 05:07:32 | 000,075,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthathfax.sys -- (bthathfax)
DRV:64bit: - [2011.01.07 05:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.01.07 05:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.01.07 05:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.01.07 05:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.01.07 05:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.01.07 05:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.03 02:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010.11.06 14:11:12 | 000,042,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010.10.20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 22:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.02.13 16:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007.10.15 11:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007.04.23 16:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt)
DRV:64bit: - [2007.04.23 16:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007.04.23 16:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007.04.23 16:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007.04.23 16:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus)
DRV - [2011.10.10 17:32:56 | 000,259,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\XHASP.sys -- (XHASP)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 5E 55 B5 0C 77 C4 D1 01 [binary data]
IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B11483926-db67-4190-91b1-ef20fcec5f33%7D:0.4.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2: C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2: C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2: C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2: C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF48 [2017.04.01 20:07:16 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SAFEPRICE\FF48 [2017.04.01 20:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017.04.01 20:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017.04.01 20:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.05.01 20:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thymallus\AppData\Roaming\Mozilla\Extensions
[2013.05.01 20:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thymallus\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2017.05.02 21:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thymallus\AppData\Roaming\Mozilla\Firefox\Profiles\9gvor96q.default-1441736287780\extension-data
[2017.04.17 17:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thymallus\AppData\Roaming\Mozilla\Firefox\Profiles\9gvor96q.default-1441736287780\extensions
[2017.04.17 17:12:42 | 001,643,467 | ---- | M] () (No name found) -- C:\Users\Thymallus\AppData\Roaming\Mozilla\Firefox\Profiles\9gvor96q.default-1441736287780\extensions\uBlock0@raymondhill.net.xpi
[2015.09.08 20:53:44 | 000,091,399 | ---- | M] () (No name found) -- C:\Users\Thymallus\AppData\Roaming\Mozilla\Firefox\Profiles\9gvor96q.default-1441736287780\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi
[2017.04.20 16:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2017.04.26 17:43:10 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Standard Mouse Driver] C:\Program Files (x86)\Standard Mouse Driver\Monitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002..\Run: [Svátky a výročí] C:\Program Files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe (Igor Gottwald - OKsoftware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\..Trusted Domains: drp.su ([update] http in Místní intranet)
O15 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\..Trusted Domains: drp.su ([update] https in Místní intranet)
O15 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\..Trusted Domains: drp.su ([update-test2] http in Místní intranet)
O15 - HKU\S-1-5-21-2229627116-1106471772-112158516-1002\..Trusted Domains: drp.su ([update-test2] https in Místní intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 11.131.2)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 11.131.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E896FF8-07AD-4AF1-8D57-8E60DA17A476}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - C:\windows\SysWow64\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\windows\SysWow64\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2017.05.02 21:26:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thymallus\Desktop\OTL.exe
[2017.05.02 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignbc982289cdeb7a0f
[2017.05.02 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign92398d82796dd26b
[2017.05.01 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignf5b8184272e32ef9
[2017.05.01 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign62fe9221fc0c95ce
[2017.04.28 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign4f9fb9d2b89874a9
[2017.04.28 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignf383ab55770b3a2f
[2017.04.28 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsigncf7d231b80f45fec
[2017.04.26 21:32:27 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignbfc01aac9f2d6489
[2017.04.26 21:31:05 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignf50e7298891712da
[2017.04.26 20:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2017.04.26 19:06:20 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign522cbe4e0e25522e
[2017.04.26 19:05:21 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign88ed8a8d44a1d018
[2017.04.26 19:05:21 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign3df41a40bce22da5
[2017.04.24 18:38:36 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignb5badca04a2eaff2
[2017.04.24 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign7fb602f04a86dec2
[2017.04.23 12:12:38 | 000,091,304 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswHdsKe.sys
[2017.04.22 10:33:34 | 000,110,144 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-64.dll
[2017.04.22 10:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2017.04.19 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign3090a863ae4a4c37
[2017.04.19 19:16:38 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign72e971587318e393
[2017.04.19 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign837de2ce4707a035
[2017.04.18 20:19:57 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsigncf4e1dac09b34167
[2017.04.18 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign14ee1677ecfd9696
[2017.04.18 20:04:23 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsigne4bdf76b59b2e709
[2017.04.18 20:02:40 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsigne63f75577a3e1657
[2017.04.18 19:40:56 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign463307f2ff4132b8
[2017.04.18 19:37:58 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign550aa256d55cfbc5
[2017.04.17 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign7af3f58c290c2490
[2017.04.17 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign82189b9d90e37d18
[2017.04.15 23:01:47 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\Documents\000 PLOCHA
[2017.04.15 22:27:40 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign33495c2ac2466765
[2017.04.15 22:26:30 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign64262906852470bf
[2017.04.14 14:53:04 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign953ecbc93497f962
[2017.04.14 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign78b90554d769cc96
[2017.04.13 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignc23ccde79905b90e
[2017.04.13 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign718975f52b053d41
[2017.04.13 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsigne7b32ba9e948f985
[2017.04.12 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign5bb4e243972068fe
[2017.04.12 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign9c69ad52369a474b
[2017.04.12 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignfc6e295daf51e32b
[2017.04.12 19:31:13 | 002,064,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2017.04.12 19:31:10 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2017.04.12 19:31:09 | 001,574,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2017.04.12 19:31:09 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ucrtbase.dll
