VIRY.CZ

Dobrý den,

chtěl bych Vás požádat o pomoc, Spybot mi našel v notebooku vir double click zbavil se ho, ale hned byl zpátky. Je to nějaká velmi odolná a nepříjemná havěť ztěžující mi veškerou práci. Kliknu jednou a vir klikne klidně i třikrát, při označování textu co chci kopírovat označuje co se mu zlíbí atd. mohl by mi prosím někdo pomoct se toho zbavit?

Přikládam log RSIT.

Předem děkuji za pomoc.



Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2014-01-04 14:30:29
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 871 MB (2%) free of 50 GB
Total RAM: 2815 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:30:56, on 4.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Roman\Desktop\RSIT.exe
C:\Program Files\trend micro\Roman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PRACOVNI\MSPROJ~1\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\PRACOVNI\MS project\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Control Web IPC (CwIPCSvc) - Moravian Instruments® - C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 7237 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000UA.job
C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ysk0x51m.default

prefs.js - "extensions.enabledItems" - "{5C655500-E712-41e7-9349-CE462F844B19}:0.6, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37, wrc@avast.com:7.0.1466, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.21"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =827316&p="

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\PRACOVNI\MSPROJ~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npwachk.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ysk0x51m.default\extensions\
{5C655500-E712-41e7-9349-CE462F844B19}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-09-03 65928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-10-27 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-10-31 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PRACOVNI\MSPROJ~1\Office15\URLREDIR.DLL [2013-09-13 705240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-27 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-10-31 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2013-10-31 4858968]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2013-11-29 3806544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2013-11-29 3806544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbCipHelper]
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe [2008-05-27 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2012-10-09 6144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-01-04 14:30:29 ----D---- C:\rsit
2014-01-04 14:30:29 ----D---- C:\Program Files\trend micro
2014-01-03 21:54:31 ----A---- C:\Windows\system32\drivers\aswVmm.sys.bak
2014-01-03 21:54:31 ----A---- C:\Windows\system32\drivers\aswTdi.sys.bak
2014-01-03 21:54:31 ----A---- C:\Windows\system32\drivers\aswSP.sys.bak
2014-01-03 21:54:30 ----A---- C:\Windows\system32\drivers\aswSnx.sys.bak
2014-01-03 21:54:30 ----A---- C:\Windows\system32\drivers\aswRvrt.sys.bak
2014-01-03 21:54:30 ----A---- C:\Windows\system32\drivers\aswRdr2.sys.bak
2014-01-03 21:54:30 ----A---- C:\Windows\system32\drivers\aswRdr.sys.bak
2014-01-03 21:54:30 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys.bak
2014-01-03 21:54:30 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys.bak
2014-01-03 21:27:23 ----A---- C:\ComboFix.txt
2014-01-03 21:22:20 ----SD---- C:\$RECYCLE.BIN
2014-01-03 19:56:04 ----A---- C:\Windows\zip.exe
2014-01-03 19:56:04 ----A---- C:\Windows\SWSC.exe
2014-01-03 19:56:04 ----A---- C:\Windows\SWREG.exe
2014-01-03 19:56:04 ----A---- C:\Windows\sed.exe
2014-01-03 19:56:04 ----A---- C:\Windows\PEV.exe
2014-01-03 19:56:04 ----A---- C:\Windows\NIRCMD.exe
2014-01-03 19:56:04 ----A---- C:\Windows\MBR.exe
2014-01-03 19:56:04 ----A---- C:\Windows\grep.exe
2014-01-03 19:55:35 ----D---- C:\Qoobox
2014-01-03 19:55:02 ----D---- C:\Windows\erdnt
2014-01-03 16:51:43 ----D---- C:\AdwCleaner
2014-01-02 21:49:00 ----A---- C:\Windows\ntbtlog.txt
2013-12-29 23:33:57 ----A---- C:\Windows\system32\drivers\WUDFRd.sys.bak
2013-12-29 23:33:57 ----A---- C:\Windows\system32\drivers\WUDFPf.sys.bak
2013-12-29 23:33:56 ----A---- C:\Windows\system32\drivers\ws2ifsl.sys.bak
2013-12-29 23:33:56 ----A---- C:\Windows\system32\drivers\wmilib.sys.bak
2013-12-29 23:33:56 ----A---- C:\Windows\system32\drivers\wmiacpi.sys.bak
2013-12-29 23:33:55 ----A---- C:\Windows\system32\drivers\winhv.sys.bak
2013-12-29 23:33:55 ----A---- C:\Windows\system32\drivers\wimmount.sys.bak
2013-12-29 23:33:55 ----A---- C:\Windows\system32\drivers\wfplwf.sys.bak
2013-12-29 23:33:55 ----A---- C:\Windows\system32\drivers\WdfLdr.sys.bak
2013-12-29 23:33:54 ----A---- C:\Windows\system32\drivers\Wdf01000.sys.bak
2013-12-29 23:33:54 ----A---- C:\Windows\system32\drivers\wd.sys.bak
2013-12-29 23:33:54 ----A---- C:\Windows\system32\drivers\watchdog.sys.bak
2013-12-29 23:33:53 ----A---- C:\Windows\system32\drivers\wanarp.sys.bak
2013-12-29 23:33:53 ----A---- C:\Windows\system32\drivers\wacompen.sys.bak
2013-12-29 23:33:53 ----A---- C:\Windows\system32\drivers\vwifimp.sys.bak
2013-12-29 23:33:53 ----A---- C:\Windows\system32\drivers\vwififlt.sys.bak
2013-12-29 23:33:52 ----A---- C:\Windows\system32\drivers\vwifibus.sys.bak
2013-12-29 23:33:52 ----A---- C:\Windows\system32\drivers\vsock.sys.bak
2013-12-29 23:33:52 ----A---- C:\Windows\system32\drivers\vsmraid.sys.bak
2013-12-29 23:33:52 ----A---- C:\Windows\system32\drivers\vpcvmm.sys.bak
2013-12-29 23:33:51 ----A---- C:\Windows\system32\drivers\vpchbus.sys.bak
2013-12-29 23:33:51 ----A---- C:\Windows\system32\drivers\vpcusb.sys.bak
2013-12-29 23:33:51 ----A---- C:\Windows\system32\drivers\vpcnfltr.sys.bak
2013-12-29 23:33:50 ----A---- C:\Windows\system32\drivers\volsnap.sys.bak
2013-12-29 23:33:50 ----A---- C:\Windows\system32\drivers\volmgrx.sys.bak
2013-12-29 23:33:50 ----A---- C:\Windows\system32\drivers\volmgr.sys.bak
2013-12-29 23:33:49 ----A---- C:\Windows\system32\drivers\vmx86.sys.bak
2013-12-29 23:33:49 ----A---- C:\Windows\system32\drivers\vmusb.sys.bak
2013-12-29 23:33:49 ----A---- C:\Windows\system32\drivers\vmstorfl.sys.bak
2013-12-29 23:33:49 ----A---- C:\Windows\system32\drivers\vms3cap.sys.bak
2013-12-29 23:33:48 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys.bak
2013-12-29 23:33:48 ----A---- C:\Windows\system32\drivers\vmnetbridge.sys.bak
2013-12-29 23:33:48 ----A---- C:\Windows\system32\drivers\vmnetadapter.sys.bak
2013-12-29 23:33:48 ----A---- C:\Windows\system32\drivers\vmnet.sys.bak
2013-12-29 23:33:47 ----A---- C:\Windows\system32\drivers\VMkbd.sys.bak
2013-12-29 23:33:47 ----A---- C:\Windows\system32\drivers\vmci.sys.bak
2013-12-29 23:33:47 ----A---- C:\Windows\system32\drivers\VMBusHID.sys.bak
2013-12-29 23:33:47 ----A---- C:\Windows\system32\drivers\vmbus.sys.bak
2013-12-29 23:33:46 ----A---- C:\Windows\system32\drivers\videoprt.sys.bak
2013-12-29 23:33:46 ----A---- C:\Windows\system32\drivers\viaide.sys.bak
2013-12-29 23:33:46 ----A---- C:\Windows\system32\drivers\viac7.sys.bak
2013-12-29 23:33:46 ----A---- C:\Windows\system32\drivers\VIAAGP.SYS.bak
2013-12-29 23:33:45 ----A---- C:\Windows\system32\drivers\vhdmp.sys.bak
2013-12-29 23:33:45 ----A---- C:\Windows\system32\drivers\vgapnp.sys.bak
2013-12-29 23:33:45 ----A---- C:\Windows\system32\drivers\vga.sys.bak
2013-12-29 23:33:45 ----A---- C:\Windows\system32\drivers\vdrvroot.sys.bak
2013-12-29 23:33:44 ----A---- C:\Windows\system32\drivers\usbvideo.sys.bak
2013-12-29 23:33:44 ----A---- C:\Windows\system32\drivers\usbuhci.sys.bak
2013-12-29 23:33:44 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS.bak
2013-12-29 23:33:44 ----A---- C:\Windows\system32\drivers\usbrpm.sys.bak
2013-12-29 23:33:43 ----A---- C:\Windows\system32\drivers\usbprint.sys.bak
2013-12-29 23:33:43 ----A---- C:\Windows\system32\drivers\usbport.sys.bak
2013-12-29 23:33:43 ----A---- C:\Windows\system32\drivers\usbohci.sys.bak
2013-12-29 23:33:43 ----A---- C:\Windows\system32\drivers\usbhub.sys.bak
2013-12-29 23:33:42 ----A---- C:\Windows\system32\drivers\usbehci.sys.bak
2013-12-29 23:33:42 ----A---- C:\Windows\system32\drivers\usbd.sys.bak
2013-12-29 23:33:42 ----A---- C:\Windows\system32\drivers\usbcir.sys.bak
2013-12-29 23:33:42 ----A---- C:\Windows\system32\drivers\usbccgp.sys.bak
2013-12-29 23:33:41 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys.bak
2013-12-29 23:33:41 ----A---- C:\Windows\system32\drivers\USBCAMD.sys.bak
2013-12-29 23:33:41 ----A---- C:\Windows\system32\drivers\usb8023.sys.bak
2013-12-29 23:33:40 ----A---- C:\Windows\system32\drivers\umpass.sys.bak
2013-12-29 23:33:40 ----A---- C:\Windows\system32\drivers\umbus.sys.bak
2013-12-29 23:33:40 ----A---- C:\Windows\system32\drivers\ULIAGPKX.SYS.bak
2013-12-29 23:33:39 ----A---- C:\Windows\system32\drivers\udfs.sys.bak
2013-12-29 23:33:39 ----A---- C:\Windows\system32\drivers\UAGP35.SYS.bak
2013-12-29 23:33:38 ----A---- C:\Windows\system32\drivers\tunnel.sys.bak
2013-12-29 23:33:38 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys.bak
2013-12-29 23:33:38 ----A---- C:\Windows\system32\drivers\tssecsrv.sys.bak
2013-12-29 23:33:37 ----A---- C:\Windows\system32\drivers\termdd.sys.bak
2013-12-29 23:33:37 ----A---- C:\Windows\system32\drivers\tdx.sys.bak
2013-12-29 23:33:37 ----A---- C:\Windows\system32\drivers\tdtcp.sys.bak
2013-12-29 23:33:37 ----A---- C:\Windows\system32\drivers\tdpipe.sys.bak
2013-12-29 23:33:36 ----A---- C:\Windows\system32\drivers\tdi.sys.bak
2013-12-29 23:33:36 ----A---- C:\Windows\system32\drivers\tcpipreg.sys.bak
2013-12-29 23:33:36 ----A---- C:\Windows\system32\drivers\tcpip.sys.bak
2013-12-29 23:33:35 ----A---- C:\Windows\system32\drivers\tape.sys.bak
2013-12-29 23:33:35 ----A---- C:\Windows\system32\drivers\swenum.sys.bak
2013-12-29 23:33:35 ----A---- C:\Windows\system32\drivers\stream.sys.bak
2013-12-29 23:33:35 ----A---- C:\Windows\system32\drivers\storvsc.sys.bak
2013-12-29 23:33:34 ----A---- C:\Windows\system32\drivers\storport.sys.bak
2013-12-29 23:33:34 ----A---- C:\Windows\system32\drivers\stexstor.sys.bak
2013-12-29 23:33:34 ----A---- C:\Windows\system32\drivers\srvnet.sys.bak
2013-12-29 23:33:34 ----A---- C:\Windows\system32\drivers\srv2.sys.bak
2013-12-29 23:33:33 ----A---- C:\Windows\system32\drivers\srv.sys.bak
2013-12-29 23:33:33 ----A---- C:\Windows\system32\drivers\spsys.sys.bak
2013-12-29 23:33:33 ----A---- C:\Windows\system32\drivers\spldr.sys.bak
2013-12-29 23:33:33 ----A---- C:\Windows\system32\drivers\smclib.sys.bak
2013-12-29 23:33:32 ----A---- C:\Windows\system32\drivers\smb.sys.bak
2013-12-29 23:33:32 ----A---- C:\Windows\system32\drivers\sisraid4.sys.bak
2013-12-29 23:33:32 ----A---- C:\Windows\system32\drivers\sisraid2.sys.bak
2013-12-29 23:33:32 ----A---- C:\Windows\system32\drivers\SISAGP.SYS.bak
2013-12-29 23:33:32 ----A---- C:\Windows\system32\drivers\sfloppy.sys.bak
2013-12-29 23:33:31 ----A---- C:\Windows\system32\drivers\sffp_sd.sys.bak
2013-12-29 23:33:31 ----A---- C:\Windows\system32\drivers\sffp_mmc.sys.bak
2013-12-29 23:33:31 ----A---- C:\Windows\system32\drivers\sffdisk.sys.bak
2013-12-29 23:33:31 ----A---- C:\Windows\system32\drivers\sermouse.sys.bak
2013-12-29 23:33:30 ----A---- C:\Windows\system32\drivers\serial.sys.bak
2013-12-29 23:33:30 ----A---- C:\Windows\system32\drivers\serenum.sys.bak
2013-12-29 23:33:30 ----A---- C:\Windows\system32\drivers\ser2pl.sys.bak
2013-12-29 23:33:30 ----A---- C:\Windows\system32\drivers\secdrv.sys.bak
2013-12-29 23:33:29 ----A---- C:\Windows\system32\drivers\scsiport.sys.bak
2013-12-29 23:33:29 ----A---- C:\Windows\system32\drivers\scfilter.sys.bak
2013-12-29 23:33:29 ----A---- C:\Windows\system32\drivers\sbp2port.sys.bak
2013-12-29 23:33:28 ----A---- C:\Windows\system32\drivers\Rt86win7.sys.bak
2013-12-29 23:33:27 ----A---- C:\Windows\system32\drivers\rspndr.sys.bak
2013-12-29 23:33:27 ----A---- C:\Windows\system32\drivers\rootmdm.sys.bak
2013-12-29 23:33:27 ----A---- C:\Windows\system32\drivers\RNDISMP.sys.bak
2013-12-29 23:33:26 ----A---- C:\Windows\system32\drivers\rmcast.sys.bak
2013-12-29 23:33:26 ----A---- C:\Windows\system32\drivers\rfcomm.sys.bak
2013-12-29 23:33:26 ----A---- C:\Windows\system32\drivers\rdyboost.sys.bak
2013-12-29 23:33:25 ----A---- C:\Windows\system32\drivers\rdpwd.sys.bak
2013-12-29 23:33:25 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys.bak
2013-12-29 23:33:25 ----A---- C:\Windows\system32\drivers\RDPREFMP.sys.bak
2013-12-29 23:33:24 ----A---- C:\Windows\system32\drivers\RDPENCDD.sys.bak
2013-12-29 23:33:24 ----A---- C:\Windows\system32\drivers\rdpdr.sys.bak
2013-12-29 23:33:24 ----A---- C:\Windows\system32\drivers\RDPCDD.sys.bak
2013-12-29 23:33:24 ----A---- C:\Windows\system32\drivers\rdpbus.sys.bak
2013-12-29 23:33:23 ----A---- C:\Windows\system32\drivers\rdbss.sys.bak
2013-12-29 23:33:23 ----A---- C:\Windows\system32\drivers\rassstp.sys.bak
2013-12-29 23:33:23 ----A---- C:\Windows\system32\drivers\raspptp.sys.bak
2013-12-29 23:33:23 ----A---- C:\Windows\system32\drivers\raspppoe.sys.bak
2013-12-29 23:33:22 ----A---- C:\Windows\system32\drivers\rasl2tp.sys.bak
2013-12-29 23:33:22 ----A---- C:\Windows\system32\drivers\rasacd.sys.bak
2013-12-29 23:33:22 ----A---- C:\Windows\system32\drivers\qwavedrv.sys.bak
2013-12-29 23:33:22 ----A---- C:\Windows\system32\drivers\ql40xx.sys.bak
2013-12-29 23:33:21 ----A---- C:\Windows\system32\drivers\ql2300.sys.bak
2013-12-29 23:33:21 ----A---- C:\Windows\system32\drivers\processr.sys.bak
2013-12-29 23:33:21 ----A---- C:\Windows\system32\drivers\portcls.sys.bak
2013-12-29 23:33:20 ----A---- C:\Windows\system32\drivers\PEAuth.sys.bak
2013-12-29 23:33:20 ----A---- C:\Windows\system32\drivers\pcw.sys.bak
2013-12-29 23:33:20 ----A---- C:\Windows\system32\drivers\pcmcia.sys.bak
2013-12-29 23:33:19 ----A---- C:\Windows\system32\drivers\pciidex.sys.bak
2013-12-29 23:33:19 ----A---- C:\Windows\system32\drivers\pciide.sys.bak
2013-12-29 23:33:19 ----A---- C:\Windows\system32\drivers\pci.sys.bak
2013-12-29 23:33:19 ----A---- C:\Windows\system32\drivers\parvdm.sys.bak
2013-12-29 23:33:18 ----A---- C:\Windows\system32\drivers\partmgr.sys.bak
2013-12-29 23:33:18 ----A---- C:\Windows\system32\drivers\parport.sys.bak
2013-12-29 23:33:18 ----A---- C:\Windows\system32\drivers\pacer.sys.bak
2013-12-29 23:33:18 ----A---- C:\Windows\system32\drivers\omng.sys.bak
2013-12-29 23:33:17 ----A---- C:\Windows\system32\drivers\ohci1394.sys.bak
2013-12-29 23:33:17 ----A---- C:\Windows\system32\drivers\nwifi.sys.bak
2013-12-29 23:33:17 ----A---- C:\Windows\system32\drivers\NV_AGP.SYS.bak
2013-12-29 23:33:16 ----A---- C:\Windows\system32\drivers\nvstor.sys.bak
2013-12-29 23:33:16 ----A---- C:\Windows\system32\drivers\nvraid.sys.bak
2013-12-29 23:33:16 ----A---- C:\Windows\system32\drivers\null.sys.bak
2013-12-29 23:33:15 ----A---- C:\Windows\system32\drivers\ntfs.sys.bak
