Prosím Vás o kontrolu logu

Zpráva

vitoria1 · #16 Příspěvek od **vitoria1** » 25 led 2014 20:32

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/16 09:00:25 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\A2 Entertainment
[2011/08/05 12:13:51 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Acronis
[2013/06/29 10:39:42 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\BlamGames
[2011/08/06 08:06:07 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Canneverbe Limited
[2013/12/30 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 10:04:26 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\DVDFab
[2014/01/24 15:13:01 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Foxit Software
[2011/08/04 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\HD Tune Pro
[2014/01/16 10:13:47 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\JAM Software
[2014/01/17 21:47:58 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Kastner software
[2014/01/15 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Nico Mak Computing
[2013/09/14 08:29:07 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Nordcurrent
[2014/01/04 22:03:30 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Publish Providers
[2013/06/05 08:37:35 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Rainbow
[2014/01/02 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Seznam.cz
[2014/01/24 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Sony
[2014/01/02 16:34:25 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Sony Creative Software
[2014/01/10 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Sony Creative Software Inc
[2014/01/02 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\TeamViewer
[2013/06/23 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Unity
[2014/01/25 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\uTorrent
[2013/04/02 10:09:49 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Windows Live Writer
[2013/03/05 13:18:16 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Xilisoft
[2013/01/08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Zoner

========== Purity Check ==========

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD6400BEVT-22A0RT0
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Verbatim STORE N GO USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Samsung S2 Portable USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: GOODDRIVEFR USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 16107175936
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 85.00GB
Starting Offset: 16212033536
Hidden sectors: 0

DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 496.00GB
Starting Offset: 107429756928
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: 16-bit FAT
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 0
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32768
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 967.00MB
Starting Offset: 16384
Hidden sectors: 0

[2013/06/29 17:37:59 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/05/26 03:19:56 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2013/10/23 19:18:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\Ahead\AudioPlugins\Common
[2003/05/05 11:07:00 | 000,016,384 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Ahead\AudioPlugins\RMADEC.EXE
[2013/03/17 19:15:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\BDNAV
[2014/01/14 22:22:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2011/08/06 11:19:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\11.0
[2013/02/28 21:28:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\Video Webcamera\1.0
[2011/08/06 11:19:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\11.0
[2013/02/28 21:28:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Video Webcamera\1.0
[2009/07/14 06:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2010/11/21 08:16:41 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 06:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2013/04/05 08:09:49 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2013/03/17 19:15:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\BDNAV
[2014/01/14 22:22:23 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2011/08/06 11:19:20 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\11.0
[2013/02/28 21:28:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\Video Webcamera\1.0
[2011/08/06 11:19:18 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\11.0
[2013/02/28 21:28:57 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Video Webcamera\1.0
[2009/07/14 06:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2010/11/21 08:16:41 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 06:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2010/11/21 03:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2010/11/21 03:51:29 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2010/11/21 03:51:29 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2010/11/21 03:51:33 | 000,000,000 | RH-D | M] -- C:\Users\Default\AppData\Local\Microsoft\Windows\Burn\Burn
[2010/11/21 03:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/21 03:51:00 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2010/11/21 03:51:00 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2010/11/21 03:51:00 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013/01/08 13:49:27 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2010/11/21 03:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData
[2013/05/01 07:50:52 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2010/11/21 03:51:29 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2014/01/06 15:21:40 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2013/01/14 22:24:45 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2010/11/21 03:51:33 | 000,000,000 | RH-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Windows\Burn\Burn
[2013/04/01 13:06:21 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2013/04/01 13:06:21 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{768E2DCF-73B0-420A-AA99-4DB04FBC3637}
[2013/03/31 13:01:04 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}
[2014/01/14 22:22:20 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\CyberLink\MediaCache
[2010/11/21 03:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/06 15:21:30 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft\Windows\DNTException\Low
[2014/01/06 13:20:01 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2014/01/06 15:19:36 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
[2010/11/21 03:51:00 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2014/01/06 15:19:36 | 000,000,000 | -H-D | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2011/08/04 20:01:23 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 05:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2013/01/08 13:51:56 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky

========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,027,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/01/08 13:57:29 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/03/31 11:36:21 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1718914933-1318382023-1224775369-1000Core.job
[2013/03/31 11:36:23 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1718914933-1318382023-1224775369-1000UA.job
[2013/04/14 20:52:29 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 20:52:29 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< MD5 for: ACPI.SYS >
[2010/11/21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\Windows\SysNative\drivers\acpi.sys
[2010/11/21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\Windows\SysNative\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\acpi.sys
[2010/11/21 04:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) MD5=D81D9E70B8A6DD14D42D7B4EFA65D5F2 -- C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys

< MD5 for: AFD.SYS >
[2013/09/14 02:11:05 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=26EF7E0DF4EDCD898EB7A671529410B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys
[2013/09/14 02:10:19 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=314C17917AC8523EC77A710215012A65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys
[2013/09/28 02:14:56 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=50AB05903CBEF298D135A943D4432E3C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys
[2013/09/28 02:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\SysNative\drivers\afd.sys
[2013/09/28 02:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys
[2010/11/21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: ATI.EXE >
[2013/11/30 07:43:14 | 000,478,208 | ---- | M] () MD5=B017BC3338052DEFD4C0C965356DA26F -- C:\Windows\ati.exe

< MD5 for: AUTOCHK.EXE >
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CMD.EXE >
[2010/11/21 04:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\Windows\SysNative\cmd.exe
[2010/11/21 04:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=5746BD7E255DD6A8AFA06F7C42C1BA41 -- C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe
[2010/11/21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\SysWOW64\cmd.exe
[2010/11/21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CORE.EXE >
[2014/01/03 15:08:02 | 001,050,112 | ---- | M] () MD5=8ED83B148C7AEB25B9580016E013364E -- C:\Windows\core.exe

< MD5 for: CPU1.EXE >
[2014/01/03 15:05:54 | 000,190,284 | ---- | M] () MD5=689061678D8AA8F10725AD4772D4B6B7 -- C:\Windows\cpu1.exe

< MD5 for: CRYPTSVC.DLL >
[2012/06/02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2010/11/21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 15:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2013/10/05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\SysNative\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013/07/09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/04 08:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013/05/10 06:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013/05/11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010/11/21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013/05/10 06:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013/05/13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: CUDA.EXE >
[2013/11/21 22:45:59 | 004,422,144 | ---- | M] () MD5=0F36944968B974300E2E5D60F7822EF9 -- C:\Windows\cuda.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009/07/14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/07/14 00:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys

< MD5 for: HAL.DLL >
[2010/11/21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: I8042PRT.SYS >
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: KBDCLASS.SYS >
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009/07/14 02:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe
[2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2013/09/25 02:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011/03/11 07:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[2013/04/12 15:16:02 | 001,686,888 | ---- | M] (Microsoft Corporation) MD5=A6AE4551BF8EED09FA3B6FCDF472F3E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys
[2013/04/12 15:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) MD5=B98F8C6E31CD07B2E6F71F7F648E38C0 -- C:\Windows\SysNative\drivers\ntfs.sys
[2013/04/12 15:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) MD5=B98F8C6E31CD07B2E6F71F7F648E38C0 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys

< MD5 for: NTKRNLPA.EXE >
[2013/08/02 06:58:43 | 003,973,056 | ---- | M] (Microsoft Corporation) MD5=0F3ACFF7F3D87C319F7894EF7155609B -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[2011/04/09 07:02:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=102A6182087B18C795664BCD22EB52E9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[2010/11/21 04:23:51 | 003,966,848 | ---- | M] (Microsoft Corporation) MD5=144BD78C6103C8616DE047B3532142DB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[2013/08/02 02:59:30 | 003,968,960 | ---- | M] (Microsoft Corporation) MD5=1A9E4EE88B31750E5CA207424143F99C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[2013/03/19 05:41:10 | 003,972,440 | ---- | M] (Microsoft Corporation) MD5=3DFCBEEE97DF8BBAA749CAACFC9C43E1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[2013/08/29 02:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) MD5=482C8CD985C727C7C78A5E9B320947F0 -- C:\Windows\SysWOW64\ntkrnlpa.exe
[2013/08/29 02:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) MD5=482C8CD985C727C7C78A5E9B320947F0 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[2013/01/05 06:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation) MD5=660100CB90F344040EF57F52FC0681C3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[2012/08/30 18:06:08 | 003,972,464 | ---- | M] (Microsoft Corporation) MD5=770FEEA2823E463D68E170D7EA6FAEBA -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[2012/08/30 18:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) MD5=7E1EC00B7D0D33A67DFC563574EEFF93 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[2013/03/19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) MD5=88355CFE81D381F93C74716DAA803587 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[2013/01/05 05:49:01 | 003,971,928 | ---- | M] (Microsoft Corporation) MD5=8E43161944CE6E3A1F2B2618B992A8CE -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[2012/03/31 05:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=8F6D5704D7522AAB8B4B82C0D35D9184 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[2012/03/31 05:37:34 | 003,971,952 | ---- | M] (Microsoft Corporation) MD5=93358348D0B79812CAAA83A1377E4449 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[2011/04/09 07:01:20 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=9CF7F5D025183FA10E130445BC071B70 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[2013/08/29 02:58:44 | 003,973,568 | ---- | M] (Microsoft Corporation) MD5=EB6B2FB5EE07337C8B4F3A16CBC18BE3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe

< MD5 for: NTOSKRNL.EXE >
[2012/03/31 07:05:57 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=03B5C6DBA5A770CEEFD1615E380C6BC3 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[2010/11/21 04:23:51 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2013/03/19 06:25:43 | 005,553,496 | ---- | M] (Microsoft Corporation) MD5=25F87CF0EAF38AD1D412E804AE00CE3B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3\ntoskrnl.exe
[2012/03/31 05:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=28F44480E411C3DDF04B63F6560E6EF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[2013/03/19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) MD5=2DFAB8C3C394E95D262E1325BDA5DFE4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntoskrnl.exe
[2012/03/31 05:37:33 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=2E02A17E8965AD671E4987E503AD38B1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[2013/01/05 05:49:01 | 003,916,648 | ---- | M] (Microsoft Corporation) MD5=2E083C7D9CA98B63FA8F8062874E9327 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe
[2012/08/30 18:06:07 | 003,917,168 | ---- | M] (Microsoft Corporation) MD5=5355A85D26EECFA3A68B1F55B0C59A20 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[2013/08/29 03:17:48 | 005,549,504 | ---- | M] (Microsoft Corporation) MD5=5B9A6A310326D9C438F2C19FBBE97C97 -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/29 03:17:48 | 005,549,504 | ---- | M] (Microsoft Corporation) MD5=5B9A6A310326D9C438F2C19FBBE97C97 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe
[2013/08/02 02:59:30 | 003,913,664 | ---- | M] (Microsoft Corporation) MD5=5D0325AEF9DE48330908EC2E2DB0359F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntoskrnl.exe
[2011/04/09 07:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2013/08/02 07:26:09 | 005,554,624 | ---- | M] (Microsoft Corporation) MD5=5DA80B9D5EB7197AA99006C2DDD14E08 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_cadce868e3e30fc1\ntoskrnl.exe
[2013/08/02 03:23:53 | 005,550,528 | ---- | M] (Microsoft Corporation) MD5=63B563F1FC047AB3E21530DBBE773260 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_ca507c1bcac65979\ntoskrnl.exe
[2013/01/05 06:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) MD5=6B0D9CF92C08D42533C12FC1A0B5403F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe
[2012/03/31 06:39:18 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=708A4C721CEE6B3845B5A54477D873CF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[2013/03/19 05:41:07 | 003,916,632 | ---- | M] (Microsoft Corporation) MD5=80A652978002318C9723D43CFA618816 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntoskrnl.exe
[2013/08/29 02:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) MD5=813A7F5A2D6D366EB3FFB643B851BCE5 -- C:\Windows\SysWOW64\ntoskrnl.exe
[2013/08/29 02:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) MD5=813A7F5A2D6D366EB3FFB643B851BCE5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntoskrnl.exe
[2013/01/05 06:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) MD5=82FF919E9236B0137B5C7455B0E1418A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe
[2012/08/30 18:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) MD5=948F0B444CB6CC35FE5F9DE52420CB95 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[2013/08/29 02:58:41 | 003,918,272 | ---- | M] (Microsoft Corporation) MD5=998141EB656327F13B8EEC01BAADC5D4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntoskrnl.exe
[2011/04/09 07:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2012/08/30 19:02:58 | 005,562,736 | ---- | M] (Microsoft Corporation) MD5=A0D1C0E813A7C6E17C029375AC2ACE18 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[2013/01/05 06:42:37 | 005,554,536 | ---- | M] (Microsoft Corporation) MD5=A0F9F36C3F670053F9A2E9B9577CD1AB -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe
[2013/03/19 07:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) MD5=AC3232ED772403D38D64C18CD5A66FBD -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857\ntoskrnl.exe
[2013/08/02 06:58:43 | 003,918,272 | ---- | M] (Microsoft Corporation) MD5=BE61C925CC1A1340840EFF07A5911612 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntoskrnl.exe
[2010/11/21 04:24:26 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2013/08/29 03:23:10 | 005,552,064 | ---- | M] (Microsoft Corporation) MD5=C842D8DC6E5BCD750FA50E4083CBBBEB -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe
[2011/04/09 07:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2011/04/09 08:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2012/08/30 19:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=FE905D59663E86BFE51623947B7425FD -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe

< MD5 for: NVRAID.SYS >
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010/11/21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: PROXY.EXE >
[2013/11/28 17:03:39 | 004,346,744 | ---- | M] () MD5=684F76805DBAD9434CD571787ED3906D -- C:\Windows\proxy.exe