[2017.04.12 19:31:09 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2017.04.12 19:31:09 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2017.04.12 19:31:09 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2017.04.12 19:31:09 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2017.04.12 19:31:08 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2017.04.12 19:31:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2017.04.12 19:31:08 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2017.04.12 19:31:08 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2017.04.12 19:31:07 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2017.04.12 19:31:07 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2017.04.12 19:31:07 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2017.04.12 19:31:06 | 002,131,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2017.04.12 19:31:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2017.04.12 19:31:06 | 000,265,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2017.04.12 19:31:05 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2017.04.12 19:31:05 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ucrtbase.dll
[2017.04.12 19:31:05 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2017.04.12 19:31:05 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2017.04.12 19:31:05 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2017.04.12 19:31:05 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2017.04.12 19:31:05 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2017.04.12 19:31:05 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2017.04.12 19:31:05 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2017.04.12 19:31:05 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2017.04.12 19:31:05 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2017.04.12 19:31:05 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2017.04.12 19:31:05 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2017.04.12 19:31:05 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2017.04.12 19:31:05 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2017.04.12 19:31:05 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2017.04.12 19:31:05 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2017.04.12 19:31:05 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2017.04.12 19:31:05 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2017.04.12 19:31:05 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2017.04.12 19:31:05 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2017.04.12 19:31:05 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2017.04.12 19:31:05 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2017.04.12 19:31:05 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2017.04.12 19:31:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2017.04.12 19:31:05 | 000,011,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2017.04.12 19:31:04 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2017.04.12 19:31:04 | 003,945,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2017.04.12 19:31:04 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2017.04.12 19:31:03 | 005,548,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2017.04.12 19:31:03 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2017.04.12 19:31:03 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2017.04.12 19:31:01 | 006,045,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2017.04.12 19:31:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samlib.dll
[2017.04.12 19:31:00 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2017.04.12 19:31:00 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmjpegdec.dll
[2017.04.12 19:31:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmjpegdec.dll
[2017.04.12 19:30:59 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certcli.dll
[2017.04.12 19:30:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2017.04.12 19:30:58 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2017.04.12 19:30:58 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certcli.dll
[2017.04.12 19:30:57 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2017.04.12 19:30:57 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2017.04.12 19:30:57 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2017.04.12 19:30:57 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2017.04.12 19:30:57 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2017.04.12 19:30:57 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2017.04.12 19:30:57 | 000,576,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2017.04.12 19:30:57 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2017.04.12 19:30:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2017.04.12 19:30:57 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2017.04.12 19:30:57 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2017.04.12 19:30:57 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2017.04.12 19:30:57 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2017.04.12 19:30:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2017.04.12 19:30:57 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2017.04.12 19:30:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2017.04.12 19:30:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2017.04.12 19:30:56 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2017.04.12 19:30:56 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2017.04.12 19:30:56 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2017.04.12 19:30:56 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2017.04.12 19:30:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2017.04.12 19:30:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2017.04.12 19:30:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2017.04.12 19:30:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2017.04.12 19:30:55 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2017.04.12 19:30:55 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2017.04.12 19:30:55 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2017.04.12 19:30:55 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2017.04.12 19:30:55 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2017.04.12 19:30:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2017.04.12 19:30:55 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2017.04.12 19:30:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2017.04.12 19:30:55 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2017.04.12 19:30:55 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2017.04.12 19:30:55 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2017.04.12 19:30:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2017.04.12 19:30:55 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2017.04.12 19:30:55 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2017.04.12 19:30:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2017.04.12 19:30:55 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2017.04.12 19:30:55 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2017.04.12 19:30:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2017.04.12 19:30:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wu.upgrade.ps.dll
[2017.04.12 19:30:54 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2017.04.12 19:30:54 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2017.04.12 19:30:54 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2017.04.12 19:30:54 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2017.04.12 19:30:54 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2017.04.12 19:30:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bcrypt.dll
[2017.04.12 19:30:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2017.04.12 19:30:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2017.04.12 19:30:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2017.04.12 19:30:53 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpchttp.dll