2013-12-29 23:33:15 ----A---- C:\Windows\system32\drivers\nsiproxy.sys.bak
2013-12-29 23:33:15 ----A---- C:\Windows\system32\drivers\npfs.sys.bak
2013-12-29 23:33:15 ----A---- C:\Windows\system32\drivers\nfrd960.sys.bak
2013-12-29 23:33:14 ----A---- C:\Windows\system32\drivers\netio.sys.bak
2013-12-29 23:33:14 ----A---- C:\Windows\system32\drivers\netbt.sys.bak
2013-12-29 23:33:14 ----A---- C:\Windows\system32\drivers\netbios.sys.bak
2013-12-29 23:33:14 ----A---- C:\Windows\system32\drivers\ndproxy.sys.bak
2013-12-29 23:33:13 ----A---- C:\Windows\system32\drivers\ndiswan.sys.bak
2013-12-29 23:33:13 ----A---- C:\Windows\system32\drivers\ndisuio.sys.bak
2013-12-29 23:33:13 ----A---- C:\Windows\system32\drivers\ndistapi.sys.bak
2013-12-29 23:33:13 ----A---- C:\Windows\system32\drivers\ndiscap.sys.bak
2013-12-29 23:33:13 ----A---- C:\Windows\system32\drivers\ndis.sys.bak
2013-12-29 23:33:12 ----A---- C:\Windows\system32\drivers\mup.sys.bak
2013-12-29 23:33:12 ----A---- C:\Windows\system32\drivers\MTConfig.sys.bak
2013-12-29 23:33:12 ----A---- C:\Windows\system32\drivers\mstee.sys.bak
2013-12-29 23:33:12 ----A---- C:\Windows\system32\drivers\mssmbios.sys.bak
2013-12-29 23:33:11 ----A---- C:\Windows\system32\drivers\msrpc.sys.bak
2013-12-29 23:33:11 ----A---- C:\Windows\system32\drivers\mspqm.sys.bak
2013-12-29 23:33:11 ----A---- C:\Windows\system32\drivers\mspclock.sys.bak
2013-12-29 23:33:10 ----A---- C:\Windows\system32\drivers\mskssrv.sys.bak
2013-12-29 23:33:10 ----A---- C:\Windows\system32\drivers\msiscsi.sys.bak
2013-12-29 23:33:10 ----A---- C:\Windows\system32\drivers\msisadrv.sys.bak
2013-12-29 23:33:10 ----A---- C:\Windows\system32\drivers\mshidkmdf.sys.bak
2013-12-29 23:33:09 ----A---- C:\Windows\system32\drivers\msfs.sys.bak
2013-12-29 23:33:09 ----A---- C:\Windows\system32\drivers\msdsm.sys.bak
2013-12-29 23:33:09 ----A---- C:\Windows\system32\drivers\msahci.sys.bak
2013-12-29 23:33:08 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys.bak
2013-12-29 23:33:08 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys.bak
2013-12-29 23:33:08 ----A---- C:\Windows\system32\drivers\mrxsmb.sys.bak
2013-12-29 23:33:08 ----A---- C:\Windows\system32\drivers\mrxdav.sys.bak
2013-12-29 23:33:08 ----A---- C:\Windows\system32\drivers\mpsdrv.sys.bak
2013-12-29 23:33:07 ----A---- C:\Windows\system32\drivers\mpio.sys.bak
2013-12-29 23:33:07 ----A---- C:\Windows\system32\drivers\mountmgr.sys.bak
2013-12-29 23:33:07 ----A---- C:\Windows\system32\drivers\mouhid.sys.bak
2013-12-29 23:33:07 ----A---- C:\Windows\system32\drivers\mouclass.sys.bak
2013-12-29 23:33:06 ----A---- C:\Windows\system32\drivers\monitor.sys.bak
2013-12-29 23:33:06 ----A---- C:\Windows\system32\drivers\modem.sys.bak
2013-12-29 23:33:06 ----A---- C:\Windows\system32\drivers\MegaSR.sys.bak
2013-12-29 23:33:05 ----A---- C:\Windows\system32\drivers\megasas.sys.bak
2013-12-29 23:33:05 ----A---- C:\Windows\system32\drivers\mcd.sys.bak
2013-12-29 23:33:05 ----A---- C:\Windows\system32\drivers\luafv.sys.bak
2013-12-29 23:33:05 ----A---- C:\Windows\system32\drivers\lsi_scsi.sys.bak
2013-12-29 23:33:04 ----A---- C:\Windows\system32\drivers\lsi_sas2.sys.bak
2013-12-29 23:33:04 ----A---- C:\Windows\system32\drivers\lsi_sas.sys.bak
2013-12-29 23:33:04 ----A---- C:\Windows\system32\drivers\lsi_fc.sys.bak
2013-12-29 23:33:03 ----A---- C:\Windows\system32\drivers\lltdio.sys.bak
2013-12-29 23:33:03 ----A---- C:\Windows\system32\drivers\ksecpkg.sys.bak
2013-12-29 23:33:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys.bak
2013-12-29 23:33:03 ----A---- C:\Windows\system32\drivers\ks.sys.bak
2013-12-29 23:33:02 ----A---- C:\Windows\system32\drivers\kbdhid.sys.bak
2013-12-29 23:33:02 ----A---- C:\Windows\system32\drivers\kbdclass.sys.bak
2013-12-29 23:33:02 ----A---- C:\Windows\system32\drivers\k750whnt.sys.bak
2013-12-29 23:33:02 ----A---- C:\Windows\system32\drivers\k750wh.sys.bak
2013-12-29 23:33:01 ----A---- C:\Windows\system32\drivers\k750bus.sys.bak
2013-12-29 23:33:01 ----A---- C:\Windows\system32\drivers\isapnp.sys.bak
2013-12-29 23:33:01 ----A---- C:\Windows\system32\drivers\irenum.sys.bak
2013-12-29 23:33:01 ----A---- C:\Windows\system32\drivers\irda.sys.bak
2013-12-29 23:33:00 ----A---- C:\Windows\system32\drivers\ipnat.sys.bak
2013-12-29 23:33:00 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys.bak
2013-12-29 23:33:00 ----A---- C:\Windows\system32\drivers\ipfltdrv.sys.bak
2013-12-29 23:32:59 ----A---- C:\Windows\system32\drivers\intelppm.sys.bak
2013-12-29 23:32:59 ----A---- C:\Windows\system32\drivers\intelide.sys.bak
2013-12-29 23:32:59 ----A---- C:\Windows\system32\drivers\iirsp.sys.bak
2013-12-29 23:32:59 ----A---- C:\Windows\system32\drivers\iaStorV.sys.bak
2013-12-29 23:32:58 ----A---- C:\Windows\system32\drivers\i8042prt.sys.bak
2013-12-29 23:32:58 ----A---- C:\Windows\system32\drivers\hwpolicy.sys.bak
2013-12-29 23:32:58 ----A---- C:\Windows\system32\drivers\http.sys.bak
2013-12-29 23:32:58 ----A---- C:\Windows\system32\drivers\HpSAMD.sys.bak
2013-12-29 23:32:57 ----A---- C:\Windows\system32\drivers\hidusb.sys.bak
2013-12-29 23:32:57 ----A---- C:\Windows\system32\drivers\hidparse.sys.bak
2013-12-29 23:32:57 ----A---- C:\Windows\system32\drivers\hidir.sys.bak
2013-12-29 23:32:57 ----A---- C:\Windows\system32\drivers\hidclass.sys.bak
2013-12-29 23:32:56 ----A---- C:\Windows\system32\drivers\hidbth.sys.bak
2013-12-29 23:32:56 ----A---- C:\Windows\system32\drivers\hidbatt.sys.bak
2013-12-29 23:32:56 ----A---- C:\Windows\system32\drivers\HdAudio.sys.bak
2013-12-29 23:32:55 ----A---- C:\Windows\system32\drivers\hdaudbus.sys.bak
2013-12-29 23:32:55 ----A---- C:\Windows\system32\drivers\hcw85cir.sys.bak
2013-12-29 23:32:54 ----A---- C:\Windows\system32\drivers\hcmon.sys.bak
2013-12-29 23:32:54 ----A---- C:\Windows\system32\drivers\hamachi.sys.bak
2013-12-29 23:32:54 ----A---- C:\Windows\system32\drivers\GAGP30KX.SYS.bak
2013-12-29 23:32:54 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS.bak
2013-12-29 23:32:53 ----A---- C:\Windows\system32\drivers\fvevol.sys.bak
2013-12-29 23:32:53 ----A---- C:\Windows\system32\drivers\fsdepends.sys.bak
2013-12-29 23:32:53 ----A---- C:\Windows\system32\drivers\fs_rec.sys.bak
2013-12-29 23:32:53 ----A---- C:\Windows\system32\drivers\fltMgr.sys.bak
2013-12-29 23:32:53 ----A---- C:\Windows\system32\drivers\flpydisk.sys.bak
2013-12-29 23:32:52 ----A---- C:\Windows\system32\drivers\filetrace.sys.bak
2013-12-29 23:32:52 ----A---- C:\Windows\system32\drivers\fileinfo.sys.bak
2013-12-29 23:32:52 ----A---- C:\Windows\system32\drivers\fdc.sys.bak
2013-12-29 23:32:51 ----A---- C:\Windows\system32\drivers\fastfat.sys.bak
2013-12-29 23:32:51 ----A---- C:\Windows\system32\drivers\exfat.sys.bak
2013-12-29 23:32:51 ----A---- C:\Windows\system32\drivers\ewusbnet.sys.bak
2013-12-29 23:32:50 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys.bak
2013-12-29 23:32:50 ----A---- C:\Windows\system32\drivers\ewusbfake.sys.bak
2013-12-29 23:32:49 ----A---- C:\Windows\system32\drivers\evbdx.sys.bak
2013-12-29 23:32:49 ----A---- C:\Windows\system32\drivers\errdev.sys.bak
2013-12-29 23:32:48 ----A---- C:\Windows\system32\drivers\elxstor.sys.bak
2013-12-29 23:32:48 ----A---- C:\Windows\system32\drivers\dxgmms1.sys.bak
2013-12-29 23:32:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys.bak
2013-12-29 23:32:48 ----A---- C:\Windows\system32\drivers\dxg.sys.bak
2013-12-29 23:32:47 ----A---- C:\Windows\system32\drivers\dxapi.sys.bak
2013-12-29 23:32:47 ----A---- C:\Windows\system32\drivers\dumpfve.sys.bak
2013-12-29 23:32:47 ----A---- C:\Windows\system32\drivers\Dumpata.sys.bak
2013-12-29 23:32:47 ----A---- C:\Windows\system32\drivers\drmkaud.sys.bak
2013-12-29 23:32:46 ----A---- C:\Windows\system32\drivers\drmk.sys.bak
2013-12-29 23:32:46 ----A---- C:\Windows\system32\drivers\dne2000.sys.bak
2013-12-29 23:32:46 ----A---- C:\Windows\system32\drivers\djsvs.sys.bak
2013-12-29 23:32:46 ----A---- C:\Windows\system32\drivers\Diskdump.sys.bak
2013-12-29 23:32:45 ----A---- C:\Windows\system32\drivers\disk.sys.bak
2013-12-29 23:32:45 ----A---- C:\Windows\system32\drivers\discache.sys.bak
2013-12-29 23:32:45 ----A---- C:\Windows\system32\drivers\dfsc.sys.bak
2013-12-29 23:32:44 ----A---- C:\Windows\system32\drivers\CVPNDRVA.sys.bak
2013-12-29 23:32:44 ----A---- C:\Windows\system32\drivers\CVirtA.sys.bak
2013-12-29 23:32:44 ----A---- C:\Windows\system32\drivers\csc.sys.bak
2013-12-29 23:32:43 ----A---- C:\Windows\system32\drivers\crcdisk.sys.bak
2013-12-29 23:32:43 ----A---- C:\Windows\system32\drivers\crashdmp.sys.bak
2013-12-29 23:32:43 ----A---- C:\Windows\system32\drivers\CompositeBus.sys.bak
2013-12-29 23:32:43 ----A---- C:\Windows\system32\drivers\compbatt.sys.bak
2013-12-29 23:32:42 ----A---- C:\Windows\system32\drivers\cng.sys.bak
2013-12-29 23:32:42 ----A---- C:\Windows\system32\drivers\cmdide.sys.bak
2013-12-29 23:32:42 ----A---- C:\Windows\system32\drivers\CmBatt.sys.bak
2013-12-29 23:32:42 ----A---- C:\Windows\system32\drivers\Classpnp.sys.bak
2013-12-29 23:32:41 ----A---- C:\Windows\system32\drivers\circlass.sys.bak
2013-12-29 23:32:41 ----A---- C:\Windows\system32\drivers\cdrom.sys.bak
2013-12-29 23:32:41 ----A---- C:\Windows\system32\drivers\cdfs.sys.bak
2013-12-29 23:32:41 ----A---- C:\Windows\system32\drivers\bxvbdx.sys.bak
2013-12-29 23:32:40 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS.bak
2013-12-29 23:32:40 ----A---- C:\Windows\system32\drivers\bthport.sys.bak
2013-12-29 23:32:40 ----A---- C:\Windows\system32\drivers\bthpan.sys.bak
2013-12-29 23:32:40 ----A---- C:\Windows\system32\drivers\bthmodem.sys.bak
2013-12-29 23:32:39 ----A---- C:\Windows\system32\drivers\bthenum.sys.bak
2013-12-29 23:32:39 ----A---- C:\Windows\system32\drivers\BrUsbSer.sys.bak
2013-12-29 23:32:38 ----A---- C:\Windows\system32\drivers\BrUsbMdm.sys.bak
2013-12-29 23:32:38 ----A---- C:\Windows\system32\drivers\BrSerWdm.sys.bak
2013-12-29 23:32:38 ----A---- C:\Windows\system32\drivers\BrSerId.sys.bak
2013-12-29 23:32:37 ----A---- C:\Windows\system32\drivers\bridge.sys.bak
2013-12-29 23:32:37 ----A---- C:\Windows\system32\drivers\BrFiltUp.sys.bak
2013-12-29 23:32:37 ----A---- C:\Windows\system32\drivers\BrFiltLo.sys.bak
2013-12-29 23:32:37 ----A---- C:\Windows\system32\drivers\bowser.sys.bak
2013-12-29 23:32:36 ----A---- C:\Windows\system32\drivers\blbdrive.sys.bak
2013-12-29 23:32:36 ----A---- C:\Windows\system32\drivers\beep.sys.bak
2013-12-29 23:32:36 ----A---- C:\Windows\system32\drivers\battc.sys.bak
2013-12-29 23:32:35 ----A---- C:\Windows\system32\drivers\b57nd60x.sys.bak
2013-12-29 23:32:34 ----A---- C:\Windows\system32\drivers\ATKACPI.sys.bak
2013-12-29 23:32:33 ----A---- C:\Windows\system32\drivers\atikmdag.sys.bak
2013-12-29 23:32:33 ----A---- C:\Windows\system32\drivers\AtihdW73.sys.bak
2013-12-29 23:32:33 ----A---- C:\Windows\system32\drivers\athr.sys.bak
2013-12-29 23:32:32 ----A---- C:\Windows\system32\drivers\ataport.sys.bak
2013-12-29 23:32:32 ----A---- C:\Windows\system32\drivers\atapi.sys.bak
2013-12-29 23:32:32 ----A---- C:\Windows\system32\drivers\asyncmac.sys.bak
2013-12-29 23:32:31 ----A---- C:\Windows\system32\drivers\arcsas.sys.bak
2013-12-29 23:32:31 ----A---- C:\Windows\system32\drivers\arc.sys.bak
2013-12-29 23:32:31 ----A---- C:\Windows\system32\drivers\appid.sys.bak
2013-12-29 23:32:31 ----A---- C:\Windows\system32\drivers\amdxata.sys.bak
2013-12-29 23:32:30 ----A---- C:\Windows\system32\drivers\amdsbs.sys.bak
2013-12-29 23:32:30 ----A---- C:\Windows\system32\drivers\amdsata.sys.bak
2013-12-29 23:32:30 ----A---- C:\Windows\system32\drivers\amdppm.sys.bak
2013-12-29 23:32:30 ----A---- C:\Windows\system32\drivers\amdk8.sys.bak
2013-12-29 23:32:29 ----A---- C:\Windows\system32\drivers\amdide.sys.bak
2013-12-29 23:32:29 ----A---- C:\Windows\system32\drivers\AMDAGP.SYS.bak
2013-12-29 23:32:29 ----A---- C:\Windows\system32\drivers\aliide.sys.bak
2013-12-29 23:32:29 ----A---- C:\Windows\system32\drivers\AGP440.sys.bak
2013-12-29 23:32:28 ----A---- C:\Windows\system32\drivers\agilevpn.sys.bak
2013-12-29 23:32:28 ----A---- C:\Windows\system32\drivers\afd.sys.bak
2013-12-29 23:32:28 ----A---- C:\Windows\system32\drivers\adpu320.sys.bak
2013-12-29 23:32:28 ----A---- C:\Windows\system32\drivers\adpahci.sys.bak
2013-12-29 23:32:27 ----A---- C:\Windows\system32\drivers\adp94xx.sys.bak
2013-12-29 23:32:27 ----A---- C:\Windows\system32\drivers\acpipmi.sys.bak
2013-12-29 23:32:27 ----A---- C:\Windows\system32\drivers\acpi.sys.bak
2013-12-29 23:32:26 ----A---- C:\Windows\system32\drivers\abpcics.sys.bak
2013-12-29 23:32:26 ----A---- C:\Windows\system32\drivers\abpcic.sys.bak
2013-12-29 23:32:26 ----A---- C:\Windows\system32\drivers\abktcx.sys.bak
2013-12-29 23:32:26 ----A---- C:\Windows\system32\drivers\1394ohci.sys.bak
2013-12-29 23:32:24 ----A---- C:\Windows\system32\drivers\1394bus.sys.bak
2013-12-29 15:44:15 ----D---- C:\Users\Roman\AppData\Roaming\Malwarebytes
2013-12-29 15:43:55 ----D---- C:\ProgramData\Malwarebytes
2013-12-11 23:29:19 ----A---- C:\Windows\system32\ie4uinit.exe
2013-12-11 23:29:16 ----A---- C:\Windows\system32\jsproxy.dll
2013-12-11 23:29:16 ----A---- C:\Windows\system32\ieui.dll
2013-12-11 23:29:15 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 23:29:14 ----A---- C:\Windows\system32\iesetup.dll
2013-12-11 23:29:14 ----A---- C:\Windows\system32\iernonce.dll
2013-12-11 23:29:14 ----A---- C:\Windows\system32\ieapfltr.dll
2013-12-11 23:29:13 ----A---- C:\Windows\system32\jscript9diag.dll
2013-12-11 23:29:12 ----A---- C:\Windows\system32\ieUnatt.exe
2013-12-11 23:29:12 ----A---- C:\Windows\system32\ieetwproxystub.dll
2013-12-11 23:29:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2013-12-11 23:29:09 ----A---- C:\Windows\system32\wininet.dll
2013-12-11 23:29:08 ----A---- C:\Windows\system32\iertutil.dll
2013-12-11 23:29:07 ----A---- C:\Windows\system32\urlmon.dll
2013-12-11 23:29:04 ----A---- C:\Windows\system32\ieframe.dll
2013-12-11 23:29:02 ----A---- C:\Windows\system32\mshtml.dll
2013-12-11 23:29:01 ----A---- C:\Windows\system32\jscript9.dll
2013-12-11 23:26:12 ----A---- C:\Windows\system32\wmp.dll
2013-12-11 23:26:08 ----A---- C:\Windows\system32\wmploc.DLL
2013-12-11 15:48:16 ----A---- C:\Windows\system32\msieftp.dll
2013-12-11 15:48:14 ----A---- C:\Windows\system32\imagehlp.dll
2013-12-11 15:48:13 ----A---- C:\Windows\system32\wscript.exe
2013-12-11 15:48:12 ----A---- C:\Windows\system32\scrrun.dll
2013-12-11 15:48:12 ----A---- C:\Windows\system32\cscript.exe
2013-12-11 15:48:11 ----A---- C:\Windows\system32\WMPhoto.dll
2013-12-11 15:48:09 ----A---- C:\Windows\system32\tzres.dll
2013-12-11 15:48:04 ----A---- C:\Windows\system32\win32k.sys
2013-12-11 15:48:02 ----A---- C:\Windows\system32\drivers\portcls.sys
2013-12-11 15:48:02 ----A---- C:\Windows\system32\drivers\drmk.sys
2013-12-07 09:42:54 ----D---- C:\Program Files\LogMeIn Hamachi