< MD5 for: REGEDIT.EXE >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013/03/19 03:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013/08/29 02:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013/08/02 06:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013/03/19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013/08/02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013/08/02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SPOOLSV.EXE >
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\SysNative\spoolsv.exe
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2012/02/11 07:20:28 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=B9D7A4858CF32A6A15D2763F1DE47E0E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/05/08 07:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/08/22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2013/05/08 07:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013/11/26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012/08/22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/21 04:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USER32.DLL >
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WDF01000.SYS >
[2013/06/25 23:56:05 | 000,785,624 | ---- | M] (Microsoft Corporation) MD5=37CE6867FC4A6827009A713A9737262C -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22374_none_d4c1be724dda0cc7\Wdf01000.sys
[2009/07/14 02:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) MD5=441BD2D7B4F98134C3A4F9FA570FD250 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91\Wdf01000.sys
[2012/07/26 05:55:47 | 000,785,512 | ---- | M] (Microsoft Corporation) MD5=442783E2CB0DA19873B7A63833FF4CB4 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_d482f2fd34846558\Wdf01000.sys
[2012/07/26 05:55:47 | 000,785,512 | ---- | M] (Microsoft Corporation) MD5=442783E2CB0DA19873B7A63833FF4CB4 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22004_none_d50d68344da151bb\Wdf01000.sys
[2013/06/25 23:55:52 | 000,785,624 | ---- | M] (Microsoft Corporation) MD5=E2C933EDBC389386EBE6D2BA953F43D8 -- C:\Windows\SysNative\drivers\Wdf01000.sys
[2013/06/25 23:55:52 | 000,785,624 | ---- | M] (Microsoft Corporation) MD5=E2C933EDBC389386EBE6D2BA953F43D8 -- C:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14\Wdf01000.sys

< MD5 for: WIN32K.SYS >
[2013/11/26 11:22:58 | 003,160,064 | ---- | M] (Microsoft Corporation) MD5=53DB9E8F6AD7F1237A45777BBE94CC71 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22525_none_179933a4ca4b458d\win32k.sys
[2012/03/31 03:56:14 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=88592AB8F8AE4F7264A936AEE682BBE5 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_1778e240ca63745b\win32k.sys
[2013/10/30 02:50:10 | 003,159,040 | ---- | M] (Microsoft Corporation) MD5=8E3FA314D78F4092648EF122E5AFE8A8 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22496_none_174e8294ca832554\win32k.sys
[2013/10/30 02:24:31 | 003,155,968 | ---- | M] (Microsoft Corporation) MD5=97D50B0CABF18A6D40F8883D02DDB519 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18300_none_17203359b121f207\win32k.sys
[2010/11/21 04:24:16 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=A89392A32BA98468710FD7E38318934B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401\win32k.sys
[2013/11/26 11:32:56 | 003,156,480 | ---- | M] (Microsoft Corporation) MD5=F2BF71FCEAB8FB8A691408C478E2FF4C -- C:\Windows\SysNative\win32k.sys
[2013/11/26 11:32:56 | 003,156,480 | ---- | M] (Microsoft Corporation) MD5=F2BF71FCEAB8FB8A691408C478E2FF4C -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18327_none_17119587b12bdb4a\win32k.sys
[2012/03/31 04:10:03 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=F4C456F9235ED440B81107E951555411 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_1723547db11f162e\win32k.sys

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINSRV.DLL >
[2013/01/04 06:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=0C27239FEA4DB8A2AAC9E502186B7264 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2013/08/29 03:21:50 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=516D82106CAFAE156C61C5AB627A6409 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22436_none_151a7f04cc20e999\winsrv.dll
[2013/08/02 03:14:57 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=88EDD0B34EED542745931E581AD21A32 -- C:\Windows\SysNative\winsrv.dll
[2013/08/02 03:14:57 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=88EDD0B34EED542745931E581AD21A32 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18229_none_149eb11db2f87cbc\winsrv.dll
[2013/08/02 07:23:33 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=99AACC82C6B8A8E976CA59CFD3C322EF -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22411_none_152b1d6acc153304\winsrv.dll
[2012/11/30 06:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=9E479C2B605C25DA4971ABA36250FAEF -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2012/11/30 06:55:04 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=C2B1F6196C7FE1EA1BF827312B095D06 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2010/11/21 04:24:16 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll

< MD5 for: WS2_32.DLL >
[2010/11/21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010/11/21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< MD5 for: WSCRIPT.EXE >
[2013/10/12 02:33:26 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=045451FA238A75305CC26AC982472367 -- C:\Windows\SysNative\wscript.exe
[2013/10/12 02:33:26 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=045451FA238A75305CC26AC982472367 -- C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7601.18283_none_a6418c4d17334828\wscript.exe
[2013/10/14 03:29:32 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=19E75D5729FF6B5F637995225B181194 -- C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7601.22480_none_a6c82a2030539914\wscript.exe
[2013/10/14 02:58:50 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=59E6F9BB291848B14F05EE194AF43327 -- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7601.22480_none_b11cd47264b45b0f\wscript.exe
[2009/07/14 02:39:57 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=8886E0697B0A93C521F99099EF643450 -- C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe
[2013/10/12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=979D74799EA6C8B8167869A68DF5204A -- C:\Windows\SysWOW64\wscript.exe
[2013/10/12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=979D74799EA6C8B8167869A68DF5204A -- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7601.18283_none_b096369f4b940a23\wscript.exe
[2009/07/14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe

< >

< %systemroot%\system32\logevent.dll /md5 >

< %systemroot%\system32\sceclt.dll /md5 >

< %systemroot%\system32\ntelogon.dll /md5 >

< %systemroot%\system32\consrv.dll /md5 >

< >

< %systemroot%\system32\logevent.dll /md5 /64 >

< %systemroot%\system32\sceclt.dll /md5 /64 >

< %systemroot%\system32\ntelogon.dll /md5 /64 >

< %systemroot%\system32\consrv.dll /md5 /64 >

< >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/01/25 19:23:57 | 000,000,512 | ---- | M] () MD5=179A53A86EDDE50F44E597D1D257C496 -- C:\PhysicalMBR.bin

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014/01/05 11:20:45 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=1EEA6C1B35191DC177EA83672B9C3FC0 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/11/28 19:48:28 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/01/11 11:29:23 | 000,866,584 | ---- | M] (Google Inc.) MD5=3B0BA44D5691E00088B956394FDE64B6 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2009/07/14 02:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\jnwppr.dll
[2010/11/21 04:24:16 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\x64\winprint.dll
[2011/05/26 03:58:57 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /10 >

< %systemroot%\system32\drivers\*.sys /X >
[2010/06/18 10:13:25 | 000,000,008 | ---- | M] () -- C:\Windows\system32\drivers\1025_ACER_ACER_TM5742.MRK
[2009/06/10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009/06/10 22:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2010/06/18 10:13:33 | 000,002,072 | ---- | M] () -- C:\Windows\system32\drivers\MOD01SET0500Z6009A.enc

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /10 >
[2014/01/16 13:11:21 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\java.exe
[2014/01/16 13:11:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaw.exe
[2014/01/16 13:11:21 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaws.exe
[2014/01/25 18:09:12 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
[2014/01/16 13:11:22 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll
[2014/01/16 13:10:26 | 000,000,710 | ---- | M] () -- C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.* /lockedfiles >
[2014/01/25 18:09:12 | 000,000,018 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\log.txt

< %systemroot%\system32\config\*.sav >

< >

< c:\$Recycle.Bin|L,N,U,@;true;true;true /FN >

< c:\Windows\Installer|L,N,U,@;true;true;true /FN >

< >

< %systemroot%\Tasks\*.job >
[2014/01/25 19:07:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/01/25 12:41:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1718914933-1318382023-1224775369-1000Core.job
[2014/01/25 18:41:16 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1718914933-1318382023-1224775369-1000UA.job
[2014/01/25 16:48:14 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/01/25 19:56:05 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\*.* /U /s >
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[42 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0aa3ef2f0c8b6eedf450a9dff1fe028e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0aa3ef2f0c8b6eedf450a9dff1fe028e\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4d02c1250f51eac26497b1642633258c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4d02c1250f51eac26497b1642633258c\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\72a39236b565c42341f8b487582b1628\*.tmp files -> C:\Windows\SoftwareDistribution\Download\72a39236b565c42341f8b487582b1628\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a49dd0722e7551b305d8481f1941cace\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a49dd0722e7551b305d8481f1941cace\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a85dcdc930a22102c245c4ee1e7ac95a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a85dcdc930a22102c245c4ee1e7ac95a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b5b917bd0413d0c148733046281a854c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b5b917bd0413d0c148733046281a854c\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e4b32293488dfa2d5ff78bfe2a305432\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e4b32293488dfa2d5ff78bfe2a305432\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e7c2e8b575f5099906de31b77517c1bd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e7c2e8b575f5099906de31b77517c1bd\*.tmp -> ]