[2017.04.12 19:30:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2017.04.12 19:30:53 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2017.04.12 19:30:53 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2017.04.12 19:30:53 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2017.04.12 19:30:53 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2017.04.12 19:30:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2017.04.12 19:30:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2017.04.12 19:30:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2017.04.12 19:30:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptbase.dll
[2017.04.12 19:30:51 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2017.04.12 19:30:51 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appidpolicyconverter.exe
[2017.04.12 19:30:51 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rpchttp.dll
[2017.04.12 19:30:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2017.04.12 19:30:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2017.04.12 19:30:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2017.04.12 19:30:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\auditpol.exe
[2017.04.12 19:30:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setbcdlocale.dll
[2017.04.12 19:30:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2017.04.12 19:30:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2017.04.12 19:30:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appidapi.dll
[2017.04.12 19:30:51 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\appidapi.dll
[2017.04.12 19:30:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\auditpol.exe
[2017.04.12 19:30:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2017.04.12 19:30:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2017.04.12 19:30:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2017.04.12 19:30:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2017.04.12 19:30:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2017.04.12 19:30:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2017.04.12 19:30:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appidcertstorecheck.exe
[2017.04.12 19:30:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2017.04.12 19:30:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2017.04.12 19:30:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2017.04.12 19:30:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2017.04.12 19:30:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2017.04.12 19:30:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017.04.12 19:30:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017.04.12 19:30:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017.04.12 19:30:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017.04.12 19:30:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017.04.12 19:30:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017.04.12 19:30:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017.04.12 19:30:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017.04.12 19:30:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017.04.12 19:30:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017.04.12 19:30:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017.04.12 19:30:50 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll
[2017.04.12 19:30:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2017.04.12 19:30:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2017.04.12 19:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2017.04.12 19:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apisetschema.dll
[2017.04.12 19:30:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017.04.12 19:30:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017.04.12 19:30:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017.04.12 19:30:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017.04.12 19:30:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017.04.12 19:30:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017.04.12 19:30:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2017.04.12 19:30:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll
[2017.04.12 19:30:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll
[2017.04.12 19:30:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll
[2017.04.12 19:30:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msobjs.dll
[2017.04.12 19:30:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msobjs.dll
[2017.04.12 19:30:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2017.04.12 19:30:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2017.04.12 19:26:26 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsign364cbb3e9eec4bfa
[2017.04.12 18:44:50 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignc7fde8b066d9f65e
[2017.04.12 18:36:52 | 000,000,000 | ---D | C] -- C:\Users\Thymallus\AppData\Local\Tempzxpsignea313b7f27c01594
[2011.10.10 18:04:26 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Thymallus\AppData\Roaming\pcouffin.sys
[5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Thymallus\Desktop\*.tmp files -> C:\Users\Thymallus\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017.05.02 21:48:48 | 2048,386,046 | ---- | M] () -- C:\Users\Thymallus\Documents\archive.pst
[2017.05.02 21:41:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2017.05.02 21:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thymallus\Desktop\OTL.exe
[2017.05.02 20:57:41 | 001,593,302 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2017.05.02 20:57:41 | 000,672,408 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2017.05.02 20:57:41 | 000,657,406 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2017.05.02 20:57:41 | 000,142,972 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2017.05.02 20:57:41 | 000,123,218 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2017.05.02 18:25:10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2017.05.02 17:30:49 | 000,023,024 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.05.02 17:30:49 | 000,023,024 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.05.02 17:17:15 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2017.05.02 17:17:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2017.05.02 17:16:05 | 4226,138,111 | -HS- | M] () -- C:\hiberfil.sys
[2017.05.01 20:55:12 | 000,000,348 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForThymallus.job
[2017.04.28 17:56:28 | 000,556,784 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2017.04.28 17:56:28 | 000,128,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswmonflt.sys
[2017.04.26 20:02:01 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2017.04.26 19:54:53 | 002,005,264 | ---- | M] () -- C:\Users\Thymallus\Documents\cc_20170426_195432.reg
[2017.04.26 17:43:10 | 000,000,035 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2017.04.26 17:42:14 | 000,029,696 | ---- | M] () -- C:\Users\Thymallus\AppData\Local\MSGBOX.EXE
[2017.04.22 10:30:13 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-64.dll
[2017.04.22 10:30:13 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2017.04.22 10:27:03 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2017.04.21 01:21:32 | 000,091,304 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswHdsKe.sys
[2017.04.18 21:12:08 | 000,000,350 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForTHYMALLUS-HP$.job
[2017.04.17 17:01:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\last.dump
[2017.04.15 23:22:49 | 000,001,381 | ---- | M] () -- C:\Users\Thymallus\Desktop\fotky do fotolabu.lnk
[2017.04.15 23:22:25 | 000,001,363 | ---- | M] () -- C:\Users\Thymallus\Desktop\Untitled Export.lnk
[2017.04.15 23:22:16 | 000,001,340 | ---- | M] () -- C:\Users\Thymallus\Desktop\CANON eos40d.lnk
[2017.04.15 23:06:48 | 000,001,939 | ---- | M] () -- C:\Users\Thymallus\Desktop\PLOCHA.lnk
[2017.04.15 23:06:37 | 000,001,858 | ---- | M] () -- C:\Users\Thymallus\Desktop\Reico.lnk
[2017.04.15 23:06:28 | 000,001,109 | ---- | M] () -- C:\Users\Thymallus\Desktop\Kasa FIK.lnk
[2017.04.15 23:06:15 | 000,001,911 | ---- | M] () -- C:\Users\Thymallus\Desktop\NakrmZvíře.lnk
[2017.04.15 21:48:28 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2017.04.15 21:48:28 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2017.04.14 13:52:59 | 005,112,112 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2017.04.12 19:45:02 | 001,568,952 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Thymallus\Desktop\*.tmp files -> C:\Users\Thymallus\Desktop\*.tmp -> ]