======List of files/folders modified in the last 1 month======

2014-01-04 14:30:34 ----D---- C:\Windows\Temp
2014-01-04 14:30:29 ----RD---- C:\Program Files
2014-01-04 14:06:13 ----D---- C:\Windows\system32\config
2014-01-04 13:50:54 ----D---- C:\ProgramData\VMware
2014-01-04 02:08:05 ----D---- C:\Windows\System32
2014-01-04 02:07:17 ----D---- C:\Windows\system32\drivers
2014-01-04 02:04:25 ----D---- C:\Windows\system32\drivers\etc
2014-01-03 21:22:22 ----D---- C:\Windows
2014-01-03 21:22:22 ----A---- C:\Windows\system.ini
2014-01-03 21:12:24 ----D---- C:\Windows\AppPatch
2014-01-03 21:12:21 ----D---- C:\Program Files\Common Files
2014-01-03 21:06:04 ----SD---- C:\System Volume Information
2014-01-03 19:55:47 ----D---- C:\Windows\Prefetch
2014-01-03 16:54:30 ----D---- C:\Program Files\Mozilla Firefox
2014-01-03 15:46:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2014-01-02 22:44:08 ----D---- C:\Windows\inf
2014-01-02 22:44:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-02 21:49:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-01-02 21:32:17 ----D---- C:\Users\Roman\AppData\Roaming\Winamp
2014-01-02 21:32:08 ----D---- C:\Windows\debug
2013-12-30 17:43:00 ----D---- C:\ProgramData
2013-12-30 15:04:53 ----D---- C:\Windows\system32\Tasks
2013-12-30 14:23:56 ----D---- C:\Windows\system32\catroot2
2013-12-30 14:22:02 ----D---- C:\Windows\Downloaded Program Files
2013-12-29 18:08:00 ----D---- C:\Windows\Offline Web Pages
2013-12-20 17:36:46 ----D---- C:\Windows\system32\NDF
2013-12-13 15:54:45 ----SHD---- C:\Windows\Installer
2013-12-13 15:54:45 ----D---- C:\ProgramData\Microsoft Help
2013-12-13 15:54:45 ----D---- C:\Config.Msi
2013-12-13 15:54:20 ----RSD---- C:\Windows\assembly
2013-12-13 14:32:00 ----D---- C:\Windows\Panther
2013-12-13 14:31:51 ----D---- C:\Windows\Logs
2013-12-12 14:57:46 ----D---- C:\Windows\winsxs
2013-12-12 14:53:19 ----D---- C:\Program Files\Internet Explorer
2013-12-12 14:53:15 ----D---- C:\Windows\system32\cs-CZ
2013-12-12 14:53:14 ----D---- C:\Program Files\Windows Media Player
2013-12-12 14:53:08 ----D---- C:\Windows\system32\DriverStore
2013-12-11 23:31:26 ----A---- C:\Windows\win.ini
2013-12-11 23:29:45 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-10-31 49376]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-10-31 175176]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2012-07-06 61296]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-10-31 61680]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-10-31 770344]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-10-31 369584]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-10-31 56080]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-10-31 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-10-31 66336]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2010-09-27 308859]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2012-08-01 41496]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2012-08-15 37016]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2012-08-15 25752]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2012-08-15 61848]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2012-08-15 25624]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S1 VirtualBackplane;A-B Virtual Backplane; C:\Windows\System32\Drivers\VirtualBackplane.sys []
S2 First;First; C:\Windows\system32\drivers\First.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 catchme;catchme; \??\C:\Users\Roman\AppData\Local\Temp\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-04-09 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 rak;rak; \??\C:\Windows\system32\rakion.sys [2010-03-07 60928]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RsiKtControl;RsiKtControl; C:\Windows\system32\RSIKT.SYS [2008-07-05 39067]
S3 RSSERIAL;RSLinx Classic Serial Driver; C:\Windows\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2009-11-19 81920]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TrueSight;TrueSight; \??\ []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2012-08-15 16664]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2012-08-01 31280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-13 100920]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-10-31 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2010-09-27 1528616]
R2 CwIPCSvc;Control Web IPC; C:\Program Files\Moravian Instruments\Shared\cwsvc.exe [2013-08-29 64512]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$ABBEPCADCZ;SQL Server (ABBEPCADCZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2012-08-15 79872]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2012-08-15 357016]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-08-01 719512]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2012-08-15 435864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 dnWhoDisp;dnWhoDisp; C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe [2008-05-27 70952]
S3 Harmony;Harmony; C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE [2008-05-24 202024]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 108032]
S3 OpcEnum;OpcEnum; C:\Windows\system32\OpcEnum.exe [2005-11-25 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 150648]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-09-21 565672]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1343400]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

-----------------EOF-----------------

Notebook sem svěřil kamarádovi, který říkal, že to z tama zkusí dostat, co všechno s tím dělal netuším, ale dnes mi to vrátil s tím že se mu to nepovedlo a neví už co s tím.


Spybot log:
--- Report generated: 2014-01-04 02:02 ---

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-10-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-11-06 Includes\Adware.sbi (*)
2014-01-03 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-12-23 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-09-17 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-12-11 Includes\TrojansC-02.sbi (*)
2013-12-10 Includes\TrojansC-03.sbi (*)
2014-01-03 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Cf log:
ComboFix 14-01-01.01 - Roman 03.01.2014 21:07:32.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2815.1669 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-03 do 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 20:17 . 2014-01-03 20:17 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-01-03 20:17 . 2014-01-03 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-03 19:37 . 2014-01-03 20:22 -------- d-----w- c:\users\Roman\AppData\Local\temp
2014-01-03 19:04 . 2014-01-03 19:04 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D8489E-E6FB-4C4D-B13C-0A82A9EB8AAC}\offreg.dll
2014-01-03 15:51 . 2014-01-03 16:06 -------- d-----w- C:\AdwCleaner
2014-01-03 14:44 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D8489E-E6FB-4C4D-B13C-0A82A9EB8AAC}\mpengine.dll
2013-12-29 14:44 . 2013-12-29 14:44 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2013-12-29 14:43 . 2013-12-29 14:43 -------- d-----w- c:\programdata\Malwarebytes
2013-12-11 22:26 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 22:26 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 14:48 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 14:48 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 14:48 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 14:48 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 14:48 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 14:48 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 14:48 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 14:48 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 14:48 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 14:48 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 14:48 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-07 08:42 . 2013-12-07 08:42 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-02 21:32 . 2013-12-29 22:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 43392 ----a-w- c:\windows\system32\drivers\winhv.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 61296 ----a-w- c:\windows\system32\drivers\vsock.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 61848 ----a-w- c:\windows\system32\drivers\vmx86.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 5632 ----a-w- c:\windows\system32\drivers\vms3cap.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 40704 ----a-w- c:\windows\system32\drivers\vmstorfl.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 25752 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 37016 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 19608 ----a-w- c:\windows\system32\drivers\vmnet.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 16664 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 71152 ----a-w- c:\windows\system32\drivers\vmci.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 25624 ----a-w- c:\windows\system32\drivers\VMkbd.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 17920 ----a-w- c:\windows\system32\drivers\VMBusHID.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 175360 ----a-w- c:\windows\system32\drivers\vmbus.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-02 21:32 . 2013-12-29 22:33 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 76288 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-02 21:32 . 2013-12-29 22:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-02 21:32 . 2013-12-29 22:33 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-02 21:32 . 2013-12-29 22:33 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 74752 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 53120 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 21504 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 148864 ----a-w- c:\windows\system32\drivers\storport.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 310272 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-02 21:32 . 2013-12-29 22:33 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys.bak
2014-01-02 21:32 . 2013-12-29 22:33 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-31 06:45 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-10-31 4858968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-02 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-08-18 09:56 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-29 15:20 3806544 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 10:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbCipHelper]
2008-05-27 15:17 434176 ----a-w- c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
.
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys [x]
R2 First;First; [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 rak;rak;c:\windows\system32\rakion.sys [2010-03-07 60928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-07-05 39067]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 61296]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-31 770344]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-31 369584]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-31 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-31 66336]
S2 CwIPCSvc;Control Web IPC;c:\program files\Moravian Instruments\Shared\cwsvc.exe [2013-08-29 64512]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MSSQL$ABBEPCADCZ;SQL Server (ABBEPCADCZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-08-01 719512]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 19:02]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 19:02]
.
2014-01-03 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- d:\skola\Matlab\bin\win32\MATLABStartupAccelerator.exe [2012-10-09 03:08]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
LSP: %windir%\system32\vsocklib.dll
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ysk0x51m.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-01-03 21:27:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-03 20:27
ComboFix2.txt 2014-01-03 19:37
.
Před spuštěním: 474 267 648
Po spuštění: 422 961 152
.
- - End Of File - - AF83ED3AB7E12018049C24B7048684D3
A36C5E4F47E84449FF07ED3517B43A31

1)
Tak bohužel předchozí log nemám a CFScript taky ne ... ale do scriptu pry daval jen nějake RegLock