< %systemroot%\*. /rp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %APPDATA%\*. >
[2013/01/16 09:00:25 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\A2 Entertainment
[2011/08/05 12:13:51 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Acronis
[2013/12/10 15:41:17 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Adobe
[2013/01/11 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Ahead
[2014/01/15 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Apple Computer
[2013/06/29 10:39:42 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\BlamGames
[2011/08/06 08:06:07 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Canneverbe Limited
[2011/08/06 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Corel
[2013/02/28 21:28:54 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\CyberLink
[2013/12/30 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 10:04:26 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\DVDFab
[2014/01/24 15:13:01 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Foxit Software
[2011/08/04 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\HD Tune Pro
[2013/01/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\HpUpdate
[2010/11/21 03:51:08 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Identities
[2011/04/07 09:05:16 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\InstallShield
[2011/04/07 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Intel Corporation
[2014/01/16 10:13:47 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\JAM Software
[2014/01/17 21:47:58 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Kastner software
[2011/04/07 09:32:44 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Macromedia
[2014/01/10 13:54:17 | 000,000,000 | --SD | M] -- C:\Users\Silvie\AppData\Roaming\Microsoft
[2011/08/06 07:47:33 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Mozilla
[2014/01/15 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Nico Mak Computing
[2013/09/14 08:29:07 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Nordcurrent
[2011/08/06 10:03:40 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\NVIDIA
[2014/01/04 22:03:30 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Publish Providers
[2013/06/05 08:37:35 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Rainbow
[2014/01/02 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Seznam.cz
[2013/01/08 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Skype
[2014/01/24 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Sony
[2014/01/02 16:34:25 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Sony Creative Software
[2014/01/10 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Sony Creative Software Inc
[2014/01/02 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\TeamViewer
[2013/06/23 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Unity
[2014/01/25 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\uTorrent
[2011/08/05 11:29:25 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\vlc
[2013/04/02 10:09:49 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Windows Live Writer
[2011/08/05 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\WinRAR
[2013/03/05 13:18:16 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Xilisoft
[2013/01/08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\Silvie\AppData\Roaming\Zoner

< %APPDATA%\*.* >
[2014/01/03 20:55:26 | 000,018,793 | ---- | M] () -- C:\Users\Silvie\AppData\Roaming\VITORIA1.MTBF.txt
[2014/01/03 22:10:53 | 000,000,564 | ---- | M] () -- C:\Users\Silvie\AppData\Roaming\__AvidCloudManager.log
[2014/01/03 21:07:46 | 000,000,674 | ---- | M] () -- C:\Users\Silvie\AppData\Roaming\__AvidCloudManagerPrevious.log

< %APPDATA%\*.exe /s >
[2013/03/04 18:55:14 | 000,411,024 | R--- | M] (Acresso Software Inc.) -- C:\Users\Silvie\AppData\Roaming\Microsoft\Installer\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}\ARPPRODUCTICON.exe
[2013/08/25 20:22:54 | 000,405,504 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Silvie\AppData\Roaming\Microsoft\Installer\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32|bak;true;false;false /fp >

< %PROGRAMFILES%|bak;true;false;false /fp >
< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"$Volumouse$" = "D:\Instal\volumouse\volumouse.exe" /nodlg -- [2009/08/05 20:11:44 | 000,082,944 | ---- | M] (NirSoft)
"uTorrent" = "D:\Instal\Torrent\uTorrent.exe" /MINIMIZED -- [2013/06/01 08:08:21 | 000,802,136 | ---- | M] (BitTorrent Inc.)
"Pando Media Booster" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe -- [2013/03/04 17:56:06 | 003,093,624 | ---- | M] ()
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013/03/14 09:23:30 | 003,672,640 | ---- | M] (Disc Soft Ltd)
"Zoner Photo Studio Autoupdate" = C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE -- [2013/06/07 15:51:02 | 000,774,680 | ---- | M] (ZONER software)

< End of report >

vitoria1 · #17 Příspěvek od **vitoria1** » 25 led 2014 20:34

Extras.txt

vitoria1 · #18 Příspěvek od **vitoria1** » 25 led 2014 21:03

Examination

vitoria1 · #19 Příspěvek od **vitoria1** » 25 led 2014 21:04

O.K. zatím děkuji

vitoria1 · #20 Příspěvek od **vitoria1** » 26 led 2014 14:41

Taky zdravím, bohužel nemůžu v Hunter najít záložku Firewall rule

vitoria1 · #21 Příspěvek od **vitoria1** » 26 led 2014 15:12

========== OTL ==========
Process core.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1dac034-9fd9-4c13-a388-d2e10e57707f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dac034-9fd9-4c13-a388-d2e10e57707f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d1dac034-9fd9-4c13-a388-d2e10e57707f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dac034-9fd9-4c13-a388-d2e10e57707f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1718914933-1318382023-1224775369-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
C:\Windows\core.exe moved successfully.
C:\Windows\cpu1.exe moved successfully.
File C:\Windows\ati.exe not found.
C:\Windows\pthread.dll moved successfully.
File move failed. C:\Windows\proxy.exe scheduled to be moved on reboot.
File C:\Windows\cuda.exe not found.
C:\Windows\d3dx.dat moved successfully.
File move failed. C:\Windows\libcurl-4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\zlib1.dll scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.69.0 log created on 01262014_150548