Nahoru
Uživatelský avatar
gomik
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 04 lis 2010 19:50
Bydliště: Fýdlant n./O.

Re: Prosím o kontrolu logu - pomalejší noťas

#30 Příspěvek od gomik »

OTL (2):


========== Files Created - No Company Name ==========

[2017.05.02 21:41:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2017.04.26 20:02:01 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2017.04.26 19:54:34 | 002,005,264 | ---- | C] () -- C:\Users\Thymallus\Documents\cc_20170426_195432.reg
[2017.04.26 17:42:14 | 000,029,696 | ---- | C] () -- C:\Users\Thymallus\AppData\Local\MSGBOX.EXE
[2017.04.15 23:21:10 | 000,001,381 | ---- | C] () -- C:\Users\Thymallus\Desktop\fotky do fotolabu.lnk
[2017.04.15 23:11:46 | 000,001,340 | ---- | C] () -- C:\Users\Thymallus\Desktop\CANON eos40d.lnk
[2017.04.15 23:09:09 | 000,001,363 | ---- | C] () -- C:\Users\Thymallus\Desktop\Untitled Export.lnk
[2017.04.15 23:04:32 | 000,001,939 | ---- | C] () -- C:\Users\Thymallus\Desktop\PLOCHA.lnk
[2017.04.15 23:03:29 | 000,001,858 | ---- | C] () -- C:\Users\Thymallus\Desktop\Reico.lnk
[2017.04.15 23:03:21 | 000,001,911 | ---- | C] () -- C:\Users\Thymallus\Desktop\NakrmZvíře.lnk
[2017.04.15 23:03:14 | 000,001,109 | ---- | C] () -- C:\Users\Thymallus\Desktop\Kasa FIK.lnk
[2017.04.03 17:51:11 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\last.dump
[2015.03.11 19:05:19 | 000,007,594 | ---- | C] () -- C:\Users\Thymallus\AppData\Local\Resmon.ResmonCfg
[2014.01.15 19:53:15 | 000,004,096 | -H-- | C] () -- C:\Users\Thymallus\AppData\Local\keyfile3.drm
[2013.09.03 19:52:47 | 000,001,480 | ---- | C] () -- C:\Users\Thymallus\AppData\Local\Adobe Uložit pro web 13.0 Prefs
[2013.09.03 19:37:51 | 000,000,132 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\Adobe Formát GIF CS6 – předvolby
[2013.08.12 13:32:19 | 000,000,132 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2013.02.05 21:56:40 | 000,013,884 | ---- | C] () -- C:\Users\Thymallus\renders7X.flame
[2013.02.05 21:56:40 | 000,011,153 | ---- | C] () -- C:\Users\Thymallus\renders7X.bak
[2012.06.01 21:29:53 | 000,000,992 | ---- | C] () -- C:\Users\Thymallus\AppData\Local\SRDownloader.nast
[2012.06.01 21:29:38 | 000,000,254 | ---- | C] () -- C:\Users\Thymallus\AppData\Local\SRDownloader.err
[2012.03.07 19:17:04 | 000,000,132 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011.12.31 18:43:57 | 000,038,435 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
[2011.12.31 18:42:43 | 000,038,428 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.12.30 20:35:28 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.10.14 10:11:36 | 000,027,136 | ---- | C] () -- C:\Users\Thymallus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.10 18:04:26 | 000,007,859 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\pcouffin.cat
[2011.10.10 18:04:26 | 000,001,167 | ---- | C] () -- C:\Users\Thymallus\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.08.29 17:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.08.29 17:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.10.08 20:40:08 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\ACD Systems
[2012.02.09 19:48:15 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Anthropics
[2016.06.22 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Apowersoft
[2017.03.26 08:41:45 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Audacity
[2011.10.12 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Autodesk
[2013.10.21 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\AVAST Software
[2015.01.03 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\BSplayer
[2011.10.10 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\BSplayer Pro
[2014.12.04 22:37:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Canon
[2014.12.04 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Canon_Inc_IC
[2012.03.05 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015.11.12 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\DAEMON Tools Lite
[2011.10.08 09:11:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\DigitalPersona
[2012.03.11 12:05:47 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\DVDFab
[2016.01.02 16:44:31 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Epson
[2012.05.17 20:13:22 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\GARMIN
[2011.10.12 22:20:02 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\GHISLER
[2012.07.17 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\HDRsoft
[2011.11.20 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\IDT
[2011.10.18 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Installer
[2012.03.15 19:32:14 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\LRTimelapse
[2012.02.22 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\MyPhoneExplorer
[2016.01.18 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Opera Software
[2014.04.02 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Oracle
[2011.10.09 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\PCToolsFirewallPlus
[2012.12.26 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\RapidGet
[2012.01.02 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Samsung
[2013.09.29 11:34:14 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Sony
[2012.11.17 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.10.08 10:20:23 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Synaptics
[2016.04.04 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\TeamViewer
[2011.12.31 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Temp
[2013.05.01 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\TomTom
[2011.10.18 18:50:30 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Ultra Fractal 5
[2011.10.10 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Vso
[2016.06.12 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\XnView

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,580 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011.10.08 09:11:12 | 000,000,350 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForTHYMALLUS-HP$.job
[2014.12.22 15:42:13 | 000,000,348 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForThymallus.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2015.02.03 05:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_d492bbeccaa14239\cryptsvc.dll
[2012.06.02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2015.04.27 21:17:29 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=0925E2BEAC4493C887099F850D69BA3B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_d48a91becaa8aac3\cryptsvc.dll
[2010.11.20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2014.07.07 04:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=19D511CC455C19DE1ADF60E6C39C85B6 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[2015.02.03 05:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7\cryptsvc.dll
[2012.04.24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2016.10.04 17:31:13 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=2C6632CECFDBBE793FDA8AF9CA55A9CC -- C:\windows\SysNative\cryptsvc.dll
[2016.10.04 17:31:13 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=2C6632CECFDBBE793FDA8AF9CA55A9CC -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23566_none_d47afd20cab36c72\cryptsvc.dll
[2014.10.30 04:14:18 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=3031B5DC2A58A7BCE6651EA9B7DD6390 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[2013.05.10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2015.04.27 21:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll
[2016.10.04 17:13:00 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=348B3A4DD922F590EB39DB231F7AEE4D -- C:\Windows\SysWOW64\cryptsvc.dll
[2016.10.04 17:13:00 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=348B3A4DD922F590EB39DB231F7AEE4D -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23566_none_785c619d1255fb3c\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 16:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2015.02.03 05:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2012.04.24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2013.10.05 04:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2015.04.27 20:55:50 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=59AF628BEF750EE470FD36751CA52137 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll
[2014.07.07 03:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=623E143F2DF17C0106A9988F5D7DC878 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[2014.07.07 04:06:07 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=63A15BA9875364C4147B226CB70468B3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2016.06.14 17:21:20 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=6F8E0D147E53D4CE2F4D975AB976E80A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23471_none_784c8e5912629b53\cryptsvc.dll
[2015.04.27 21:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_d414ef57b17a9fd5\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.04 09:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013.05.10 07:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013.05.11 07:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2016.06.06 18:50:16 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=B1962E21F74697AB442FA4432B970E85 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23468_none_d47cfbcecab1a1f9\cryptsvc.dll
[2012.04.24 07:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2015.02.03 05:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2016.06.14 19:16:25 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=BB724567892383010B8436DCC0A84628 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23471_none_d46b29dccac00c89\cryptsvc.dll
[2016.06.06 17:23:04 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=BEC72BA50E703184BA0CF2DD06B707C8 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23468_none_785e604b125430c3\cryptsvc.dll
[2013.05.10 07:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.05.10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2016.08.29 17:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\explorer.exe
[2016.08.29 17:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_b0517adca98752cc\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2016.08.29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\SysWOW64\explorer.exe
[2016.08.29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_baa6252edde814c7\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTOR.SYS >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
[2011.01.13 03:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2014.05.30 10:00:12 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=04F6C08B30C599D301CE8530A6F6A703 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2016.09.02 16:53:56 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=07932D7BA536B0BB58306A156A9AFC31 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23539_none_04e95f208c944ef1\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2015.07.15 20:10:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0D48E93C6BE3143C0198CB252B992D16 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_0459e0df737bef3f\lsass.exe
[2016.09.12 22:31:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=0EE3B249D8079D72D4C84B108E99A16F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23545_none_04da8e0c8ca00586\lsass.exe
[2015.10.20 03:10:48 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0F3591FD0F246CD5941B6DC8184E66B7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_04cab6fc8cacab4f\lsass.exe
[2016.01.17 01:15:47 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=111A2A677ED641A7BD8D884EC4F6A185 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23334_none_04e459e28c98d5f0\lsass.exe
[2016.03.16 01:00:44 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=12B9792DEA6AD9C344DE2A5FE308B7A9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23390_none_049f79328ccd183a\lsass.exe
[2016.07.08 16:55:51 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=13FE29C1C8E782829C7FAA3B14F4A666 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23497_none_04a67d1e8cc6c6c2\lsass.exe
[2015.05.25 20:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=17A6A9AAD04CCC6EE53290585BFC43AF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015.01.14 08:04:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=1E31700D9C9E0FB79999D02A8437482C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2017.01.05 19:24:11 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=1F9335A2C68B65E7D95985FA50968EA0 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23642_none_04d78f148ca2b6a8\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2016.06.10 16:57:37 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=28F0F20D3747E2FFC2EA305D1B63D31E -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23470_none_04b51af08cbcdd7f\lsass.exe
[2015.05.25 20:21:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2A953A1104439BA166FD63A5806A16DF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_04b713ec8cbb1b91\lsass.exe
[2015.08.04 20:11:47 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BB259A51DDADBCF9652C67A3E82447C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23153_none_04cdb5f48ca9fa2d\lsass.exe
[2015.10.20 03:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_0450e9a973827120\lsass.exe
[2015.07.15 05:19:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2CCFA4793B9696F26214634300FE8B37 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f\lsass.exe
[2015.07.15 20:08:44 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=31359EDA482F9A4C5DB36741596550AC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_04e656aa8c970e50\lsass.exe
[2014.09.19 11:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2015.03.06 07:32:14 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=395CAE11172BEBB0253895E8B5F82BFA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_04ad6c288cc21d97\lsass.exe
[2015.08.05 19:55:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=3E9BDCA3994E2B6B6AC16BAA76722934 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18951_none_04424073738df473\lsass.exe
[2015.01.29 05:18:39 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=43FE6F74D2D43443CF2279613FA0A516 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_045ede85737773a4\lsass.exe
[2015.04.04 05:20:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=4C3FAC816925F73A34AD52F1F7C0A7EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2016.02.10 19:38:05 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4FAAA369494A207617165DBFD10E34B5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23349_none_04de8b688c9c7094\lsass.exe
[2015.10.16 20:04:04 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=50996040C28F2E644F7270D2A3BE2BC8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_044ee91573843e72\lsass.exe
[2015.09.15 20:10:32 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5424EC756808C1002457033D969115C7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_047e29ed7360340a\lsass.exe
[2016.04.09 07:43:20 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=54C0E3156872881F6AB017210278E27E -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23418_none_04fdfcc88c850091\lsass.exe
[2015.01.10 09:09:08 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=55C62F66528A7BF58EA964B70BCB3D96 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[2016.01.22 06:57:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=5673794F254FE312AF62D9DA32805A2F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256\lsass.exe
[2015.01.27 05:56:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5B63917A1BE4728D8111850CDEF252F1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_04d8abd88ca1add3\lsass.exe
[2015.07.01 20:20:08 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5F8423E7FDA0EB902C6D156F6121E094 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23115_none_04faf6388c87bd17\lsass.exe
[2016.03.17 23:35:42 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=626BE7CD27F44185AA4DCD3603830312 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23392_none_04a179c68ccb4ae8\lsass.exe
[2016.01.16 19:39:51 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=6313B3E6CEA11B4829094EDAB9EA2FA5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19131_none_0457ba53737decfa\lsass.exe