2)
c:\windows\system32\rakion.sys - proveden re-test

https://www.virustotal.com/cs/file/efac ... 388851418/


3)PCHunter report přiložen


4)tdsskiller log - rozdělen kvůli velkému množství znaků

17:43:02.0160 0x0d88 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
17:43:07.0431 0x0d88 ============================================================
17:43:07.0431 0x0d88 Current date / time: 2014/01/04 17:43:07.0431
17:43:07.0431 0x0d88 SystemInfo:
17:43:07.0431 0x0d88
17:43:07.0431 0x0d88 OS Version: 6.1.7601 ServicePack: 1.0
17:43:07.0431 0x0d88 Product type: Workstation
17:43:07.0432 0x0d88 ComputerName: ROMAN-PC
17:43:07.0432 0x0d88 UserName: Roman
17:43:07.0432 0x0d88 Windows directory: C:\Windows
17:43:07.0432 0x0d88 System windows directory: C:\Windows
17:43:07.0432 0x0d88 Processor architecture: Intel x86
17:43:07.0432 0x0d88 Number of processors: 2
17:43:07.0432 0x0d88 Page size: 0x1000
17:43:07.0432 0x0d88 Boot type: Normal boot
17:43:07.0432 0x0d88 ============================================================
17:43:09.0914 0x0d88 KLMD registered as C:\Windows\system32\drivers\33891232.sys
17:43:10.0605 0x0d88 System UUID: {B5CB61B7-34C0-CC35-5335-C72175E18207}
17:43:12.0134 0x0d88 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x23DC4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
17:43:12.0138 0x0d88 ============================================================
17:43:12.0138 0x0d88 \Device\Harddisk0\DR0:
17:43:12.0139 0x0d88 MBR partitions:
17:43:12.0139 0x0d88 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:43:12.0139 0x0d88 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6175800
17:43:12.0139 0x0d88 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x1F286000
17:43:12.0139 0x0d88 ============================================================
17:43:12.0174 0x0d88 C: <-> \Device\Harddisk0\DR0\Partition2
17:43:12.0221 0x0d88 D: <-> \Device\Harddisk0\DR0\Partition3
17:43:12.0222 0x0d88 ============================================================
17:43:12.0222 0x0d88 Initialize success
17:43:12.0223 0x0d88 ============================================================
17:44:34.0204 0x1310 ============================================================
17:44:34.0204 0x1310 Scan started
17:44:34.0204 0x1310 Mode: Manual; SigCheck; TDLFS;
17:44:34.0204 0x1310 ============================================================
17:44:34.0204 0x1310 KSN ping started
17:44:47.0976 0x1310 KSN ping finished: true
17:44:49.0402 0x1310 ================ Scan system memory ========================
17:44:49.0402 0x1310 System memory - ok
17:44:49.0403 0x1310 ================ Scan services =============================
17:44:49.0606 0x1310 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:44:49.0738 0x1310 1394ohci - ok
17:44:49.0920 0x1310 [ 2A5E5246F22530E351C9F3F2C1CD63B9, 4F58884CC9B1B77D6E92CB2B1BAB5976A4E118FDFD19ABA50E3BA62824944117 ] ABBYY.Licensing.FineReader.Professional.9.0 C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
17:44:49.0978 0x1310 ABBYY.Licensing.FineReader.Professional.9.0 - ok
17:44:50.0050 0x1310 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:44:50.0104 0x1310 ACPI - ok
17:44:50.0156 0x1310 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:44:50.0232 0x1310 AcpiPmi - ok
17:44:50.0362 0x1310 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:44:50.0393 0x1310 AdobeARMservice - ok
17:44:50.0452 0x1310 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:44:50.0497 0x1310 adp94xx - ok
17:44:50.0531 0x1310 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:44:50.0558 0x1310 adpahci - ok
17:44:50.0582 0x1310 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:44:50.0603 0x1310 adpu320 - ok
17:44:50.0648 0x1310 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:44:50.0703 0x1310 AeLookupSvc - ok
17:44:50.0818 0x1310 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
17:44:50.0929 0x1310 AFD - ok
17:44:50.0974 0x1310 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:44:51.0005 0x1310 agp440 - ok
17:44:51.0053 0x1310 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:44:51.0072 0x1310 aic78xx - ok
17:44:51.0123 0x1310 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
17:44:51.0169 0x1310 ALG - ok
17:44:51.0199 0x1310 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
17:44:51.0215 0x1310 aliide - ok
17:44:51.0260 0x1310 [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:44:51.0334 0x1310 AMD External Events Utility - ok
17:44:51.0359 0x1310 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:44:51.0390 0x1310 amdagp - ok
17:44:51.0411 0x1310 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
17:44:51.0427 0x1310 amdide - ok
17:44:51.0470 0x1310 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:44:51.0526 0x1310 AmdK8 - ok
17:44:51.0560 0x1310 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:44:51.0617 0x1310 AmdPPM - ok
17:44:51.0664 0x1310 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:44:51.0694 0x1310 amdsata - ok
17:44:51.0725 0x1310 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:44:51.0746 0x1310 amdsbs - ok
17:44:51.0771 0x1310 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:44:51.0787 0x1310 amdxata - ok
17:44:51.0824 0x1310 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
17:44:51.0942 0x1310 AppID - ok
17:44:51.0971 0x1310 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:44:52.0030 0x1310 AppIDSvc - ok
17:44:52.0087 0x1310 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
17:44:52.0150 0x1310 Appinfo - ok
17:44:52.0200 0x1310 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:44:52.0257 0x1310 AppMgmt - ok
17:44:52.0301 0x1310 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:44:52.0328 0x1310 arc - ok
17:44:52.0350 0x1310 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:44:52.0380 0x1310 arcsas - ok
17:44:52.0427 0x1310 [ EB1807795CD3EEAA3288B4A30DE254E8, C9F1FFD9A1EFD0127923DC887A348D943847B69266A66C8655934E515D2ECE03 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
17:44:52.0520 0x1310 ASLDRService - ok
17:44:52.0613 0x1310 [ 39CDCB109BF200CC8A05B9C7E6272D11, A7352D84A492EA25F92D534E03E722DAB1B4D5CC7DB336F9F90CD546565FAB7F ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:44:52.0641 0x1310 aspnet_state - ok
17:44:52.0690 0x1310 [ 7D9088EAB3C1B8A068FC7E4E1B77879B, 21E151EBBFD217EE779527CA2A79F89D8C932BA24D194BC240B91E48F9123233 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:44:52.0716 0x1310 aswFsBlk - ok
17:44:52.0773 0x1310 [ F698E89A6C8476C49278CD5D3A0AAD45, 5E6311D24BC43AA22A7C98D28948F5E046269AC2B3A28307445DE621EB21518A ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:44:52.0791 0x1310 aswMonFlt - ok
17:44:52.0830 0x1310 [ 30402D9D54DF3CA9183678C7ADF77F3F, 2CFA05759DFDA7D093D60E2156CFF84AF2DC86B33F9BCE1EBCA3687C6D5FD3BB ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
17:44:52.0848 0x1310 aswRdr - ok
17:44:52.0920 0x1310 [ 4A98AD4CF303D4416E9BA914216822BB, 0EABB92BC6B9AB28E9D5C5620B3656D1078B3E6796B503C59798C7C862546C26 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:44:52.0950 0x1310 aswRvrt - ok
17:44:52.0998 0x1310 [ 0BE94F7E943A3DEA83B32937218ABCAB, 2960607DED8DB341112BBEB78A212E23075F5E01872E95F1F34BB19A996988D8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:44:53.0065 0x1310 aswSnx - ok
17:44:53.0106 0x1310 [ B2D7E7DF02C5A86465F988BE9BF33EAB, 401C316A1F520F52512CCBFF08C82F5C6F963AB9C7A08D0347ADE33DD33998D2 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:44:53.0150 0x1310 aswSP - ok
17:44:53.0185 0x1310 [ AEE20B454E1982AFC1BF81B41E143BF7, 05981E79B38F8E6FE3AA95CC1F64EFB7B389B027749F6324ECA615F81CB5BC16 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:44:53.0217 0x1310 aswTdi - ok
17:44:53.0264 0x1310 [ 101157826C32D0759D8F53950BE891AF, EF5D969EF6CB97B26D801AAC4D43AF9AB3C29CB0FECDF0333A04697CD8A505E9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:44:53.0288 0x1310 aswVmm - ok
17:44:53.0312 0x1310 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:44:53.0419 0x1310 AsyncMac - ok
17:44:53.0451 0x1310 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
17:44:53.0471 0x1310 atapi - ok
17:44:53.0562 0x1310 [ B01751CC563AECAC09BBE36AAA21FBEF, 453CAED322CC13155D3BD1F5BF9ABC9FA7F74D9C17E712DAEC63E9518F0E9229 ] athr C:\Windows\system32\DRIVERS\athr.sys
17:44:53.0692 0x1310 athr - ok
17:44:53.0772 0x1310 [ 7B4342936A3885CFE18E5D1DF6D55BC5, 200640AD0FBCD2A39BE5E7F7C97868A1CB20E8F57F8086C48DAE3ED0CF9153D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
17:44:53.0790 0x1310 AtiHDAudioService - ok
17:44:54.0065 0x1310 [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:44:54.0413 0x1310 atikmdag - ok
17:44:54.0510 0x1310 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:44:54.0582 0x1310 AudioEndpointBuilder - ok
17:44:54.0632 0x1310 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:44:54.0682 0x1310 Audiosrv - ok
17:44:54.0779 0x1310 [ 2B243715E7697E5AAA858CEB6AF680BC, 01F2C1908DF9A0F197955530D3FA25B9D5A15DE3AEE2115A9C01EACCEFC650DC ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:44:54.0808 0x1310 avast! Antivirus - ok
17:44:54.0856 0x1310 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:44:54.0914 0x1310 AxInstSV - ok
17:44:54.0983 0x1310 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:44:55.0069 0x1310 b06bdrv - ok
17:44:55.0125 0x1310 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:44:55.0163 0x1310 b57nd60x - ok
17:44:55.0210 0x1310 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
17:44:55.0251 0x1310 BDESVC - ok
17:44:55.0283 0x1310 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
17:44:55.0328 0x1310 Beep - ok
17:44:55.0403 0x1310 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
17:44:55.0465 0x1310 BFE - ok
17:44:55.0536 0x1310 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
17:44:55.0596 0x1310 BITS - ok
17:44:55.0618 0x1310 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:44:55.0650 0x1310 blbdrive - ok
17:44:55.0692 0x1310 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:44:55.0756 0x1310 bowser - ok
17:44:55.0789 0x1310 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:44:55.0854 0x1310 BrFiltLo - ok
17:44:55.0872 0x1310 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:44:55.0927 0x1310 BrFiltUp - ok
17:44:55.0988 0x1310 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:44:56.0051 0x1310 BridgeMP - ok
17:44:56.0091 0x1310 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
17:44:56.0124 0x1310 Browser - ok
17:44:56.0157 0x1310 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:44:56.0207 0x1310 Brserid - ok
17:44:56.0239 0x1310 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:44:56.0275 0x1310 BrSerWdm - ok
17:44:56.0301 0x1310 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:44:56.0340 0x1310 BrUsbMdm - ok
17:44:56.0366 0x1310 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:44:56.0406 0x1310 BrUsbSer - ok
17:44:56.0453 0x1310 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:44:56.0591 0x1310 BthEnum - ok
17:44:56.0617 0x1310 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:44:56.0649 0x1310 BTHMODEM - ok
17:44:56.0690 0x1310 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:44:56.0720 0x1310 BthPan - ok
17:44:56.0779 0x1310 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:44:56.0844 0x1310 BTHPORT - ok
17:44:56.0893 0x1310 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
17:44:56.0975 0x1310 bthserv - ok
17:44:57.0006 0x1310 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:44:57.0053 0x1310 BTHUSB - ok
17:44:57.0194 0x1310 catchme - ok
17:44:57.0231 0x1310 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:44:57.0311 0x1310 cdfs - ok
17:44:57.0380 0x1310 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:44:57.0430 0x1310 cdrom - ok
17:44:57.0491 0x1310 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
17:44:57.0545 0x1310 CertPropSvc - ok
17:44:57.0590 0x1310 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:44:57.0638 0x1310 circlass - ok
17:44:57.0679 0x1310 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
17:44:57.0705 0x1310 CLFS - ok
17:44:57.0759 0x1310 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:44:57.0785 0x1310 clr_optimization_v2.0.50727_32 - ok
17:44:57.0896 0x1310 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:44:57.0930 0x1310 clr_optimization_v4.0.30319_32 - ok
17:44:57.0974 0x1310 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:44:58.0006 0x1310 CmBatt - ok
17:44:58.0036 0x1310 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:44:58.0052 0x1310 cmdide - ok
17:44:58.0118 0x1310 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
17:44:58.0165 0x1310 CNG - ok
17:44:58.0187 0x1310 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:44:58.0208 0x1310 Compbatt - ok
17:44:58.0245 0x1310 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:44:58.0286 0x1310 CompositeBus - ok
17:44:58.0311 0x1310 COMSysApp - ok
17:44:58.0343 0x1310 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:44:58.0359 0x1310 crcdisk - ok
17:44:58.0414 0x1310 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:44:58.0461 0x1310 CryptSvc - ok
17:44:58.0525 0x1310 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
17:44:58.0623 0x1310 CSC - ok
17:44:58.0709 0x1310 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
17:44:58.0757 0x1310 CscService - ok
17:44:58.0797 0x1310 [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
17:44:58.0833 0x1310 CVirtA - ok
17:44:59.0008 0x1310 [ 30443EEF52F5FB043654859EAA8E5247, 887ED8C4FE2259542E05A17973FE1549B636DA2C6888CC3A66F97D7D2600DC49 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:44:59.0091 0x1310 CVPND - ok
17:44:59.0146 0x1310 [ CB90B2762B1A1D0B40496400C55B6ADE, 7A8D86B223FD8A2C4A75AD0849041D56255277D491387C613E62BC76E6730F06 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
17:44:59.0193 0x1310 CVPNDRVA - detected UnsignedFile.Multi.Generic ( 1 )
17:45:01.0904 0x1310 Detect skipped due to KSN trusted
17:45:01.0904 0x1310 CVPNDRVA - ok
17:45:02.0246 0x1310 [ F46B871C089B955345E601E61DDE454D, DD42C6BF05AB8612520CDB4AA8C1501EF07FA137D7E831C8EC68A8BBD92BB644 ] CwIPCSvc C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
17:45:02.0279 0x1310 CwIPCSvc - detected UnsignedFile.Multi.Generic ( 1 )
17:45:05.0158 0x1310 CwIPCSvc ( UnsignedFile.Multi.Generic ) - warning
17:45:08.0182 0x1310 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
17:45:08.0255 0x1310 DcomLaunch - ok
17:45:08.0295 0x1310 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
17:45:08.0348 0x1310 defragsvc - ok
17:45:08.0403 0x1310 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:45:08.0452 0x1310 DfsC - ok
17:45:08.0531 0x1310 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:45:08.0593 0x1310 Dhcp - ok
17:45:08.0624 0x1310 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
17:45:08.0676 0x1310 discache - ok
17:45:08.0710 0x1310 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:45:08.0732 0x1310 Disk - ok
17:45:08.0783 0x1310 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144, 14C147B79786C5DCEC54AF191E8815D871906E30DE90B00C7929F0E6CC025E6A ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
17:45:08.0803 0x1310 DNE - ok
17:45:08.0864 0x1310 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:45:08.0896 0x1310 Dnscache - ok
17:45:08.0981 0x1310 [ 956C815FBA2DD1046D2CEB04ABBBDE0D, 66668DCAD3777A3D753715A05F84783503ED07A41FB5D28B10BD13CDE0CCE1DF ] dnWhoDisp C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
17:45:09.0005 0x1310 dnWhoDisp - ok
17:45:09.0043 0x1310 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
17:45:09.0109 0x1310 dot3svc - ok
17:45:09.0176 0x1310 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
17:45:09.0252 0x1310 DPS - ok
17:45:09.0307 0x1310 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:45:09.0356 0x1310 drmkaud - ok
17:45:09.0445 0x1310 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:45:09.0530 0x1310 DXGKrnl - ok
17:45:09.0583 0x1310 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
17:45:09.0649 0x1310 EapHost - ok
17:45:09.0833 0x1310 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:45:10.0082 0x1310 ebdrv - ok
17:45:10.0127 0x1310 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe
17:45:10.0172 0x1310 EFS - ok
17:45:10.0263 0x1310 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:45:10.0330 0x1310 ehRecvr - ok
17:45:10.0369 0x1310 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
17:45:10.0404 0x1310 ehSched - ok
17:45:10.0456 0x1310 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:45:10.0507 0x1310 elxstor - ok
17:45:10.0540 0x1310 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:45:10.0569 0x1310 ErrDev - ok
17:45:10.0637 0x1310 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
17:45:10.0697 0x1310 EventSystem - ok
17:45:10.0740 0x1310 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A, EBF4A9DCEF2913095BDDACC64D02925B30CC1D779D21D31A1C3B59532D1C97E3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
17:45:10.0769 0x1310 ewusbnet - ok
17:45:10.0796 0x1310 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
17:45:10.0857 0x1310 exfat - ok
17:45:10.0879 0x1310 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:45:10.0935 0x1310 fastfat - ok
17:45:11.0012 0x1310 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
17:45:11.0086 0x1310 Fax - ok
17:45:11.0119 0x1310 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:45:11.0151 0x1310 fdc - ok
17:45:11.0179 0x1310 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
17:45:11.0251 0x1310 fdPHost - ok
17:45:11.0272 0x1310 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
17:45:11.0338 0x1310 FDResPub - ok
17:45:11.0370 0x1310 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:45:11.0393 0x1310 FileInfo - ok
17:45:11.0437 0x1310 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:45:11.0485 0x1310 Filetrace - ok
17:45:11.0517 0x1310 First - ok
17:45:11.0546 0x1310 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:45:11.0574 0x1310 flpydisk - ok
17:45:11.0614 0x1310 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:45:11.0642 0x1310 FltMgr - ok
17:45:11.0721 0x1310 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
17:45:11.0809 0x1310 FontCache - ok
17:45:11.0889 0x1310 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:45:11.0915 0x1310 FontCache3.0.0.0 - ok
17:45:11.0945 0x1310 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:45:11.0963 0x1310 FsDepends - ok
17:45:11.0999 0x1310 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:45:12.0027 0x1310 Fs_Rec - ok
17:45:12.0069 0x1310 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:45:12.0096 0x1310 fvevol - ok
17:45:12.0127 0x1310 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:45:12.0155 0x1310 gagp30kx - ok
17:45:12.0216 0x1310 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
17:45:12.0290 0x1310 gpsvc - ok
17:45:12.0357 0x1310 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:45:12.0382 0x1310 hamachi - ok
17:45:12.0574 0x1310 [ D0C526C8D8F165643B4A796FC4D870AE, 3BE2A175A302E6CD751A1A9A39DBECC5CE074E082A92D129DA56DAF77C0C6146 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:45:12.0644 0x1310 Hamachi2Svc - ok
17:45:12.0746 0x1310 [ D08C885A038EB288F90196D30442118B, BD1803131E3A4B91B374950F199EDADB574CE3A0C196D33C5D6BA2AC1FB7F686 ] Harmony C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
17:45:12.0785 0x1310 Harmony - ok
17:45:12.0854 0x1310 [ 7898E20A298105CC3EA1A7BAA695ACFC, 25A1C0B4DD2294966B1FB6F2D2F42628D4EA07C4A4CA5B8C742CCA3E6442254B ] hcmon C:\Windows\system32\drivers\hcmon.sys
17:45:12.0871 0x1310 hcmon - ok
17:45:12.0908 0x1310 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:45:12.0939 0x1310 hcw85cir - ok
17:45:13.0012 0x1310 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:45:13.0096 0x1310 HdAudAddService - ok
17:45:13.0126 0x1310 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:45:13.0172 0x1310 HDAudBus - ok
17:45:13.0202 0x1310 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:45:13.0235 0x1310 HidBatt - ok
17:45:13.0252 0x1310 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:45:13.0283 0x1310 HidBth - ok
17:45:13.0309 0x1310 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:45:13.0349 0x1310 HidIr - ok
17:45:13.0395 0x1310 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