Files\Folders moved on Reboot...
C:\Windows\proxy.exe moved successfully.
C:\Windows\libcurl-4.dll moved successfully.
C:\Windows\zlib1.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

vitoria1 · #22 Příspěvek od **vitoria1** » 26 led 2014 15:17

tak ve Windows mám cpu, pthread GC2.dll, pthread VC2.dll, cudart 32-50-35.dll

internet mi většinou spadl hned po otevření.

vitoria1 · #23 Příspěvek od **vitoria1** » 26 led 2014 15:22

vymazaný
a to je už vše?

vitoria1 · #24 Příspěvek od **vitoria1** » 26 led 2014 15:28

a můžu už odstranit ty programy co jsem teď stáhla do NB?

vitoria1 · #25 Příspěvek od **vitoria1** » 26 led 2014 15:38

tady je log USBfix
############################## | UsbFix V 7.134 | [Deletion]

User: Silvie (Administrator) # VITORIA1
Updated 06/09/2013 by El Desaparecido
Started at 15:34:04 | 26/01/2014

Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net

PC: Acer (TravelMate 5742G) (x64-based PC)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz (2399)
RAM -> [Total : 3959 | Free : 2354]
BIOS: InsydeH2O Version V1.21
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 11.0.9600.16476

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: COMODO Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 85 Gb (42 Mb free - 49%) [System] # NTFS
D:\ -> Fixed drive # 496 Gb (227 Mb free - 46%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 7 Gb (3 Mb free - 48%) [] # FAT32
Z:\ -> CD-ROM

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [TrueImageMonitor.exe] - "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [AtomTime] - "D:\Instal\AtomTime Pro\AtomTime.EXE"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE\wow6432Node | Run : [TrueImageMonitor.exe] - "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AtomTime] - "D:\Instal\AtomTime Pro\AtomTime.EXE"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-1718914933-1318382023-1224775369-1000\SOFTWARE | Run : [$Volumouse$] - "D:\Instal\volumouse\volumouse.exe" /nodlg
HKU\S-1-5-21-1718914933-1318382023-1224775369-1000\SOFTWARE | Run : [uTorrent] - "D:\Instal\Torrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1718914933-1318382023-1224775369-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1718914933-1318382023-1224775369-1000\SOFTWARE | Run : [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (576)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (588)
Stopped! C:\Windows\system32\nvvsvc.exe (1460)
Stopped! C:\Windows\System32\spoolsv.exe (1616)
Stopped! C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (1856)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1912)
Stopped! C:\Windows\system32\taskhost.exe (1988)
Stopped! C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (2200)
Stopped! C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (2228)
Stopped! C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (2324)
Stopped! C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (2372)
Stopped! C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (2444)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2564)
Stopped! C:\Program Files\Elantech\ETDCtrl.exe (2572)
Stopped! C:\Program Files (x86)\Launch Manager\dsiwmis.exe (2600)
Stopped! C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (2608)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (2632)
Stopped! C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (2716)
Stopped! C:\Program Files\Elantech\ETDCtrlHelper.exe (2744)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (2776)
Stopped! C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (2784)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (2900)
Stopped! C:\Windows\SysWOW64\IoctlSvc.exe (2972)
Stopped! c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (2996)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2392)
Stopped! C:\Program Files\Microsoft IntelliPoint\ipoint.exe (2516)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (2476)
Stopped! D:\Instal\volumouse\volumouse.exe (1088)
Stopped! D:\Instal\Torrent\uTorrent.exe (1044)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2016)
Stopped! C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (3160)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (3488)
Stopped! C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (3688)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3968)
Stopped! C:\Windows\system32\SearchIndexer.exe (3280)
Stopped! C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (2124)
Stopped! D:\Instal\AtomTime Pro\AtomTime.EXE (3684)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (4228)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4552)
Stopped! C:\Program Files (x86)\Launch Manager\LManager.exe (4568)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (4620)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (4740)
Stopped! C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (4868)
Stopped! C:\Program Files (x86)\Launch Manager\LMworker.exe (4896)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cis.exe (1804)
Stopped! C:\Program Files\Internet Explorer\IEXPLORE.EXE (5188)
Stopped! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (5272)
Stopped! C:\Windows\system32\DllHost.exe (5592)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (4536)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (5620)
Stopped! C:\Windows\System32\MsSpellCheckingFacility.exe (4128)
Stopped! C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe (2740)
Stopped! C:\Windows\System32\WUDFHost.exe (5376)