[2015.10.16 20:10:51 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=642713B5EFA4A27E1CB88E99208F160A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_04de89828c9c736d\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[2016.11.20 17:57:01 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=6918ACBA1558AF363F6AA8D217AFCA8D -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23601_none_0501ce7a8c832d8d\lsass.exe
[2015.02.03 05:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=7554A1B82B4A222FD4CC292ABD38A558 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2012.08.24 19:43:36 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=77119F1F9B492B260030C34F9BE327FA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2016.02.11 19:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=7FB33A9A2E6B6D5CA9318668B95CA69C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19160_none_04364a4573972776\lsass.exe
[2015.12.30 19:47:00 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=8A6ED755DF7097571660723E06BA7B81 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23313_none_04f8f9708c8984b7\lsass.exe
[2015.04.27 21:22:35 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=9262D6E2C239EDD6D87B080F2BCCEC9F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_045fe0b573768a22\lsass.exe
[2016.10.10 16:55:00 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=92DAF7D21711117B007608CB50FBD2E2 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23571_none_04b61d208cbbf3fd\lsass.exe
[2015.07.01 22:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=97D879A884E7CDFED51AD63348A35254 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18912_none_046e806d736c9e06\lsass.exe
[2015.09.16 01:37:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A51431778979B82E6C7041EAB29F66F4 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_04f6f6f68c8b54e2\lsass.exe
[2015.07.15 05:19:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A7C232F194DE012B41B5EE0C5021CFDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e\lsass.exe
[2015.10.17 20:09:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=AECDFB5F08DC5069563AFC6F47C0DDE5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_044fe95f738357c9\lsass.exe
[2015.03.06 07:41:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B6C7729936AAF8E0697F0A7DCA82CED8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_04349f1f7396fcbf\lsass.exe
[2016.04.12 02:42:20 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=B759D828F2A0DA53CB3780388B5B289E -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23419_none_04fefd128c8419e8\lsass.exe
[2014.09.19 11:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2015.04.04 05:25:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BB9C1B746086558899935E3333CD4580 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2015.06.27 20:12:04 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BD1E0ADA58D82453182F297C4C6AA00A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23112_none_04f7f55a8c8a7112\lsass.exe
[2016.01.22 08:27:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C102A257679340184DCD801B5634230B -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23338_none_04e85b0a8c953b4c\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2015.01.10 08:47:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C8152B86C0F12E61B0AD5C95751547D3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[2016.05.12 16:57:27 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=C8A7F80DB5C193DD67747A1BA4B1782E -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23452_none_04ccbb5c8caad84b\lsass.exe
[2015.03.17 07:15:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CA4FC33FB22D92368A0B221092B46374 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_041dfefd73a81b4a\lsass.exe
[2017.02.09 17:54:29 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=CA69E856332E2D85294665F6B7E97254 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23677_none_04bc20c28cb6892e\lsass.exe
[2015.12.30 19:41:07 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=CB0E57424A776C51EF42469064ADBF08 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19110_none_046c59e1736e9bc1\lsass.exe
[2015.02.03 05:50:23 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CBB80CC43E683F929F8D5E50330F7BA6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2016.03.16 19:31:46 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=D5276E4BD17A3B477E3D9127C2EEBEA5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23391_none_04a0797c8ccc3191\lsass.exe
[2015.04.27 21:16:19 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D52C700254E7FBD9BF6D817BA7BA5309 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_04d5831c8ca49510\lsass.exe
[2017.03.08 05:55:18 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=D6CCBE51C4FAA41F21BC451AE2C95B97 -- C:\windows\SysNative\lsass.exe
[2017.03.08 05:55:18 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=D6CCBE51C4FAA41F21BC451AE2C95B97 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23714_none_04fa01528c8892aa\lsass.exe
[2015.03.17 07:11:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=DCCDD65A4E68360E5CF57AFC864C64E0 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_0502c3608c8257fa\lsass.exe
[2015.01.15 10:09:15 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=E0105F3B5B1C4B0F5B3D788A13504EC6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[2015.08.05 20:03:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=E1068CF0B09C29DC8D69C535938B915D -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23154_none_04ceb63e8ca91384\lsass.exe
[2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2014.05.30 10:07:57 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=F23812F9F7B130854E4BC0389F7C688C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[2015.07.23 00:03:07 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FBD94DDAB6D96DE7ECE7D38E48035A75 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_04d785968ca2c4e5\lsass.exe
[2015.06.27 20:02:30 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FCCD46F56DD641ED856FC0E65757B4FD -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18909_none_0480525f735e3376\lsass.exe
[2015.07.23 02:01:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FDD980360C9D72DA77F4C59376AE95C9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_045fe29b73768749\lsass.exe

< MD5 for: NDIS.SYS >
[2012.08.22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010.11.20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2015.10.13 01:04:07 | 000,949,184 | ---- | M] (Microsoft Corporation) MD5=901D1BE3F8567B5D02747B1174FF708F -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_0661f94b4bdbc702\ndis.sys
[2015.10.13 06:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\windows\SysNative\drivers\ndis.sys
[2015.10.13 06:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_05d3592832c2ab5e\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2016.09.02 16:53:52 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=07FA7B813F15F0A19AF82D77CE8CF978 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23539_none_0ad97c5b48fab675\smss.exe
[2015.03.17 07:16:11 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=0B6514A14631E41DE4D6D40D1C80BE68 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_0a0e1c38300e82ce\smss.exe
[2015.10.20 03:11:06 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=12E497414382EF5970A5E42AEBA7AD2E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23250_none_0abad437491312d3\smss.exe
[2016.01.16 19:39:43 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=14B751D2C502A2E3E37CD3C8C99F5488 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19131_none_0a47d78e2fe4547e\smss.exe
[2015.05.25 20:21:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=18196A0F4C3904C81ACE6E91529227D9 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_0aa7312749218315\smss.exe
[2017.02.09 17:54:25 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=18F07105165405B192B70C6D83C277EC -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23677_none_0aac3dfd491cf0b2\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2016.04.09 07:43:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1CBDCAC093542013BEE9E4700C74C784 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23418_none_0aee1a0348eb6815\smss.exe