17:45:13.0478 0x1310 hidserv - ok
17:45:13.0540 0x1310 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:45:13.0588 0x1310 HidUsb - ok
17:45:13.0634 0x1310 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
17:45:13.0688 0x1310 hkmsvc - ok
17:45:13.0738 0x1310 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:45:13.0794 0x1310 HomeGroupListener - ok
17:45:13.0832 0x1310 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:45:13.0870 0x1310 HomeGroupProvider - ok
17:45:13.0924 0x1310 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:45:13.0942 0x1310 HpSAMD - ok
17:45:14.0025 0x1310 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:45:14.0134 0x1310 HTTP - ok
17:45:14.0181 0x1310 [ 92CA47DA32009CCC00A5ADED04ABBD78, 2159A632B9C519D94180A2EED24AB8A91BE8717F0C13BEC916CF4F70E4DB5D47 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:45:14.0220 0x1310 hwdatacard - ok
17:45:14.0246 0x1310 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:45:14.0262 0x1310 hwpolicy - ok
17:45:14.0309 0x1310 [ 089085538885367E281686762A973EB5, 9D54E822C6A792A838C5620AE88ECBA5657B33589DF071F99E0E97DC277B24EA ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
17:45:14.0335 0x1310 hwusbfake - ok
17:45:14.0373 0x1310 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:45:14.0421 0x1310 i8042prt - ok
17:45:14.0501 0x1310 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:45:14.0543 0x1310 iaStorV - ok
17:45:14.0594 0x1310 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:45:14.0625 0x1310 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
17:45:17.0341 0x1310 Detect skipped due to KSN trusted
17:45:17.0341 0x1310 IDriverT - ok
17:45:17.0673 0x1310 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:45:17.0753 0x1310 idsvc - ok
17:45:17.0807 0x1310 IEEtwCollectorService - ok
17:45:17.0858 0x1310 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:45:17.0885 0x1310 iirsp - ok
17:45:17.0949 0x1310 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
17:45:18.0014 0x1310 IKEEXT - ok
17:45:18.0055 0x1310 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
17:45:18.0071 0x1310 intelide - ok
17:45:18.0097 0x1310 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:45:18.0130 0x1310 intelppm - ok
17:45:18.0173 0x1310 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:45:18.0229 0x1310 IPBusEnum - ok
17:45:18.0249 0x1310 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:45:18.0297 0x1310 IpFilterDriver - ok
17:45:18.0367 0x1310 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:45:18.0432 0x1310 iphlpsvc - ok
17:45:18.0479 0x1310 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:45:18.0523 0x1310 IPMIDRV - ok
17:45:18.0555 0x1310 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:45:18.0605 0x1310 IPNAT - ok
17:45:18.0659 0x1310 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:45:18.0720 0x1310 IRENUM - ok
17:45:18.0750 0x1310 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:45:18.0768 0x1310 isapnp - ok
17:45:18.0795 0x1310 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:45:18.0822 0x1310 iScsiPrt - ok
17:45:18.0887 0x1310 [ BF71A06FF065E3FD7E32EA67DCA34885, F57F08C2154E01B165CDED777BEF44DE94228128FD8CB1375A025BB0B85F8C28 ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
17:45:18.0920 0x1310 ISODrive - detected UnsignedFile.Multi.Generic ( 1 )
17:45:21.0636 0x1310 Detect skipped due to KSN trusted
17:45:21.0636 0x1310 ISODrive - ok
17:45:21.0917 0x1310 [ FE8300320281D658A7854D5CFC02A63F, E57978A0F3DE8D142291C659483C62A02CADAACF4A5C834292C9216C2255AE97 ] k750bus C:\Windows\system32\DRIVERS\k750bus.sys
17:45:21.0957 0x1310 k750bus - ok
17:45:21.0992 0x1310 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:45:22.0010 0x1310 kbdclass - ok
17:45:22.0046 0x1310 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:45:22.0095 0x1310 kbdhid - ok
17:45:22.0124 0x1310 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe
17:45:22.0149 0x1310 KeyIso - ok
17:45:22.0187 0x1310 [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:45:22.0205 0x1310 KSecDD - ok
17:45:22.0234 0x1310 [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:45:22.0256 0x1310 KSecPkg - ok
17:45:22.0315 0x1310 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:45:22.0394 0x1310 KtmRm - ok
17:45:22.0431 0x1310 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:45:22.0479 0x1310 LanmanServer - ok
17:45:22.0515 0x1310 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:45:22.0567 0x1310 LanmanWorkstation - ok
17:45:22.0627 0x1310 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:45:22.0681 0x1310 lltdio - ok
17:45:22.0715 0x1310 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:45:22.0773 0x1310 lltdsvc - ok
17:45:22.0796 0x1310 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:45:22.0862 0x1310 lmhosts - ok
17:45:22.0943 0x1310 [ E7BF96BC4C766C2A30D0733CBFEEC438, D07569A6719E992DDB312F0FFD77A14CF52F61D97DC041278F8F2D7D55DE1B25 ] LMIGuardianSvc C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
17:45:22.0971 0x1310 LMIGuardianSvc - ok
17:45:22.0994 0x1310 lmimirr - ok
17:45:23.0047 0x1310 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:45:23.0077 0x1310 LSI_FC - ok
17:45:23.0102 0x1310 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:45:23.0121 0x1310 LSI_SAS - ok
17:45:23.0142 0x1310 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:45:23.0161 0x1310 LSI_SAS2 - ok
17:45:23.0181 0x1310 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:45:23.0201 0x1310 LSI_SCSI - ok
17:45:23.0234 0x1310 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
17:45:23.0294 0x1310 luafv - ok
17:45:23.0323 0x1310 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:45:23.0346 0x1310 Mcx2Svc - ok
17:45:23.0423 0x1310 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:45:23.0450 0x1310 MDM - ok
17:45:23.0477 0x1310 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:45:23.0494 0x1310 megasas - ok
17:45:23.0534 0x1310 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:45:23.0561 0x1310 MegaSR - ok
17:45:23.0589 0x1310 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
17:45:23.0649 0x1310 MMCSS - ok
17:45:23.0667 0x1310 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
17:45:23.0705 0x1310 Modem - ok
17:45:23.0745 0x1310 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:45:23.0777 0x1310 monitor - ok
17:45:23.0830 0x1310 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:45:23.0848 0x1310 mouclass - ok
17:45:23.0862 0x1310 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:45:23.0896 0x1310 mouhid - ok
17:45:23.0943 0x1310 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:45:23.0962 0x1310 mountmgr - ok
17:45:24.0009 0x1310 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
17:45:24.0046 0x1310 mpio - ok
17:45:24.0076 0x1310 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:45:24.0122 0x1310 mpsdrv - ok
17:45:24.0178 0x1310 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:45:24.0256 0x1310 MpsSvc - ok
17:45:24.0300 0x1310 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:45:24.0348 0x1310 MRxDAV - ok
17:45:24.0384 0x1310 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:24.0435 0x1310 mrxsmb - ok
17:45:24.0490 0x1310 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:24.0531 0x1310 mrxsmb10 - ok
17:45:24.0556 0x1310 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:24.0596 0x1310 mrxsmb20 - ok
17:45:24.0630 0x1310 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
17:45:24.0647 0x1310 msahci - ok
17:45:24.0674 0x1310 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:45:24.0768 0x1310 msdsm - ok
17:45:24.0797 0x1310 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
17:45:24.0832 0x1310 MSDTC - ok
17:45:24.0894 0x1310 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:45:24.0956 0x1310 Msfs - ok
17:45:24.0981 0x1310 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:45:25.0053 0x1310 mshidkmdf - ok
17:45:25.0083 0x1310 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:45:25.0111 0x1310 msisadrv - ok
17:45:25.0142 0x1310 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:45:25.0191 0x1310 MSiSCSI - ok
17:45:25.0201 0x1310 msiserver - ok
17:45:25.0260 0x1310 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:45:25.0324 0x1310 MSKSSRV - ok
17:45:25.0358 0x1310 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:45:25.0430 0x1310 MSPCLOCK - ok
17:45:25.0453 0x1310 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:45:25.0504 0x1310 MSPQM - ok
17:45:25.0530 0x1310 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:45:25.0553 0x1310 MsRPC - ok
17:45:25.0595 0x1310 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:45:25.0612 0x1310 mssmbios - ok
17:45:25.0694 0x1310 MSSQL$ABBEPCADCZ - ok
17:45:25.0930 0x1310 [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:45:26.0001 0x1310 MSSQLServerADHelper - ok
17:45:26.0036 0x1310 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:45:26.0072 0x1310 MSTEE - ok
17:45:26.0087 0x1310 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:45:26.0120 0x1310 MTConfig - ok
17:45:26.0171 0x1310 [ 97AFFA9D95FFE20EEE6229BC6BE166CF, 6E13230AF96A3A5C518EFA21B9B1833E3DE9D6DA05A6E664E305EF18B162E1B9 ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
17:45:26.0205 0x1310 MTsensor - ok
17:45:26.0235 0x1310 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
17:45:26.0254 0x1310 Mup - ok
17:45:26.0301 0x1310 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
17:45:26.0404 0x1310 napagent - ok
17:45:26.0443 0x1310 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:45:26.0513 0x1310 NativeWifiP - ok
17:45:26.0613 0x1310 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:45:26.0673 0x1310 NDIS - ok
17:45:26.0712 0x1310 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:45:26.0767 0x1310 NdisCap - ok
17:45:26.0800 0x1310 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:26.0860 0x1310 NdisTapi - ok
17:45:26.0919 0x1310 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:26.0984 0x1310 Ndisuio - ok
17:45:27.0021 0x1310 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:27.0079 0x1310 NdisWan - ok
17:45:27.0101 0x1310 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:45:27.0137 0x1310 NDProxy - ok
17:45:27.0178 0x1310 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:45:27.0251 0x1310 NetBIOS - ok
17:45:27.0309 0x1310 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:45:27.0377 0x1310 NetBT - ok
17:45:27.0408 0x1310 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe
17:45:27.0444 0x1310 Netlogon - ok
17:45:27.0499 0x1310 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
17:45:27.0554 0x1310 Netman - ok
17:45:27.0584 0x1310 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
17:45:27.0643 0x1310 netprofm - ok
17:45:27.0695 0x1310 [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:45:27.0725 0x1310 NetTcpPortSharing - ok
17:45:27.0763 0x1310 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:45:27.0781 0x1310 nfrd960 - ok
17:45:27.0836 0x1310 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:45:27.0881 0x1310 NlaSvc - ok
17:45:27.0904 0x1310 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:45:27.0951 0x1310 Npfs - ok
17:45:27.0976 0x1310 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
17:45:28.0016 0x1310 nsi - ok
17:45:28.0027 0x1310 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:45:28.0072 0x1310 nsiproxy - ok
17:45:28.0162 0x1310 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:45:28.0249 0x1310 Ntfs - ok
17:45:28.0291 0x1310 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
17:45:28.0334 0x1310 Null - ok
17:45:28.0390 0x1310 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:45:28.0419 0x1310 nvraid - ok
17:45:28.0460 0x1310 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:45:28.0482 0x1310 nvstor - ok
17:45:28.0505 0x1310 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:45:28.0527 0x1310 nv_agp - ok
17:45:28.0561 0x1310 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:45:28.0605 0x1310 ohci1394 - ok
17:45:28.0656 0x1310 [ A12B32FB9E4C88998997E61DB4A07670, 075CCCF2DB345BEF41387856D4EED2779EBE6E3AA6635FE55F5AB75800755932 ] OpcEnum C:\Windows\system32\OpcEnum.exe
17:45:28.0688 0x1310 OpcEnum - detected UnsignedFile.Multi.Generic ( 1 )
17:45:31.0402 0x1310 Detect skipped due to KSN trusted
17:45:31.0402 0x1310 OpcEnum - ok
17:45:31.0699 0x1310 [ 2B8E4C792BED0E5882702720BC528AE5, 6D7CB027BC6014CB268C49B46049CDFF3BA94D07102A65BD053335A28E83D125 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:45:31.0723 0x1310 ose - ok
17:45:32.0050 0x1310 [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:45:32.0351 0x1310 osppsvc - ok
17:45:32.0442 0x1310 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:45:32.0503 0x1310 p2pimsvc - ok
17:45:32.0553 0x1310 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
17:45:32.0618 0x1310 p2psvc - ok
17:45:32.0661 0x1310 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:45:32.0695 0x1310 Parport - ok
17:45:32.0742 0x1310 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:45:32.0771 0x1310 partmgr - ok
17:45:32.0789 0x1310 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:45:32.0824 0x1310 Parvdm - ok
17:45:32.0859 0x1310 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:45:32.0895 0x1310 PcaSvc - ok
17:45:32.0937 0x1310 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
17:45:32.0959 0x1310 pci - ok
17:45:33.0005 0x1310 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
17:45:33.0034 0x1310 pciide - ok
17:45:33.0062 0x1310 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:45:33.0088 0x1310 pcmcia - ok
17:45:33.0102 0x1310 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
17:45:33.0120 0x1310 pcw - ok
17:45:33.0165 0x1310 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:45:33.0274 0x1310 PEAUTH - ok
17:45:33.0349 0x1310 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:45:33.0453 0x1310 PeerDistSvc - ok
17:45:33.0577 0x1310 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
17:45:33.0729 0x1310 pla - ok
17:45:33.0805 0x1310 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:45:33.0860 0x1310 PlugPlay - ok
17:45:33.0883 0x1310 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:45:33.0914 0x1310 PNRPAutoReg - ok
17:45:33.0943 0x1310 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:45:33.0974 0x1310 PNRPsvc - ok
17:45:34.0044 0x1310 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:45:34.0131 0x1310 PolicyAgent - ok
17:45:34.0180 0x1310 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
17:45:34.0235 0x1310 Power - ok
17:45:34.0275 0x1310 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:45:34.0319 0x1310 PptpMiniport - ok
17:45:34.0351 0x1310 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:45:34.0385 0x1310 Processor - ok
17:45:34.0447 0x1310 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:45:34.0501 0x1310 ProfSvc - ok
17:45:34.0520 0x1310 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:45:34.0552 0x1310 ProtectedStorage - ok
17:45:34.0604 0x1310 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:45:34.0645 0x1310 Psched - ok
17:45:34.0741 0x1310 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:45:34.0856 0x1310 ql2300 - ok
17:45:34.0896 0x1310 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:45:34.0923 0x1310 ql40xx - ok
17:45:34.0979 0x1310 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
17:45:35.0079 0x1310 QWAVE - ok
17:45:35.0101 0x1310 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:45:35.0131 0x1310 QWAVEdrv - ok
17:45:35.0180 0x1310 [ 5805322E2E4212D0BEF79DAD873F38BC, EFAC2CDECF0045B2917FD80524774CD2D21BD834C9B41B40D8C24D54B1EC53D7 ] rak C:\Windows\system32\rakion.sys
17:45:35.0217 0x1310 rak - detected UnsignedFile.Multi.Generic ( 1 )
17:45:37.0929 0x1310 rak ( UnsignedFile.Multi.Generic ) - warning
17:45:40.0878 0x1310 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:45:41.0016 0x1310 RasAcd - ok
17:45:41.0067 0x1310 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:45:41.0130 0x1310 RasAgileVpn - ok
17:45:41.0165 0x1310 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
17:45:41.0207 0x1310 RasAuto - ok
17:45:41.0247 0x1310 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:41.0316 0x1310 Rasl2tp - ok
17:45:41.0368 0x1310 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
17:45:41.0446 0x1310 RasMan - ok
17:45:41.0467 0x1310 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:41.0507 0x1310 RasPppoe - ok
17:45:41.0531 0x1310 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:45:41.0590 0x1310 RasSstp - ok
17:45:41.0640 0x1310 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:45:41.0706 0x1310 rdbss - ok
17:45:41.0745 0x1310 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:45:41.0783 0x1310 rdpbus - ok
17:45:41.0830 0x1310 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:41.0891 0x1310 RDPCDD - ok
17:45:41.0931 0x1310 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:45:41.0991 0x1310 RDPDR - ok
17:45:42.0030 0x1310 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:45:42.0078 0x1310 RDPENCDD - ok
17:45:42.0108 0x1310 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:45:42.0145 0x1310 RDPREFMP - ok
17:45:42.0236 0x1310 [ 68A0387F58E226DEEE23D9715955572A, F95BB1D2BB3E79AF47B1C715BB5E3003EEF888AAA963F46F4A2FE8AFBD4F37A4 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:45:42.0277 0x1310 RdpVideoMiniport - ok
17:45:42.0330 0x1310 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:45:42.0391 0x1310 RDPWD - ok
17:45:42.0435 0x1310 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:45:42.0459 0x1310 rdyboost - ok
17:45:42.0499 0x1310 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:45:42.0552 0x1310 RemoteAccess - ok
17:45:42.0595 0x1310 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:45:42.0666 0x1310 RemoteRegistry - ok
17:45:42.0705 0x1310 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:45:42.0751 0x1310 RFCOMM - ok
17:45:42.0782 0x1310 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:45:42.0829 0x1310 RpcEptMapper - ok
17:45:42.0856 0x1310 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
17:45:42.0900 0x1310 RpcLocator - ok
17:45:42.0935 0x1310 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
17:45:42.0987 0x1310 RpcSs - ok
17:45:43.0045 0x1310 [ 2AF65117091A47732F0997330E3DAAE6, 8879660DFA89DCEF1018F164C8E2D070E33172B832565C11A7B271229B4BE379 ] RsiKtControl C:\Windows\system32\RSIKT.SYS
17:45:43.0078 0x1310 RsiKtControl - detected UnsignedFile.Multi.Generic ( 1 )
17:45:45.0801 0x1310 Detect skipped due to KSN trusted
17:45:45.0802 0x1310 RsiKtControl - ok
17:45:46.0089 0x1310 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:45:46.0154 0x1310 rspndr - ok
17:45:46.0183 0x1310 [ B089419975668E2A701178032D652A24, 6A45829A063797B8D6500B0ECD9B35FC45070A8E82D4CE98631FE1BA84B46168 ] RSSERIAL C:\Windows\SYSTEM32\RSSERIAL.SYS
17:45:46.0220 0x1310 RSSERIAL - detected UnsignedFile.Multi.Generic ( 1 )
17:45:56.0222 0x1310 RSSERIAL ( UnsignedFile.Multi.Generic ) - warning
17:46:02.0281 0x1310 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:46:02.0335 0x1310 RTL8167 - ok
17:46:02.0368 0x1310 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:46:02.0399 0x1310 s3cap - ok
17:46:02.0424 0x1310 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs C:\Windows\system32\lsass.exe
17:46:02.0456 0x1310 SamSs - ok
17:46:02.0492 0x1310 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:46:02.0516 0x1310 sbp2port - ok
17:46:02.0581 0x1310 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:46:02.0660 0x1310 SCardSvr - ok
17:46:02.0696 0x1310 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:46:02.0741 0x1310 scfilter - ok
17:46:02.0831 0x1310 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
17:46:02.0926 0x1310 Schedule - ok
17:46:02.0968 0x1310 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:46:03.0022 0x1310 SCPolicySvc - ok
17:46:03.0069 0x1310 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:46:03.0125 0x1310 SDRSVC - ok
17:46:03.0151 0x1310 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:46:03.0196 0x1310 secdrv - ok
17:46:03.0221 0x1310 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
17:46:03.0280 0x1310 seclogon - ok
17:46:03.0296 0x1310 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