################## | Files # Infected Folders |

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

################## | Mountpoints2 |

################## | Listing |

[25/01/2014 - 18:56:23 | SHD ] C:\$RECYCLE.BIN
[25/01/2014 - 16:50:24 | D ] C:\AdwCleaner
[04/04/2013 - 21:44:42 | N | 0] C:\autoexec.bat
[25/01/2014 - 18:19:30 | RAD ] C:\Autorun.inf
[25/01/2014 - 18:56:22 | D ] C:\ComboFix
[25/01/2014 - 18:56:13 | N | 31299] C:\ComboFix.txt
[25/01/2014 - 16:01:52 | N | 7514] C:\ComboFix.zip
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[25/01/2014 - 14:24:07 | D ] C:\FRST
[26/01/2014 - 15:24:55 | ASH | 3113250816] C:\hiberfil.sys
[04/08/2011 - 20:59:31 | RD ] C:\MSOCache
[26/01/2014 - 15:24:58 | ASH | 4151005184] C:\pagefile.sys
[25/01/2014 - 19:23:57 | N | 512] C:\PhysicalMBR.bin
[25/01/2014 - 13:52:37 | D ] C:\Program Files
[25/01/2014 - 16:46:59 | D ] C:\Program Files (x86)
[25/01/2014 - 16:46:56 | D ] C:\ProgramData
[25/01/2014 - 18:56:19 | D ] C:\Qoobox
[03/08/2011 - 18:09:17 | D ] C:\Recovery
[25/01/2014 - 13:53:10 | D ] C:\rsit
[25/01/2014 - 19:23:48 | SHD ] C:\System Volume Information
[26/01/2014 - 15:35:54 | D ] C:\UsbFix
[25/01/2014 - 18:06:04 | N | 3649] C:\UsbFix [Clean 1] VITORIA1.txt
[25/01/2014 - 18:19:31 | N | 12702] C:\UsbFix [Clean 2] VITORIA1.txt
[26/01/2014 - 15:36:08 | A | 8635] C:\UsbFix [Clean 3] VITORIA1.txt
[03/08/2011 - 18:10:45 | D ] C:\Users
[26/01/2014 - 15:22:12 | D ] C:\Windows
[09/12/2011 - 22:57:15 | D ] D:\$RECYCLE.BIN
[25/01/2014 - 18:19:30 | RAD ] D:\Autorun.inf
[23/01/2014 - 22:34:20 | D ] D:\Dan
[09/06/2013 - 16:27:26 | D ] D:\Do auta
[25/01/2014 - 15:00:36 | D ] D:\Dokumenty
[23/01/2014 - 22:00:32 | D ] D:\FFOutput
[06/01/2014 - 13:49:13 | D ] D:\Filmy
[24/11/2013 - 17:11:18 | D ] D:\Fotky
[29/04/2012 - 20:52:58 | D ] D:\FOTOobrázky
[20/10/2013 - 19:55:13 | D ] D:\hudba
[16/01/2014 - 13:31:52 | D ] D:\Instal
[22/04/2012 - 12:55:48 | D ] D:\KMPlayer
[20/07/2013 - 21:15:06 | D ] D:\Mpeg3
[12/05/2012 - 22:09:03 | N | 146278400] D:\Natalia-Oreiro---Cambio-Dolor-(Nova-Klasika-2001).m2v
[14/01/2014 - 22:22:06 | D ] D:\Obrázky
[01/03/2013 - 11:41:26 | N | 0] D:\Ovladače.zip.4v9ufel.partial
[01/12/2012 - 19:17:23 | D ] D:\rajce
[04/08/2011 - 20:32:03 | SD ] D:\System Volume Information
[06/08/2011 - 09:51:12 | D ] D:\Tomb Raider - Anniversary
[17/09/2012 - 21:00:24 | D ] D:\Ultrazvuková kavitace
[12/09/2013 - 18:44:49 | D ] D:\Video
[26/01/2014 - 15:05:48 | D ] D:\_OTL

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

vitoria1 · #26 Příspěvek od **vitoria1** » 26 led 2014 15:40

Tak zatím je vše v pořádku, jestli by se to začalo opakovat mohla bych se obrátit přímo na tebe?
A děkuji moc za všechno!!!!

vitoria1 · #27 Příspěvek od **vitoria1** » 26 led 2014 15:52

Ani nevíš, jaký nervy jsem měla a hodiny strávené studováním na různých fórech. Už jsem byla zoufalá, tak ani nevíš jak moc jsi mi pomohl. Děkuji. Měj se.

VIRY.CZ

Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu

Re: Prosím Vás o kontrolu logu