[2015.03.17 07:11:20 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=206A6B71AC09D9F7651F0A8B015676C7 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_0af2e09b48e8bf7e\smss.exe
[2017.03.08 05:55:15 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=2A2D1492F7D7B2F00B19F5182D95E41D -- C:\windows\SysNative\smss.exe
[2017.03.08 05:55:15 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=2A2D1492F7D7B2F00B19F5182D95E41D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23714_none_0aea1e8d48eefa2e\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_0af90a3548e32446\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_0ade68eb48f7dd75\smss.exe
[2013.03.19 04:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2015.07.23 02:02:14 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=50EEE09D03B94A13DFEFEFC1D774FC31 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18939_none_0a4fffd62fdceecd\smss.exe
[2015.07.15 20:10:25 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=55C48343919A72B0C8F5C42E4C798FCA -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3\smss.exe
[2016.02.10 19:37:58 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=56518E444CA1D4BEAD4819B6D9528E4B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23349_none_0acea8a34902d818\smss.exe
[2015.07.15 20:08:53 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=5E200958CFBDB2B82C78B6F883236640 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_0ad673e548fd75d4\smss.exe
[2015.02.03 05:30:42 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=63D3C30B497347495B8EA78A38188969 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_0a3d29ce2fec45b8\smss.exe
[2015.08.04 20:12:02 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=673173E434A15DCF217998299C356A9E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23153_none_0abdd32f491061b1\smss.exe
[2016.03.17 23:35:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=682586CACD78EF53EF7301B4180EB595 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23392_none_0a9197014931b26c\smss.exe
[2015.09.28 20:15:54 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=740DBD927AE4C290E62023F09CC8740E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23223_none_0ade44d948f80b05\smss.exe
[2016.01.22 06:57:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=789035A84618AC25CEDC91606029A4A2 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19135_none_0a4bd8b62fe0b9da\smss.exe
[2016.03.16 19:31:37 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=7FCFD859F3B53C6A2F334D41BC54B3FE -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23391_none_0a9096b749329915\smss.exe
[2016.01.17 01:15:38 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=839CD174F686363771B6A0BBE87CCD16 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23334_none_0ad4771d48ff3d74\smss.exe
[2015.01.29 05:18:52 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=83C0199B7C06AC3C33212E1A0DC2260E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_0a4efbc02fdddb28\smss.exe
[2015.02.03 05:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=8CD5A97B8D155718D357B2D9BC6B113D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_0acdca854903940a\smss.exe
[2015.10.20 03:05:13 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9066AE964D95B1ABC999CED271556A7C -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19045_none_0a4106e42fe8d8a4\smss.exe
[2015.10.01 20:06:20 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9815B80E8F45D4CFF468899A444FE3B8 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23226_none_0ae145b748f5570a\smss.exe
[2015.05.25 20:18:39 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9BBEA639884C0338DD78654277BD188A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_0a2f8e2c2ff54579\smss.exe
[2016.10.07 16:56:08 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=A4BDB0372693A539C21D4C7D21CC0C46 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23569_none_0ab90c9749130a48\smss.exe
[2016.10.11 16:55:01 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=A71ADA4E6F61E0EA5E6FC45F020AEB1D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23572_none_0aa73aa5492174d8\smss.exe
[2015.07.15 05:19:24 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B094FD54A16671683B4A27A8C43BCDD0 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18923_none_0a54ce062fda3ad2\smss.exe
[2013.08.29 03:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2016.09.09 19:43:16 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B4EA50C9844E9F7F27AF7F374DE1A4EA -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23543_none_0ac8aab349083a5c\smss.exe
[2015.01.27 05:56:16 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B75198D88A34994DE1E4D9F2286DF759 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_0ac8c91349081557\smss.exe
[2016.02.11 19:32:18 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=BAB3E8C0C2CFC7A9DC6A52615BC6064E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19160_none_0a2667802ffd8efa\smss.exe
[2015.07.15 05:19:40 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=C95509F69D3584BB216C5B2365E74956 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23126_none_0ae143d148f559e3\smss.exe
[2013.08.02 07:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2016.05.16 23:14:55 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CD1912354A41AD07484A41BF0C9C5ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23455_none_0abfd975490e8bd4\smss.exe
[2015.04.27 21:17:12 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CF8DC00FA29243A347AD4B605AFFF1E5 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23040_none_0ac5a057490afc94\smss.exe
[2015.09.29 05:10:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=D2E2A613EBD0C959E72556C3A63A6B4A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19018_none_0a6477862fcdd0d6\smss.exe
[2015.04.27 21:22:53 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=DA5EF2CC0764BE7097BAFA9CAF903FE8 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18839_none_0a4ffdf02fdcf1a6\smss.exe
[2015.12.30 19:46:49 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E2AABC6F2DE2B7E7EBBC08E66873EBB8 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23313_none_0ae916ab48efec3b\smss.exe
[2015.07.23 00:03:29 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E31F311AEACDAB79CFA4E5B5ACB2B954 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23142_none_0ac7a2d149092c69\smss.exe
[2013.07.08 04:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E65601CF4BC0CF3718AFBE56A9AD846F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
[2016.01.22 08:27:45 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F7EF6821E330D14E3A84649A35C86217 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23338_none_0ad8784548fba2d0\smss.exe
[2015.12.30 19:41:00 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=FA792622268EE423FC5E6AE23FB43599 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19110_none_0a5c771c2fd50345\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011.06.21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2016.07.07 17:36:20 | 001,896,168 | ---- | M] (Microsoft Corporation) MD5=B2875D7ABB82867DC3AA03D991940201 -- C:\windows\SysNative\drivers\tcpip.sys
[2016.07.07 17:36:20 | 001,896,168 | ---- | M] (Microsoft Corporation) MD5=B2875D7ABB82867DC3AA03D991940201 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_117904649662b62b\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011.06.21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\windows\SysNative\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2016.05.11 17:19:26 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=59EA5753EBDAE42CF92FD5B6E7AE4D53 -- C:\Windows\SysWOW64\ws2_32.dll
[2016.05.11 17:19:26 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=59EA5753EBDAE42CF92FD5B6E7AE4D53 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.23451_none_f51a458f45d91b4c\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2016.05.11 19:02:50 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=FBE1086227040618A569C27F74A12F3D -- C:\windows\SysNative\ws2_32.dll