17:46:03.0356 0x1310 SENS - ok
17:46:03.0389 0x1310 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:46:03.0435 0x1310 SensrSvc - ok
17:46:03.0470 0x1310 [ 8B80A722CCE8E16F495FCAEB43D863D1, 37C3AE191E76E5DE4EB789A4ED1C7837F9BD13FABD370B6E403D89664DE87F85 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
17:46:03.0490 0x1310 Ser2pl - ok
17:46:03.0518 0x1310 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:46:03.0544 0x1310 Serenum - ok
17:46:03.0568 0x1310 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:46:03.0592 0x1310 Serial - ok
17:46:03.0608 0x1310 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:46:03.0645 0x1310 sermouse - ok
17:46:03.0699 0x1310 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
17:46:03.0745 0x1310 SessionEnv - ok
17:46:03.0782 0x1310 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:46:03.0835 0x1310 sffdisk - ok
17:46:03.0864 0x1310 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:46:03.0912 0x1310 sffp_mmc - ok
17:46:03.0941 0x1310 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:46:04.0004 0x1310 sffp_sd - ok
17:46:04.0039 0x1310 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:46:04.0071 0x1310 sfloppy - ok
17:46:04.0118 0x1310 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:46:04.0182 0x1310 SharedAccess - ok
17:46:04.0209 0x1310 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:46:04.0271 0x1310 ShellHWDetection - ok
17:46:04.0319 0x1310 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:46:04.0339 0x1310 sisagp - ok
17:46:04.0525 0x1310 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:46:04.0591 0x1310 SiSRaid2 - ok
17:46:04.0732 0x1310 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:46:04.0767 0x1310 SiSRaid4 - ok
17:46:04.0849 0x1310 [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:46:04.0884 0x1310 SkypeUpdate - ok
17:46:04.0918 0x1310 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:46:04.0958 0x1310 Smb - ok
17:46:05.0008 0x1310 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:46:05.0032 0x1310 SNMPTRAP - ok
17:46:05.0061 0x1310 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
17:46:05.0078 0x1310 spldr - ok
17:46:05.0121 0x1310 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
17:46:05.0178 0x1310 Spooler - ok
17:46:05.0362 0x1310 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
17:46:05.0615 0x1310 sppsvc - ok
17:46:05.0675 0x1310 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:46:05.0734 0x1310 sppuinotify - ok
17:46:05.0783 0x1310 [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:46:05.0803 0x1310 SQLBrowser - ok
17:46:05.0846 0x1310 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:46:05.0862 0x1310 SQLWriter - ok
17:46:05.0911 0x1310 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:46:05.0962 0x1310 srv - ok
17:46:05.0999 0x1310 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:46:06.0033 0x1310 srv2 - ok
17:46:06.0054 0x1310 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:46:06.0092 0x1310 srvnet - ok
17:46:06.0137 0x1310 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:46:06.0188 0x1310 SSDPSRV - ok
17:46:06.0216 0x1310 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:46:06.0270 0x1310 SstpSvc - ok
17:46:06.0340 0x1310 [ 792C6BB1F02C528095EC349DAAF4C880, 8BB32B0AD7048B4667ACF2D11F63E37D63DFB508AC515FFE825AECADA0F8FD7A ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
17:46:06.0390 0x1310 Steam Client Service - ok
17:46:06.0433 0x1310 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:46:06.0451 0x1310 stexstor - ok
17:46:06.0521 0x1310 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
17:46:06.0610 0x1310 StiSvc - ok
17:46:06.0653 0x1310 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:46:06.0671 0x1310 storflt - ok
17:46:06.0703 0x1310 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:46:06.0872 0x1310 storvsc - ok
17:46:06.0914 0x1310 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
17:46:06.0932 0x1310 swenum - ok
17:46:06.0971 0x1310 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
17:46:07.0049 0x1310 swprv - ok
17:46:07.0086 0x1310 Synth3dVsc - ok
17:46:07.0194 0x1310 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
17:46:07.0265 0x1310 SysMain - ok
17:46:07.0314 0x1310 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
17:46:07.0357 0x1310 TabletInputService - ok
17:46:07.0398 0x1310 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
17:46:07.0453 0x1310 TapiSrv - ok
17:46:07.0494 0x1310 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
17:46:07.0540 0x1310 TBS - ok
17:46:07.0639 0x1310 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:46:07.0757 0x1310 Tcpip - ok
17:46:07.0849 0x1310 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:46:07.0911 0x1310 TCPIP6 - ok
17:46:07.0974 0x1310 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:46:08.0024 0x1310 tcpipreg - ok
17:46:08.0069 0x1310 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:46:08.0102 0x1310 TDPIPE - ok
17:46:08.0123 0x1310 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:46:08.0142 0x1310 TDTCP - ok
17:46:08.0171 0x1310 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:46:08.0228 0x1310 tdx - ok
17:46:08.0247 0x1310 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:46:08.0265 0x1310 TermDD - ok
17:46:08.0337 0x1310 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
17:46:08.0428 0x1310 TermService - ok
17:46:08.0455 0x1310 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
17:46:08.0496 0x1310 Themes - ok
17:46:08.0520 0x1310 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
17:46:08.0572 0x1310 THREADORDER - ok
17:46:08.0596 0x1310 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
17:46:08.0648 0x1310 TrkWks - ok
17:46:08.0731 0x1310 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:46:08.0787 0x1310 TrustedInstaller - ok
17:46:08.0840 0x1310 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:46:08.0860 0x1310 tssecsrv - ok
17:46:08.0917 0x1310 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:46:08.0953 0x1310 TsUsbFlt - ok
17:46:08.0961 0x1310 tsusbhub - ok
17:46:09.0027 0x1310 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:46:09.0081 0x1310 tunnel - ok
17:46:09.0111 0x1310 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:46:09.0130 0x1310 uagp35 - ok
17:46:09.0179 0x1310 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:46:09.0249 0x1310 udfs - ok
17:46:09.0300 0x1310 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:46:09.0346 0x1310 UI0Detect - ok
17:46:09.0385 0x1310 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:46:09.0403 0x1310 uliagpkx - ok
17:46:09.0433 0x1310 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
17:46:09.0470 0x1310 umbus - ok
17:46:09.0512 0x1310 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:46:09.0539 0x1310 UmPass - ok
17:46:09.0584 0x1310 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
17:46:09.0632 0x1310 UmRdpService - ok
17:46:09.0677 0x1310 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
17:46:09.0729 0x1310 upnphost - ok
17:46:09.0818 0x1310 [ 71D97F1A3CC47A56728F7A400A3F8295, ED3FDB73D8A98D9BAF702C0F5C7AD79D525D19DCE1487D442536913BEA5C7F15 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:46:09.0955 0x1310 usbccgp - ok
17:46:10.0047 0x1310 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:46:10.0109 0x1310 usbcir - ok
17:46:10.0152 0x1310 [ C4FB8E7ADEA9B5CEEA885A1B504B7E40, 3E0AE5D236890452F2EA33504309A7E5FE49C567FF6F68A83A5987F05ED01BF0 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:46:10.0172 0x1310 usbehci - ok
17:46:10.0205 0x1310 [ 86AA95ACB611001E26CD2C0145F2225A, 584D26E8C9407A4E717DCBF2D3819DB441C2D455B5FDA6654FBA3794E19B4D51 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:46:10.0237 0x1310 usbhub - ok
17:46:10.0252 0x1310 [ DCDF9855145A14DFCA0AB32308871961, 9A21013AD032195D54CE655DE5363E78BB74CC55C40B889520B478892F4BA40A ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:46:10.0286 0x1310 usbohci - ok
17:46:10.0336 0x1310 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:46:10.0404 0x1310 usbprint - ok
17:46:10.0440 0x1310 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:46:10.0478 0x1310 USBSTOR - ok
17:46:10.0496 0x1310 [ 8E51D04175BAA14C4F79AA5F6D248770, 6CE2E45E272734A5D1D0C4CE2BD7B61C61C7538903E87203E376495D198EFBD0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:46:10.0531 0x1310 usbuhci - ok
17:46:10.0600 0x1310 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:46:10.0670 0x1310 usbvideo - ok
17:46:10.0707 0x1310 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
17:46:10.0758 0x1310 UxSms - ok
17:46:10.0767 0x1310 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc C:\Windows\system32\lsass.exe
17:46:10.0787 0x1310 VaultSvc - ok
17:46:10.0823 0x1310 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:46:10.0840 0x1310 vdrvroot - ok
17:46:10.0895 0x1310 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
17:46:10.0961 0x1310 vds - ok
17:46:11.0001 0x1310 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:46:11.0038 0x1310 vga - ok
17:46:11.0053 0x1310 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:46:11.0091 0x1310 VgaSave - ok
17:46:11.0117 0x1310 VGPU - ok
17:46:11.0169 0x1310 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:46:11.0218 0x1310 vhdmp - ok
17:46:11.0235 0x1310 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:46:11.0255 0x1310 viaagp - ok
17:46:11.0270 0x1310 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:46:11.0306 0x1310 ViaC7 - ok
17:46:11.0345 0x1310 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
17:46:11.0363 0x1310 viaide - ok
17:46:11.0376 0x1310 VirtualBackplane - ok
17:46:11.0443 0x1310 [ 7171B884DA8BFB1CE5C8BAE46D993CB1, 41FDD5973D7F02F0C568041E959C13EF2EA42334683C718B7443FFC5810322E6 ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe
17:46:11.0466 0x1310 VMAuthdService - detected UnsignedFile.Multi.Generic ( 1 )
17:46:14.0181 0x1310 Detect skipped due to KSN trusted
17:46:14.0181 0x1310 VMAuthdService - ok
17:46:14.0451 0x1310 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:46:14.0496 0x1310 vmbus - ok
17:46:14.0523 0x1310 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:46:14.0545 0x1310 VMBusHID - ok
17:46:14.0593 0x1310 [ 753BD0240B6586ABA0D67A70B3EF44A0, 8D891A6632F4241A1C21BF3C9F29D2599F371E2C953A67594417700641153CAB ] vmci C:\Windows\system32\DRIVERS\vmci.sys
17:46:14.0610 0x1310 vmci - ok
17:46:14.0639 0x1310 [ DB38B7DDC2E5E0DB3984AAEE0BED93AF, 11B2C9CB02D63E9D65C304F86745A87DCA3B3E945D3074597E9E153E71B7C05B ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
17:46:14.0661 0x1310 vmkbd - ok
17:46:14.0676 0x1310 [ A267D2321ED281359D301BFEB8202652, 63D76585733C79657106A057B97FD371AEDF0564BE5AD4BA50EB8DE096F4F73B ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
17:46:14.0695 0x1310 VMnetAdapter - ok
17:46:14.0712 0x1310 [ 7A4BB278D7860551A716D46349492692, 8974205C0E4453EAF4CCA167EA052702CC1A3446CA9C7172510BF5AAE9D79207 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
17:46:14.0735 0x1310 VMnetBridge - ok
17:46:14.0767 0x1310 [ 03A7980C30E9F00F1EAC752612DC80CE, 5EAC5FCEFE6663B53B6BE3DB5D048020D254A398BE4F1A355F2E9AB26E3A6A9B ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
17:46:14.0798 0x1310 VMnetDHCP - ok
17:46:14.0842 0x1310 [ F804B83C419F4D60458C19F9FA7C4253, CF77E6D136B16ADA22234A69B8750F1184655B360B3E370F88544473AD3B0B1E ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
17:46:14.0858 0x1310 VMnetuserif - ok
17:46:14.0903 0x1310 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B, 3321A9600CB284E25EAC909A44D3039C7330D398A48AAE2CEDDCFD5C5E438456 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
17:46:14.0924 0x1310 vmusb - ok
17:46:15.0086 0x1310 [ A77A76DD2773616651121B7EFA5948C1, 533A975CE23165EEDBC2A4B080A9FBEAE0648DC86A6E698A485C5ACF42D74824 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
17:46:15.0135 0x1310 VMUSBArbService - ok
17:46:15.0185 0x1310 [ F1D29D9C5DB9C144769F5CD7212BE555, 7FB533F79DF5AF8650D15E19C2B84E75BA2384AF82770DFDAA062A66DC277FD2 ] VMware NAT Service C:\Windows\system32\vmnat.exe
17:46:15.0220 0x1310 VMware NAT Service - ok
17:46:15.0236 0x1310 [ 168CEE789DB3B6C2432059AAC8C8D933, DAEB18382D9AB5C371C067846F04FC4619723942B710A632D242A4B53E2A0DD4 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
17:46:15.0254 0x1310 vmx86 - ok
17:46:15.0266 0x1310 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:46:15.0286 0x1310 volmgr - ok
17:46:15.0327 0x1310 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:46:15.0357 0x1310 volmgrx - ok
17:46:15.0383 0x1310 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:46:15.0409 0x1310 volsnap - ok
17:46:15.0470 0x1310 [ B26536ADD1D748CDA104D856C979AE79, C88FBCD63DB3607232616FAB989F0FD7FB00ED542E6AC1BC76076A7C13A6FB22 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
17:46:15.0498 0x1310 vpcbus - ok
17:46:15.0536 0x1310 [ A0F7E923A6261760130F22B85DF9040E, E70ED14497262C75CC2D4B67B046BB43D8F47A4B8487D258694891E9B4C6DA44 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:46:15.0584 0x1310 vpcnfltr - ok
17:46:15.0614 0x1310 [ 5F4B55E91CE7E2523C9E1E0ECE858869, 3C395198C1845A15C4E39888383587A5E481E2761B885DBB5FC2C17C7075E6B4 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
17:46:15.0647 0x1310 vpcusb - ok
17:46:15.0705 0x1310 [ B487191FE18D6863381A1AC55482469A, 77A6C87E833E90FFD2FF51C6B28041D8AE9C6CE293DA4166E65470C18C017971 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
17:46:15.0746 0x1310 vpcvmm - ok
17:46:15.0789 0x1310 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:46:15.0811 0x1310 vsmraid - ok
17:46:15.0842 0x1310 [ C78C6BC9C3A65256B7A96B478C16278F, 11E98B1ACD998D83C69F342839F58E2CA1158FDE99EA0451C793A7FD98054E6F ] vsock C:\Windows\system32\drivers\vsock.sys
17:46:15.0860 0x1310 vsock - ok
17:46:15.0951 0x1310 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
17:46:16.0087 0x1310 VSS - ok
17:46:16.0118 0x1310 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:46:16.0172 0x1310 vwifibus - ok
17:46:16.0215 0x1310 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:46:16.0240 0x1310 vwififlt - ok
17:46:16.0263 0x1310 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:46:16.0297 0x1310 vwifimp - ok
17:46:16.0346 0x1310 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
17:46:16.0406 0x1310 W32Time - ok
17:46:16.0443 0x1310 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:46:16.0469 0x1310 WacomPen - ok
17:46:16.0524 0x1310 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:46:16.0567 0x1310 WANARP - ok
17:46:16.0577 0x1310 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:46:16.0615 0x1310 Wanarpv6 - ok
17:46:16.0731 0x1310 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:46:16.0846 0x1310 WatAdminSvc - ok
17:46:16.0971 0x1310 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
17:46:17.0075 0x1310 wbengine - ok
17:46:17.0119 0x1310 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:46:17.0166 0x1310 WbioSrvc - ok
17:46:17.0224 0x1310 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:46:17.0269 0x1310 wcncsvc - ok
17:46:17.0292 0x1310 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:46:17.0335 0x1310 WcsPlugInService - ok
17:46:17.0372 0x1310 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:46:17.0402 0x1310 Wd - ok
17:46:17.0481 0x1310 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:46:17.0553 0x1310 Wdf01000 - ok
17:46:17.0575 0x1310 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:46:17.0615 0x1310 WdiServiceHost - ok
17:46:17.0639 0x1310 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:46:17.0668 0x1310 WdiSystemHost - ok
17:46:17.0714 0x1310 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
17:46:17.0776 0x1310 WebClient - ok
17:46:17.0812 0x1310 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:46:17.0874 0x1310 Wecsvc - ok
17:46:17.0889 0x1310 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:46:17.0948 0x1310 wercplsupport - ok
17:46:17.0969 0x1310 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
17:46:18.0022 0x1310 WerSvc - ok
17:46:18.0068 0x1310 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:46:18.0109 0x1310 WfpLwf - ok
17:46:18.0134 0x1310 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:46:18.0152 0x1310 WIMMount - ok
17:46:18.0251 0x1310 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:46:18.0322 0x1310 WinDefend - ok
17:46:18.0340 0x1310 WinHttpAutoProxySvc - ok
17:46:18.0406 0x1310 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:46:18.0467 0x1310 Winmgmt - ok
17:46:18.0558 0x1310 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
17:46:18.0728 0x1310 WinRM - ok
17:46:18.0819 0x1310 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:46:18.0890 0x1310 Wlansvc - ok
17:46:18.0924 0x1310 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:46:18.0956 0x1310 WmiAcpi - ok
17:46:18.0991 0x1310 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:46:19.0021 0x1310 wmiApSrv - ok
17:46:19.0147 0x1310 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:46:19.0227 0x1310 WMPNetworkSvc - ok
17:46:19.0258 0x1310 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:46:19.0290 0x1310 WPCSvc - ok
17:46:19.0319 0x1310 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:46:19.0346 0x1310 WPDBusEnum - ok
17:46:19.0390 0x1310 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:46:19.0459 0x1310 ws2ifsl - ok
17:46:19.0482 0x1310 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
17:46:19.0521 0x1310 wscsvc - ok
17:46:19.0528 0x1310 WSearch - ok
17:46:19.0672 0x1310 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
17:46:19.0766 0x1310 wuauserv - ok
17:46:19.0820 0x1310 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:46:19.0850 0x1310 WudfPf - ok
17:46:19.0907 0x1310 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:46:19.0955 0x1310 WUDFRd - ok
17:46:19.0994 0x1310 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:46:20.0052 0x1310 wudfsvc - ok
17:46:20.0170 0x1310 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:46:20.0273 0x1310 WwanSvc - ok
17:46:20.0371 0x1310 ================ Scan global ===============================
17:46:20.0418 0x1310 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
17:46:20.0468 0x1310 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:46:20.0502 0x1310 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:46:20.0541 0x1310 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:46:20.0602 0x1310 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:46:20.0619 0x1310 [ Global ] - ok
17:46:20.0620 0x1310 ================ Scan MBR ==================================
17:46:20.0640 0x1310 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:46:21.0673 0x1310 \Device\Harddisk0\DR0 - ok
17:46:21.0674 0x1310 ================ Scan VBR ==================================
17:46:21.0682 0x1310 [ EF9044C5685474405F565A791DAAB0E5 ] \Device\Harddisk0\DR0\Partition1
17:46:21.0686 0x1310 \Device\Harddisk0\DR0\Partition1 - ok
17:46:21.0741 0x1310 [ EBF9792C81EC363DBFA559D915ECE3E1 ] \Device\Harddisk0\DR0\Partition2
17:46:21.0745 0x1310 \Device\Harddisk0\DR0\Partition2 - ok
17:46:21.0772 0x1310 [ A36DCA4A3FE57366DBD13F8E48082B2D ] \Device\Harddisk0\DR0\Partition3
17:46:21.0776 0x1310 \Device\Harddisk0\DR0\Partition3 - ok
17:46:21.0777 0x1310 Waiting for KSN requests completion. In queue: 60
17:46:22.0777 0x1310 Waiting for KSN requests completion. In queue: 60
17:46:23.0778 0x1310 Waiting for KSN requests completion. In queue: 60
17:46:24.0820 0x1310 Win FW state via NFP2: enabled
17:46:27.0524 0x1310 ============================================================
17:46:27.0524 0x1310 Scan finished
17:46:27.0524 0x1310 ============================================================
17:46:27.0547 0x1794 Detected object count: 3
17:46:27.0547 0x1794 Actual detected object count: 3
17:47:10.0091 0x1794 CwIPCSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:10.0091 0x1794 CwIPCSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:10.0094 0x1794 rak ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:10.0094 0x1794 rak ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:10.0098 0x1794 RSSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:10.0098 0x1794 RSSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip


jdu se vrhnout na ten zbytek ...

OTL zamrzl ... děkuji za pomoc, budu muset jet něco zařídit takže zbývající logy dodám během zítřka

OTL logfile created on: 4.1.2014 19:46:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roman\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,75 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 37,10% Memory free
5,50 Gb Paging File | 3,95 Gb Available in Paging File | 71,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 0,44 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
Drive D: | 249,26 Gb Total Space | 64,73 Gb Free Space | 25,97% Space Free | Partition Type: NTFS

Computer Name: ROMAN-PC | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.01.04 17:56:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
PRC - [2013.11.29 16:20:40 | 001,664,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.10.31 07:45:37 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013.10.31 07:45:37 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013.10.11 11:51:12 | 000,375,056 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
PRC - [2013.08.29 05:10:00 | 000,064,512 | ---- | M] (Moravian Instruments®) -- C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
PRC - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012.08.01 17:10:26 | 000,719,512 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008.10.20 18:08:30 | 000,166,456 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.08.18 11:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2008.08.13 21:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.13 20:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008.08.13 16:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2007.12.06 20:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (All) ==========

MOD - [2014.01.04 17:56:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
MOD - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:12 | 002,134,480 | ---- | M] (Google Inc.) -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\libpeerconnection.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:10 | 009,962,960 | ---- | M] (The ICU Project) -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\icudt.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013.12.04 03:47:03 | 031,266,256 | ---- | M] (Google Inc.) -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\chrome_child.dll
MOD - [2013.12.04 03:47:01 | 026,319,824 | ---- | M] (Google Inc.) -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\chrome.dll
MOD - [2013.12.04 03:29:56 | 003,231,688 | ---- | M] (Microsoft Corporation) -- C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\D3DCompiler_46.dll
MOD - [2013.12.03 23:05:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
MOD - [2013.11.27 01:20:01 | 000,235,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
MOD - [2013.11.26 09:38:54 | 002,166,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2013.11.26 09:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
MOD - [2013.11.26 08:26:42 | 011,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2013.11.26 07:33:33 | 001,820,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2013.11.26 07:27:32 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2013.11.26 07:22:29 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2013.11.14 15:19:43 | 000,042,688 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\defs\13111601\uiext.dll
MOD - [2013.10.31 07:45:45 | 000,254,856 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\1029\uiLangRes.dll
MOD - [2013.10.31 07:45:45 | 000,089,520 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\1029\Base.dll
MOD - [2013.10.31 07:45:37 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
MOD - [2013.10.31 07:45:32 | 006,439,488 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\CommonRes.dll
MOD - [2013.10.31 07:45:30 | 000,073,064 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastIP.dll
MOD - [2013.10.31 07:45:29 | 000,476,800 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MOD - [2013.10.31 07:45:29 | 000,038,032 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswUtil.dll
MOD - [2013.10.31 07:45:27 | 000,260,536 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MOD - [2013.10.31 07:45:26 | 000,226,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswLog.dll
MOD - [2013.10.31 07:45:26 | 000,051,952 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MOD - [2013.10.31 07:45:25 | 000,682,824 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswAux.dll
MOD - [2013.10.31 07:45:25 | 000,382,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MOD - [2013.10.31 07:45:25 | 000,212,608 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MOD - [2013.10.31 07:45:25 | 000,206,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswData.dll
MOD - [2013.10.31 07:45:25 | 000,116,848 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MOD - [2013.10.31 07:45:24 | 000,156,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashTask.dll
MOD - [2013.10.31 07:45:24 | 000,121,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashShell.dll
MOD - [2013.10.31 07:45:24 | 000,062,752 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MOD - [2013.10.31 07:45:22 | 000,943,408 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashBase.dll
MOD - [2013.10.31 07:45:19 | 000,902,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MOD - [2013.10.31 07:45:19 | 000,149,272 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MOD - [2013.10.19 02:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2013.10.12 03:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2013.10.05 20:57:25 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2013.10.04 02:56:00 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2013.10.03 02:58:07 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2013.09.25 02:57:46 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2013.09.25 02:57:26 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2013.09.25 02:56:42 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2013.09.08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2013.08.29 02:50:30 | 001,289,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2013.08.29 02:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2013.08.02 02:49:19 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2013.08.02 02:49:19 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2013.07.26 02:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2013.07.09 05:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2013.07.09 05:50:42 | 000,652,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2013.07.09 05:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2013.07.04 12:51:04 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2013.07.04 12:50:56 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
MOD - [2013.06.07 19:48:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
MOD - [2013.06.07 19:48:21 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
MOD - [2013.06.07 19:48:21 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
MOD - [2013.06.07 19:48:21 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
MOD - [2013.06.07 19:48:21 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
MOD - [2013.06.07 19:48:21 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MOD - [2013.06.06 05:52:14 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2013.05.03 23:33:13 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MOD - [2013.05.03 23:33:10 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2013.05.03 23:33:10 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2013.04.26 00:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
MOD - [2013.04.17 08:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2013.04.03 05:50:20 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll
MOD - [2012.12.07 13:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
MOD - [2012.12.07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
MOD - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
MOD - [2012.11.22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2012.11.01 05:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
MOD - [2012.10.09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2012.10.09 17:01:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2012.10.03 17:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2012.09.25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
MOD - [2012.07.04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
MOD - [2012.06.02 23:19:33 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
MOD - [2012.06.02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
MOD - [2012.06.02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
MOD - [2012.04.07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2012.01.04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2011.12.30 06:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011.12.16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2011.11.17 06:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
MOD - [2011.08.27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2011.08.27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2011.06.16 05:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2011.05.17 08:27:52 | 000,413,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MOD - [2011.05.04 05:34:43 | 001,549,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
MOD - [2011.05.04 05:28:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
MOD - [2011.03.11 06:33:59 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
MOD - [2011.03.11 06:33:09 | 001,699,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
MOD - [2011.03.03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2010.11.20 13:21:40 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
MOD - [2010.11.20 13:21:39 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2010.11.20 13:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2010.11.20 13:21:38 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
MOD - [2010.11.20 13:21:36 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
MOD - [2010.11.20 13:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010.11.20 13:21:36 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2010.11.20 13:21:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2010.11.20 13:21:36 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2010.11.20 13:21:35 | 001,063,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
MOD - [2010.11.20 13:21:35 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
MOD - [2010.11.20 13:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2010.11.20 13:21:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2010.11.20 13:21:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\twext.dll
MOD - [2010.11.20 13:21:30 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2010.11.20 13:21:28 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
MOD - [2010.11.20 13:21:27 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2010.11.20 13:21:27 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2010.11.20 13:21:27 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2010.11.20 13:21:27 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll
MOD - [2010.11.20 13:21:26 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2010.11.20 13:21:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2010.11.20 13:21:25 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2010.11.20 13:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010.11.20 13:21:23 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2010.11.20 13:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010.11.20 13:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010.11.20 13:21:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2010.11.20 13:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010.11.20 13:21:03 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2010.11.20 13:21:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2010.11.20 13:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010.11.20 13:20:57 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2010.11.20 13:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll
MOD - [2010.11.20 13:20:56 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
MOD - [2010.11.20 13:20:56 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
MOD - [2010.11.20 13:20:55 | 001,750,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2010.11.20 13:20:55 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2010.11.20 13:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010.11.20 13:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2010.11.20 13:20:48 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
MOD - [2010.11.20 13:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2010.11.20 13:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2010.11.20 13:20:29 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2010.11.20 13:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010.11.20 13:20:27 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2010.11.20 13:19:54 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2010.11.20 13:19:47 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
MOD - [2010.11.20 13:19:46 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
MOD - [2010.11.20 13:19:45 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2010.11.20 13:19:45 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2010.11.20 13:19:39 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2010.11.20 13:19:33 | 003,207,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
MOD - [2010.11.20 13:19:23 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2010.11.20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010.11.20 13:19:21 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2010.11.20 13:19:10 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
MOD - [2010.11.20 13:19:03 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
MOD - [2010.11.20 13:19:02 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
MOD - [2010.11.20 13:19:01 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2010.11.20 13:19:01 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
MOD - [2010.11.20 13:18:38 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2010.11.20 13:18:36 | 000,399,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
MOD - [2010.11.20 13:18:35 | 001,371,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
MOD - [2010.11.20 13:18:35 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
MOD - [2010.11.20 13:18:27 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2010.11.20 13:18:25 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
MOD - [2010.11.20 13:18:25 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
MOD - [2010.11.20 13:18:25 | 000,418,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
MOD - [2010.11.20 13:18:25 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
MOD - [2010.11.20 13:18:25 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2010.11.20 13:18:25 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
MOD - [2010.11.20 13:18:24 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2010.11.20 13:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010.11.20 13:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010.11.20 13:18:09 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
MOD - [2010.11.20 13:18:06 | 000,740,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2010.11.20 13:18:05 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
MOD - [2010.11.20 13:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2010.11.20 13:18:01 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
MOD - [2010.11.20 13:18:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2010.11.20 13:18:01 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
MOD - [2010.11.20 13:16:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2010.11.20 13:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010.11.20 13:16:50 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2010.11.20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.05 02:58:19 | 000,297,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
MOD - [2010.11.05 02:58:03 | 000,115,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
MOD - [2009.11.16 20:31:58 | 000,069,632 | ---- | M] () -- D:\PSPad editor\PSPadShell.dll
MOD - [2009.08.18 02:20:38 | 003,105,280 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
MOD - [2009.08.18 02:05:32 | 002,868,736 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll
MOD - [2009.07.14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcryptprimitives.dll
MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.07.14 02:16:21 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWanAPI.dll
MOD - [2009.07.14 02:16:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwapi.dll
MOD - [2009.07.14 02:16:20 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscinterop.dll
MOD - [2009.07.14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009.07.14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2009.07.14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2009.07.14 02:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2009.07.14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2009.07.14 02:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2009.07.14 02:16:18 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WcnApi.dll
MOD - [2009.07.14 02:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll
MOD - [2009.07.14 02:16:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll
MOD - [2009.07.14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009.07.14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009.07.14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 02:16:15 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Syncreg.dll
MOD - [2009.07.14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009.07.14 02:16:14 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPInf.dll
MOD - [2009.07.14 02:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sbdrop.dll
MOD - [2009.07.14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009.07.14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2009.07.14 02:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009.07.14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009.07.14 02:16:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2009.07.14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009.07.14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009.07.14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2009.07.14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2009.07.14 02:16:03 | 001,537,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
MOD - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll
MOD - [2009.07.14 02:16:03 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
MOD - [2009.07.14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009.07.14 02:15:47 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
MOD - [2009.07.14 02:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2009.07.14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2009.07.14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009.07.14 02:15:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
MOD - [2009.07.14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
MOD - [2009.07.14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009.07.14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpOAV.dll
MOD - [2009.07.14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2009.07.14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
MOD - [2009.07.14 02:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
MOD - [2009.07.14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2009.07.14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2009.07.14 02:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009.07.14 02:15:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcproviders.dll
MOD - [2009.07.14 02:15:24 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2009.07.14 02:15:22 | 000,848,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSST.dll
MOD - [2009.07.14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
MOD - [2009.07.14 02:15:21 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSAPI.dll
MOD - [2009.07.14 02:15:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
MOD - [2009.07.14 02:15:20 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
MOD - [2009.07.14 02:15:20 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
MOD - [2009.07.14 02:15:20 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdWNet.dll
MOD - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.07.14 02:15:14 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2009.07.14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dui70.dll
MOD - [2009.07.14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2009.07.14 02:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:13 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dtsh.dll
MOD - [2009.07.14 02:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsrole.dll
MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2009.07.14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devrtl.dll
MOD - [2009.07.14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfscli.dll
MOD - [2009.07.14 02:15:11 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
MOD - [2009.07.14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009.07.14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d8thk.dll
MOD - [2009.07.14 02:15:07 | 001,242,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009.07.14 02:14:59 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2009.07.14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009.07.14 02:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2009.07.14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
MOD - [2009.07.14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 02:14:09 | 001,140,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
MOD - [2009.07.14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
MOD - [2009.07.14 02:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2009.07.14 02:09:14 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll
MOD - [2009.07.14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll
MOD - [2009.07.14 02:05:30 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSRESM.dll
MOD - [2009.06.10 22:22:50 | 000,023,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
MOD - [2009.02.25 18:31:50 | 001,080,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Alwil Software\Avast5\dbghelp.dll
MOD - [2009.01.26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
MOD - [2007.12.07 18:56:36 | 000,431,392 | ---- | M] (ABBYY Software Ltd) -- D:\abby\FRIntegration.dll
MOD - [2007.07.17 10:53:10 | 000,053,248 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\isoshell.dll
MOD - [2005.10.10 14:21:24 | 000,311,296 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2005.10.07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003.11.11 12:01:02 | 000,720,896 | ---- | M] (Robert McNeel & Associates) -- C:\Windows\System32\RhinoShExt.dll


========== Services (SafeList) ==========

SRV - [2013.11.29 16:20:40 | 001,664,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.11.26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.10.31 07:45:37 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.10.11 11:51:12 | 000,375,056 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013.09.21 19:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.29 05:10:00 | 000,064,512 | ---- | M] (Moravian Instruments®) [Auto | Running] -- C:\Program Files\Moravian Instruments\Shared\cwsvc.exe -- (CwIPCSvc)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 17:10:26 | 000,719,512 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.05.02 09:23:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.08.13 20:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008.05.27 11:20:38 | 000,070,952 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLinx\dnwhodisp.exe -- (dnWhoDisp)
SRV - [2008.05.24 09:25:12 | 000,202,024 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)
SRV - [2007.12.06 20:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2005.11.25 09:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\OpcEnum.exe -- (OpcEnum)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\VirtualBackplane.sys -- (VirtualBackplane)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | Auto | Stopped] -- -- (First)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Roman\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.10.31 07:46:16 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.10.31 07:46:16 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.10.31 07:46:16 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.10.31 07:46:16 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.10.31 07:46:16 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.10.31 07:46:16 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.10.31 07:46:15 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.10.31 07:46:14 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.15 15:18:38 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012.08.15 15:18:28 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012.08.15 15:16:50 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012.08.15 15:16:48 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012.08.15 15:16:48 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.08.01 17:10:30 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012.08.01 17:10:24 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2012.07.06 12:29:26 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012.07.06 12:29:26 | 000,061,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2010.11.20 13:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 13:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 11:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.07.15 13:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.03.07 23:47:49 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\rakion.sys -- (rak)
DRV - [2009.11.19 14:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.07.05 18:19:52 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\rsserial.sys -- (RSSERIAL)
DRV - [2008.07.05 18:19:50 | 000,039,067 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\RSIKT.SYS -- (RsiKtControl)
DRV - [2008.05.24 21:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007.07.31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-181207809-651417714-1976190808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 4A 14 74 62 35 CB 01 [binary data]
IE - HKU\S-1-5-21-181207809-651417714-1976190808-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-181207809-651417714-1976190808-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-181207809-651417714-1976190808-1000\..\SearchScopes\{1FA8840B-AC56-4280-962B-291D2251AA1F}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-181207809-651417714-1976190808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=green ... =827316&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PRACOVNI\MSPROJ~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Roman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.11.17 11:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.06 18:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.12 10:05:50 | 000,000,000 | ---D | M]

[2010.02.20 18:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2013.08.29 12:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\ysk0x51m.default\extensions
[2010.09.02 23:43:46 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\ysk0x51m.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
[2014.01.03 16:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.26 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.10.27 10:43:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.11.17 11:19:29 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.06 18:08:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.06 18:08:40 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.09.06 18:08:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.06 18:08:40 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.06 18:08:40 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Roman\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Roman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Roman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Default = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014.01.04 02:07:58 | 000,000,741 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PRACOVNI\MS project\Office15\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-21-181207809-651417714-1976190808-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181207809-651417714-1976190808-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181207809-651417714-1976190808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16F89CFE-90C5-4800-878F-EBA54299489D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A6122E4-F4C1-4779-BA1F-687C2FC1D16A}: DhcpNameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87383ABE-73D0-4DB6-9BCA-39BF9F14D694}: DhcpNameServer = 217.77.165.81 217.77.161.131
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\PRACOVNI\MS project\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.01.04 17:41:03 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Roman\Desktop\TDSSKiller.exe
[2014.01.04 17:07:51 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\PCHunter_free
[2014.01.04 16:24:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.01.04 16:04:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014.01.04 14:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.01.04 14:30:29 | 000,000,000 | ---D | C] -- C:\rsit
[2014.01.04 14:20:51 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Roman\Desktop\mbar-1.07.0.1008.exe
[2014.01.04 14:16:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2014.01.04 14:15:33 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Roman\Desktop\mbam-setup.exe
[2014.01.04 14:10:34 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Roman\Desktop\JRT.exe
[2014.01.03 21:54:31 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys.bak
[2014.01.03 21:54:31 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys.bak
[2014.01.03 21:54:30 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys.bak
[2014.01.03 21:54:30 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys.bak
[2014.01.03 21:54:30 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys.bak
[2014.01.03 21:54:30 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys.bak
[2014.01.03 21:54:30 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys.bak
[2014.01.03 20:37:53 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\temp
[2014.01.03 19:56:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.01.03 19:56:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.01.03 19:56:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.01.03 19:55:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.01.03 19:55:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.01.03 19:53:12 | 005,160,282 | R--- | C] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2014.01.03 16:51:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.29 23:33:56 | 000,014,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys.bak
[2013.12.29 23:33:55 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys.bak
[2013.12.29 23:33:55 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys.bak
[2013.12.29 23:33:54 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys.bak
[2013.12.29 23:33:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifimp.sys.bak
[2013.12.29 23:33:52 | 000,296,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys.bak
[2013.12.29 23:33:52 | 000,061,296 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vsock.sys.bak
[2013.12.29 23:33:51 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys.bak
[2013.12.29 23:33:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys.bak
[2013.12.29 23:33:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys.bak
[2013.12.29 23:33:49 | 000,061,848 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmx86.sys.bak
[2013.12.29 23:33:49 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys.bak
[2013.12.29 23:33:49 | 000,031,280 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmusb.sys.bak
[2013.12.29 23:33:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys.bak
[2013.12.29 23:33:48 | 000,037,016 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys.bak
[2013.12.29 23:33:48 | 000,025,752 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys.bak
[2013.12.29 23:33:48 | 000,019,608 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys.bak
[2013.12.29 23:33:48 | 000,016,664 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys.bak
[2013.12.29 23:33:47 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys.bak
[2013.12.29 23:33:47 | 000,071,152 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmci.sys.bak
[2013.12.29 23:33:47 | 000,025,624 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys.bak
[2013.12.29 23:33:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys.bak
[2013.12.29 23:33:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys.bak
[2013.12.29 23:33:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys.bak
[2013.12.29 23:33:43 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys.bak
[2013.12.29 23:33:42 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys.bak
[2013.12.29 23:33:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys.bak
[2013.12.29 23:33:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys.bak
[2013.12.29 23:33:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys.bak
[2013.12.29 23:33:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys.bak
[2013.12.29 23:33:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys.bak
[2013.12.29 23:33:35 | 000,053,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys.bak
[2013.12.29 23:33:35 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys.bak
[2013.12.29 23:33:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys.bak
[2013.12.29 23:33:34 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys.bak
[2013.12.29 23:33:33 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys.bak
[2013.12.29 23:33:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys.bak
[2013.12.29 23:33:30 | 000,081,920 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys.bak
[2013.12.29 23:33:29 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys.bak
[2013.12.29 23:33:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys.bak
[2013.12.29 23:33:26 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys.bak
[2013.12.29 23:33:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys.bak
[2013.12.29 23:33:21 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys.bak
[2013.12.29 23:33:19 | 000,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys.bak
[2013.12.29 23:33:14 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys.bak
[2013.12.29 23:33:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys.bak
[2013.12.29 23:33:03 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys.bak
[2013.12.29 23:33:02 | 000,005,744 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\k750whnt.sys.bak
[2013.12.29 23:33:02 | 000,005,744 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\k750wh.sys.bak
[2013.12.29 23:33:01 | 000,055,216 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\k750bus.sys.bak
[2013.12.29 23:32:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys.bak
[2013.12.29 23:32:57 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys.bak
[2013.12.29 23:32:54 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS.bak
[2013.12.29 23:32:54 | 000,041,496 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\hcmon.sys.bak
[2013.12.29 23:32:54 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys.bak
[2013.12.29 23:32:51 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys.bak
[2013.12.29 23:32:50 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys.bak
[2013.12.29 23:32:50 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys.bak
[2013.12.29 23:32:48 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys.bak
[2013.12.29 23:32:48 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys.bak
[2013.12.29 23:32:47 | 000,055,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpfve.sys.bak
[2013.12.29 23:32:47 | 000,026,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys.bak
[2013.12.29 23:32:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys.bak
[2013.12.29 23:32:46 | 000,131,984 | ---- | C] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys.bak
[2013.12.29 23:32:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys.bak
[2013.12.29 23:32:46 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys.bak
[2013.12.29 23:32:44 | 000,308,859 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\CVPNDRVA.sys.bak
[2013.12.29 23:32:44 | 000,005,275 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\CVirtA.sys.bak
[2013.12.29 23:32:43 | 000,035,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys.bak
[2013.12.29 23:32:42 | 000,140,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys.bak
[2013.12.29 23:32:36 | 000,025,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys.bak
[2013.12.29 23:32:34 | 000,007,680 | ---- | C] (ATK0100) -- C:\Windows\System32\drivers\ATKACPI.sys.bak
[2013.12.29 23:32:33 | 004,994,560 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys.bak
[2013.12.29 23:32:33 | 001,221,632 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys.bak
[2013.12.29 23:32:33 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys.bak
[2013.12.29 23:32:32 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys.bak
[2013.12.29 23:32:26 | 000,097,740 | ---- | C] (Allen-Bradley) -- C:\Windows\System32\drivers\abpcic.sys.bak
[2013.12.29 23:32:26 | 000,071,448 | ---- | C] (Rockwell Software Inc.) -- C:\Windows\System32\drivers\abktcx.sys.bak
[2013.12.29 23:32:26 | 000,069,132 | ---- | C] (Rockwell Automation) -- C:\Windows\System32\drivers\abpcics.sys.bak
[2013.12.29 23:32:24 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys.bak
[2013.12.29 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2013.12.29 15:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[18 C:\Users\Roman\Desktop\*.tmp files -> C:\Users\Roman\Desktop\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014.01.04 19:48:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.04 19:41:57 | 000,475,227 | ---- | M] () -- C:\Users\Roman\Desktop\Qoobox.rar
[2014.01.04 19:36:11 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000UA.job
[2014.01.04 19:35:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000Core.job
[2014.01.04 17:56:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2014.01.04 17:40:20 | 000,109,486 | ---- | M] () -- C:\Users\Roman\Desktop\PCHunter report.rar
[2014.01.04 17:13:17 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.04 17:13:17 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.04 14:29:58 | 000,781,383 | ---- | M] () -- C:\Users\Roman\Desktop\RSIT.exe
[2014.01.04 14:21:16 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Roman\Desktop\mbar-1.07.0.1008.exe
[2014.01.04 14:16:07 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Roman\Desktop\mbam-setup.exe
[2014.01.04 14:10:52 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Roman\Desktop\JRT.exe
[2014.01.04 13:52:54 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2014.01.04 13:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.04 13:50:31 | 2213,896,192 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.04 02:07:58 | 000,000,741 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.01.04 02:07:17 | 000,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys.bak
[2014.01.04 02:07:17 | 000,014,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys.bak
[2014.01.04 02:07:16 | 000,047,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys.bak
[2014.01.04 02:07:15 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys.bak
[2014.01.04 02:07:15 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifimp.sys.bak
[2014.01.04 02:07:14 | 000,296,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys.bak
[2014.01.04 02:07:14 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys.bak
[2014.01.04 02:07:14 | 000,061,296 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vsock.sys.bak
[2014.01.04 02:07:13 | 000,172,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys.bak
[2014.01.04 02:07:13 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys.bak
[2014.01.04 02:07:12 | 000,061,848 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmx86.sys.bak
[2014.01.04 02:07:12 | 000,040,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys.bak
[2014.01.04 02:07:12 | 000,031,280 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmusb.sys.bak
[2014.01.04 02:07:12 | 000,025,752 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys.bak
[2014.01.04 02:07:12 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys.bak
[2014.01.04 02:07:11 | 000,071,152 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmci.sys.bak
[2014.01.04 02:07:11 | 000,037,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys.bak
[2014.01.04 02:07:11 | 000,025,624 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys.bak
[2014.01.04 02:07:11 | 000,019,608 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys.bak
[2014.01.04 02:07:11 | 000,016,664 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys.bak
[2014.01.04 02:07:10 | 000,175,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys.bak
[2014.01.04 02:07:10 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys.bak
[2014.01.04 02:07:10 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys.bak
[2014.01.04 02:07:08 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys.bak
[2014.01.04 02:07:07 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys.bak
[2014.01.04 02:07:06 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys.bak
[2014.01.04 02:07:05 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys.bak
[2014.01.04 02:07:05 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys.bak
[2014.01.04 02:07:05 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys.bak
[2014.01.04 02:07:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys.bak
[2014.01.04 02:07:02 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys.bak
[2014.01.04 02:07:01 | 000,148,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys.bak
[2014.01.04 02:07:01 | 000,053,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys.bak
[2014.01.04 02:07:01 | 000,028,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys.bak
[2014.01.04 02:07:01 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys.bak
[2014.01.04 02:06:59 | 000,405,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys.bak
[2014.01.04 02:06:59 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys.bak
[2014.01.04 02:06:57 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys.bak
[2014.01.04 02:06:56 | 000,140,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys.bak
[2014.01.04 02:06:55 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys.bak
[2014.01.04 02:06:55 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys.bak
[2014.01.04 02:06:54 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys.bak
[2014.01.04 02:06:50 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys.bak
[2014.01.04 02:06:49 | 000,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys.bak
[2014.01.04 02:06:45 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys.bak
[2014.01.04 02:06:38 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys.bak
[2014.01.04 02:06:36 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys.bak
[2014.01.04 02:06:35 | 000,055,216 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\k750bus.sys.bak
[2014.01.04 02:06:35 | 000,005,744 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\k750whnt.sys.bak
[2014.01.04 02:06:35 | 000,005,744 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\k750wh.sys.bak
[2014.01.04 02:06:31 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys.bak
[2014.01.04 02:06:31 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys.bak
[2014.01.04 02:06:30 | 000,041,496 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\hcmon.sys.bak
[2014.01.04 02:06:29 | 000,187,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS.bak
[2014.01.04 02:06:29 | 000,026,176 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys.bak
[2014.01.04 02:06:26 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys.bak
[2014.01.04 02:06:26 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys.bak
[2014.01.04 02:06:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys.bak
[2014.01.04 02:06:24 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys.bak
[2014.01.04 02:06:23 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys.bak
[2014.01.04 02:06:23 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys.bak
[2014.01.04 02:06:23 | 000,055,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpfve.sys.bak
[2014.01.04 02:06:23 | 000,026,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys.bak
[2014.01.04 02:06:23 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys.bak
[2014.01.04 02:06:22 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys.bak
[2014.01.04 02:06:22 | 000,027,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys.bak
[2014.01.04 02:06:21 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\CVPNDRVA.sys.bak
[2014.01.04 02:06:21 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\CVirtA.sys.bak
[2014.01.04 02:06:20 | 000,035,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys.bak
[2014.01.04 02:06:19 | 000,140,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys.bak
[2014.01.04 02:06:14 | 000,025,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys.bak
[2014.01.04 02:06:14 | 000,007,680 | ---- | M] (ATK0100) -- C:\Windows\System32\drivers\ATKACPI.sys.bak
[2014.01.04 02:06:13 | 004,994,560 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys.bak
[2014.01.04 02:06:12 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys.bak
[2014.01.04 02:06:12 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdW73.sys.bak
[2014.01.04 02:06:11 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.bak
[2014.01.04 02:06:11 | 000,133,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys.bak
[2014.01.04 02:06:10 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys.bak
[2014.01.04 02:06:10 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys.bak
[2014.01.04 02:06:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys.bak
[2014.01.04 02:06:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys.bak
[2014.01.04 02:06:09 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys.bak
[2014.01.04 02:06:09 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys.bak
[2014.01.04 02:06:09 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys.bak
[2014.01.04 02:06:09 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys.bak
[2014.01.04 02:06:04 | 000,069,132 | ---- | M] (Rockwell Automation) -- C:\Windows\System32\drivers\abpcics.sys.bak
[2014.01.04 02:06:03 | 000,097,740 | ---- | M] (Allen-Bradley) -- C:\Windows\System32\drivers\abpcic.sys.bak
[2014.01.04 02:06:03 | 000,071,448 | ---- | M] (Rockwell Software Inc.) -- C:\Windows\System32\drivers\abktcx.sys.bak
[2014.01.04 02:06:03 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys.bak
[2014.01.03 19:53:48 | 005,160,282 | R--- | M] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2014.01.03 16:51:31 | 001,233,962 | ---- | M] () -- C:\Users\Roman\Desktop\adwcleaner.exe
[2014.01.02 22:44:08 | 000,699,266 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.01.02 22:44:08 | 000,682,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.01.02 22:44:08 | 000,150,614 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.01.02 22:44:08 | 000,133,514 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.01.02 22:23:27 | 000,444,624 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140103-154723.backup
[2013.12.30 16:21:48 | 000,000,741 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140102-222327.backup
[2013.12.30 00:08:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\omng.sys.bak
[2013.12.29 23:30:07 | 003,810,304 | ---- | M] () -- C:\Users\Roman\Desktop\RogueKiller (1).exe
[18 C:\Users\Roman\Desktop\*.tmp files -> C:\Users\Roman\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.04 19:41:56 | 000,475,227 | ---- | C] () -- C:\Users\Roman\Desktop\Qoobox.rar
[2014.01.04 18:01:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.04 17:40:19 | 000,109,486 | ---- | C] () -- C:\Users\Roman\Desktop\PCHunter report.rar
[2014.01.04 14:29:52 | 000,781,383 | ---- | C] () -- C:\Users\Roman\Desktop\RSIT.exe
[2014.01.03 21:54:31 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.bak
[2014.01.03 21:54:30 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys.bak
[2014.01.03 19:56:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.01.03 19:56:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.01.03 19:56:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.01.03 19:56:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.01.03 19:56:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.01.03 16:51:20 | 001,233,962 | ---- | C] () -- C:\Users\Roman\Desktop\adwcleaner.exe
[2013.12.29 23:33:18 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\omng.sys.bak
[2013.12.29 23:30:02 | 003,810,304 | ---- | C] () -- C:\Users\Roman\Desktop\RogueKiller (1).exe
[2013.11.17 11:16:57 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.11.17 11:16:56 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.01 10:59:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013.05.01 10:56:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.02.19 18:35:40 | 000,033,325 | ---- | C] () -- C:\Windows\scunin.dat
[2012.10.28 13:27:56 | 000,001,468 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.25 11:01:30 | 000,004,096 | -H-- | C] () -- C:\Users\Roman\AppData\Local\keyfile3.drm
[2010.11.14 21:08:39 | 000,000,565 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\myMPQ.ini
[2010.11.10 11:00:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2010.11.08 10:21:03 | 000,000,212 | ---- | C] () -- C:\Users\Roman\.packettracer
[2010.05.01 10:10:12 | 000,000,016 | ---- | C] () -- C:\Users\Roman\persistent_state
[2010.03.02 11:11:00 | 000,000,087 | ---- | C] () -- C:\Users\Roman\.octave_hist
[2010.02.22 08:16:05 | 000,007,606 | ---- | C] () -- C:\Users\Roman\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.09.15 23:27:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\.minecraft
[2010.02.25 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Blender Foundation
[2011.07.25 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\CAD-KAS
[2010.02.21 19:46:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dev-Cpp
[2010.03.25 12:05:00 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\fltk.org
[2012.09.18 12:00:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICQ
[2013.02.25 09:58:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\LibreOffice
[2011.05.08 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Miranda
[2011.10.30 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Razor
[2013.06.25 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2012.12.20 19:36:18 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Unity
[2010.03.23 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vodafone
[2013.09.15 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Wings3D