[2016.05.11 19:02:50 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=FBE1086227040618A569C27F74A12F3D -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.23451_none_5138e112fe368c82\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[30 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[45 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[42 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[5 C:\windows\SysWOW64\*.tmp files -> C:\windows\SysWOW64\*.tmp -> ]
[16 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.10.08 20:40:08 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\ACD Systems
[2016.11.26 20:05:33 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Adobe
[2012.11.17 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Adobe Mini Bridge CS5
[2011.10.09 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.02.09 19:48:15 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Anthropics
[2016.06.22 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Apowersoft
[2011.11.11 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\ArcSoft
[2011.10.08 10:21:29 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\ATI
[2017.03.26 08:41:45 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Audacity
[2011.10.12 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Autodesk
[2013.10.21 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\AVAST Software
[2015.01.03 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\BSplayer
[2011.10.10 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\BSplayer Pro
[2014.12.04 22:37:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Canon
[2014.12.04 22:35:28 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\CANON INC
[2014.12.04 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Canon_Inc_IC
[2012.03.05 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015.11.12 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\DAEMON Tools Lite
[2011.10.08 09:11:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\DigitalPersona
[2012.03.11 12:05:47 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\DVDFab
[2016.01.02 16:44:31 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Epson
[2012.05.17 20:13:22 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\GARMIN
[2011.10.12 22:20:02 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\GHISLER
[2015.04.07 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Hamachi
[2012.07.17 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\HDRsoft
[2011.10.17 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Hewlett-Packard
[2014.12.22 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\hpqLog
[2016.10.01 17:58:23 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\hps-install
[2011.10.08 10:20:02 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Identities
[2011.11.20 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\IDT
[2011.10.18 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Installer
[2011.10.08 10:20:28 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Intel Corporation
[2012.03.15 19:32:14 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\LRTimelapse
[2011.10.08 10:22:35 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Macromedia
[2014.01.02 21:03:01 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Malwarebytes
[2017.04.01 21:21:45 | 000,000,000 | --SD | M] -- C:\Users\Thymallus\AppData\Roaming\Microsoft
[2011.10.08 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Mozilla
[2012.02.22 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\MyPhoneExplorer
[2016.01.18 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Opera Software
[2014.04.02 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Oracle
[2011.10.09 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\PCToolsFirewallPlus
[2012.12.26 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\RapidGet
[2012.01.02 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Samsung
[2017.04.18 20:00:36 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Skype
[2013.09.29 11:34:14 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Sony
[2012.11.17 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2015.08.22 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Sun
[2011.10.08 13:14:52 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Symantec
[2011.10.08 10:20:23 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Synaptics
[2016.04.04 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\TeamViewer
[2011.12.31 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Temp
[2013.05.01 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\TomTom
[2011.10.18 18:50:30 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Ultra Fractal 5
[2011.10.10 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\Vso
[2016.04.12 18:59:16 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\WTablet
[2016.06.12 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\XnView
[2012.04.11 13:25:57 | 000,000,000 | ---D | M] -- C:\Users\Thymallus\AppData\Roaming\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2012.03.05 20:34:07 | 000,112,597 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Thymallus\AppData\Roaming\Adobe\Lightroom\Export Actions\doostrit.exe
[2013.08.25 12:30:49 | 000,092,084 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Thymallus\AppData\Roaming\Adobe\Lightroom\Export Actions\Doostrit_PS6.exe
[2016.11.26 20:57:51 | 000,102,086 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Thymallus\AppData\Roaming\Adobe\Lightroom\Export Actions\Doostrit_PS_CC2017.exe
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Thymallus\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2013.03.11 20:42:36 | 000,010,134 | R--- | M] () -- C:\Users\Thymallus\AppData\Roaming\Microsoft\Installer\{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}\ARPPRODUCTICON.exe
[2013.03.11 20:42:36 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Thymallus\AppData\Roaming\Microsoft\Installer\{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}\SIMEditor.exe_DAC0B88953594FDC893A2B8EF6B71B6F.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2017.05.02 17:22:47 | 000,000,018 | ---- | M] () -- C:\windows\system32\log.txt
[5 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"RocketDock" = "C:\Program Files (x86)\RocketDock\RocketDock.exe" -- [2007.09.02 13:58:52 | 000,495,616 | ---- | M] ()
"Svátky a výročí" = C:\Program Files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe -- [2003.03.28 21:48:50 | 000,881,664 | ---- | M] (Igor Gottwald - OKsoftware)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"TomTomHOME.exe" = "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -- [2017.03.17 13:06:22 | 000,254,840 | ---- | M] (TomTom)
"WSHelperSetup.exe" = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe -- [2013.07.25 17:47:00 | 001,985,824 | ---- | M] (Wondershare)
"RocketDock" = "C:\Program Files (x86)\RocketDock\RocketDock.exe" -- [2007.09.02 13:58:52 | 000,495,616 | ---- | M] ()

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2017.05.02 21:41:56 | 000,000,512 | ---- | M] () MD5=4D03127019E76EE52D130522FC468CF0 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2017.03.03 22:47:13 | 000,016,642 | ---- | M] () -- \ProgramData\AVAST Software\Avast\pam\icons\cracked_com.png
[2017.03.03 22:47:13 | 000,016,642 | ---- | M] () -- \Users\All Users\AVAST Software\Avast\pam\icons\cracked_com.png
[2005.10.22 14:35:14 | 000,023,552 | ---- | M] () -- \Users\Thymallus\Documents\Weby\web galďouš\crysb280\crack.exe
[2005.09.13 20:49:06 | 000,000,741 | ---- | M] () -- \Users\Thymallus\Documents\Weby\web galďouš\crysb280\EASYCRACKS.NET.NFO
[2005.10.22 14:35:14 | 000,023,552 | ---- | M] () -- \Users\Thymallus\Documents\Weby\web galďouš\crysb280\crack\crack.exe
[2014.02.01 11:22:37 | 000,212,071 | ---- | M] () -- \Users\Thymallus\Documents\Zbytek\iGO primo Israel 2.4 9.6.29.427562 Android - 28 August 2014 [ANDROID-ZONE] - aktuální\iGO\content\car\Cracked_Becker_blue_red.zip

< *keygen* /s >
[2014.11.19 11:49:02 | 000,124,483 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 5.7\keygen.exe
[2008.07.16 22:44:12 | 000,076,288 | ---- | M] () -- \Users\Thymallus\Documents\Zbytek\Fotografování\Adobe Photoshop 10 CS3\Plug-ins\Silver.Efex.Pro.v1.0\keygen.exe
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“