========== Purity Check ==========



========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9320320AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 49,00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 249,00GB
Starting Offset: 52428800000
Hidden sectors: 0

[2009.07.14 05:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009.07.14 10:20:06 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009.07.14 05:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2014.01.03 20:37:53 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2009.07.14 05:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009.07.14 10:20:06 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009.07.14 05:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009.07.14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.02.20 21:03:13 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2010.12.12 14:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\CardSpace
[2011.11.05 10:27:45 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2010.02.20 18:06:22 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2010.02.20 18:06:28 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012.10.11 15:19:38 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2010.05.01 17:08:27 | 000,000,000 | RH-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Windows\Burn\Burn
[2010.03.23 16:41:21 | 000,000,000 | RH-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Windows\Burn\Burn1
[2010.03.23 16:44:37 | 000,000,000 | RH-D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Windows\Burn\Burn2
[2011.03.14 12:00:50 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Local\VirtualStore\ProgramData
[2013.12.04 15:36:03 | 000,000,000 | -H-D | M] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\DNTException\Low
[2013.04.15 10:20:42 | 000,000,000 | -H-D | M] -- C:\Users\Roman\Desktop\4. rocnik\heger\optimalni rizeni\__history
[2009.12.14 21:32:41 | 000,000,000 | -H-D | M] -- C:\Windows.old\ProgramData
[2009.04.22 11:00:56 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\Default
[2009.04.22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\All Users\Microsoft\WwanSvc
[2009.04.22 11:24:12 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009.04.22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\All Users\Microsoft\WwanSvc\Profiles
[2009.04.22 11:24:12 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2009.07.01 08:41:07 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\All Users\Trymedia\data
[2009.04.22 07:17:24 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\Default\AppData
[2010.02.03 09:53:56 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\Public\Desktop
[2009.04.22 06:58:05 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\Public\Favorites
[2009.06.12 21:11:08 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\Public\Libraries
[2009.06.12 21:17:22 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\Public\Recorded TV\TempRec
[2009.06.12 20:10:36 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData
[2010.02.08 11:17:49 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2009.06.12 20:10:54 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2009.06.12 21:07:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2009.06.12 21:17:30 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Media Player\Art Cache
[2009.07.13 15:45:03 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2009.08.14 06:40:33 | 000,000,000 | RH-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Windows\Burn\Burn
[2009.06.12 23:11:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2009.06.12 23:11:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
[2009.11.10 17:00:17 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Local\VirtualStore\ProgramData
[2009.06.12 20:10:54 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2009.06.12 21:07:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2009.06.12 21:06:43 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2009.06.12 21:06:48 | 000,000,000 | -H-D | M] -- C:\Windows.old\Documents and Settings\RS\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009.09.21 17:49:46 | 000,000,000 | -H-D | M] -- C:\Windows.old\Program Files\InstallShield Installation Information
[2009.04.22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\ProgramData\Microsoft\WwanSvc
[2009.04.22 11:24:12 | 000,000,000 | RH-D | M] -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009.04.22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\ProgramData\Microsoft\WwanSvc\Profiles
[2009.04.22 11:24:12 | 000,000,000 | RH-D | M] -- C:\Windows.old\ProgramData\Start Menu\Programs\Tablet PC
[2009.07.01 08:41:07 | 000,000,000 | -H-D | M] -- C:\Windows.old\ProgramData\Trymedia\data
[2009.04.22 11:00:56 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Default
[2009.04.22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Microsoft\WwanSvc
[2009.04.22 11:24:12 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009.04.22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Microsoft\WwanSvc\Profiles
[2009.04.22 11:24:12 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\All Users\Start Menu\Programs\Tablet PC
[2009.07.01 08:41:07 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Trymedia\data
[2009.04.22 07:17:24 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\Default\AppData
[2010.02.03 09:53:56 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Public\Desktop
[2009.04.22 06:58:05 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Public\Favorites
[2009.06.12 21:11:08 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Public\Libraries
[2009.06.12 21:17:22 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\Public\Recorded TV\TempRec
[2009.06.12 20:10:36 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData
[2010.02.08 11:17:49 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2009.06.12 20:10:54 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2009.06.12 21:07:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2009.06.12 21:17:30 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Media Player\Art Cache
[2009.07.13 15:45:03 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky
[2009.08.14 06:40:33 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Windows\Burn\Burn
[2009.06.12 23:11:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2009.06.12 23:11:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
[2009.11.10 17:00:17 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Local\VirtualStore\ProgramData
[2009.06.12 20:10:54 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2009.06.12 21:07:19 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2009.06.12 21:06:43 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2009.06.12 21:06:48 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\RS\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009.06.12 20:50:14 | 000,000,000 | -H-D | M] -- C:\Windows.old\Windows\ServiceProfiles\LocalService\AppData
[2009.06.12 21:17:26 | 000,000,000 | -H-D | M] -- C:\Windows.old\Windows\ServiceProfiles\NetworkService\AppData
[2009.06.12 21:11:18 | 000,000,000 | -H-D | M] -- C:\Windows.old\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
[2010.02.20 20:57:59 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2010.02.20 21:25:38 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2010.02.20 21:03:24 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Mezipaměť grafiky

========== Base Services ==========
SRV - [2009.07.14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013.02.27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013.09.25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012.07.04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011.03.03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012.10.03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011.05.24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013.09.25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013.09.25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012.05.01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< >
[2009.07.14 05:53:46 | 000,032,590 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.01.22 20:02:24 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000Core.job
[2011.01.22 20:02:25 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000UA.job
[2012.10.09 17:19:23 | 000,000,486 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job

< MD5 for: ACPI.SYS >
[2009.04.22 06:24:28 | 000,274,512 | ---- | M] (Microsoft Corporation) MD5=2E435A481093246930D113762FD40F52 -- C:\Windows.old\Windows\System32\drivers\acpi.sys
[2009.04.22 06:24:28 | 000,274,512 | ---- | M] (Microsoft Corporation) MD5=2E435A481093246930D113762FD40F52 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_99ab58497138c23a\acpi.sys
[2009.04.22 06:24:28 | 000,274,512 | ---- | M] (Microsoft Corporation) MD5=2E435A481093246930D113762FD40F52 -- C:\Windows.old\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7100.0_none_937bbc65231da091\acpi.sys
[2010.11.20 13:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) MD5=CEA80C80BED809AA0DA6FEBC04733349 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_24902def2c49e853\acpi.sys
[2010.11.20 13:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) MD5=CEA80C80BED809AA0DA6FEBC04733349 -- C:\Windows\System32\drivers\acpi.sys
[2010.11.20 13:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) MD5=CEA80C80BED809AA0DA6FEBC04733349 -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_a1f4891fe0de4401\acpi.sys
[2010.11.20 13:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) MD5=CEA80C80BED809AA0DA6FEBC04733349 -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_24902def2c49e853\acpi.sys
[2009.07.14 02:26:15 | 000,274,496 | ---- | M] (Microsoft Corporation) MD5=F0E07D144C8685B8774BC32FC8DA4DF0 -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_225f1a272f5b64b9\acpi.sys

< MD5 for: AFD.SYS >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2009.04.22 04:10:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=183C34872F51D34A41C0EDD3BA05C973 -- C:\Windows.old\Windows\System32\drivers\afd.sys
[2009.04.22 04:10:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=183C34872F51D34A41C0EDD3BA05C973 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7100.0_none_48db3af3b382f099\afd.sys
[2013.09.14 01:57:08 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=66DD39CA12BAEB8D32111581769D9117 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_da50efe2d5eab341\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
[2013.09.14 01:48:58 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F81BB7E487EDCEAB630A7EE66CF23913 -- C:\Windows\System32\drivers\afd.sys
[2013.09.14 01:48:58 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F81BB7E487EDCEAB630A7EE66CF23913 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_d9b98067bcd7e63c\afd.sys

< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
[2009.04.22 06:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009.04.22 06:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009.04.22 06:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\System32\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7100.0_none_52e6e5ab16d6f438\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.05.01 02:07:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=000ECD1B87C0E2D91AEC3FA64A8A9129 -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009.05.01 02:07:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=000ECD1B87C0E2D91AEC3FA64A8A9129 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_83a9c8778e6b3164\cdrom.sys
[2009.05.01 02:07:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=000ECD1B87C0E2D91AEC3FA64A8A9129 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.13_none_385ff5904421627f\cdrom.sys
[2009.05.01 02:29:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=3E6941E07978929E010BC29FB48B09AA -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.4101_none_954d9e073b20709d\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_979e56719b05c594\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.0_none_d09c5443f8dd3b93\cdrom.sys

< MD5 for: CMD.EXE >
[2009.04.22 06:18:51 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=6BB04E736F6E842C97A9B177F7C41E1B -- C:\Windows.old\Windows\System32\cmd.exe
[2009.04.22 06:18:51 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=6BB04E736F6E842C97A9B177F7C41E1B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7100.0_none_fbffbf1e6f725ab8\cmd.exe
[2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=8AE6DD9A6D246004DA047F704F0CC487 -- C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7600.16385_none_8ae31ce07bb01ee0\cmd.exe
[2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_8d1430a8789ea27a\cmd.exe
[2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\System32\cmd.exe
[2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) MD5=AD7B9C14083B52BC532FBA5948342B98 -- C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_8d1430a8789ea27a\cmd.exe

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.04.22 06:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows.old\Windows\System32\cngaudit.dll
[2009.04.22 06:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012.06.02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012.04.24 05:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012.04.24 05:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013.05.10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013.05.13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2009.04.22 06:20:07 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=3DA62576A423BB1A9D882F7CDEAF21BB -- C:\Windows.old\Windows\System32\cryptsvc.dll
[2009.04.22 06:20:07 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=3DA62576A423BB1A9D882F7CDEAF21BB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7100.0_none_e6f291c5efe51f32\cryptsvc.dll
[2012.04.24 05:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2013.07.09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\erdnt\cache\cryptsvc.dll
[2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\System32\cryptsvc.dll
[2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2010.11.20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013.05.10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2012.06.02 05:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013.10.05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[2012.06.02 05:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[2012.04.24 05:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009.07.14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009.07.14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
[2009.04.22 06:18:53 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=3CC118024EAFDD6F1302F2CADFA90888 -- C:\Windows.old\Windows\System32\csrss.exe
[2009.04.22 06:18:53 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=3CC118024EAFDD6F1302F2CADFA90888 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7100.0_none_c9d6dc39392b7f95\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_c2a79f73ced24008\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.04.22 04:11:23 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7597DF0FD7028049D770DDF4AB86B50D -- C:\Windows.old\Windows\System32\drivers\fastfat.sys
[2009.04.22 04:11:23 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7597DF0FD7028049D770DDF4AB86B50D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7100.0_none_1fa623e1ac79fa28\fastfat.sys
[2009.07.14 00:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009.07.14 00:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys

< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\System32\hal.dll
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7100.0_none_1c1beb05aec0089e\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: I8042PRT.SYS >
[2009.07.14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009.07.14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
[2009.07.14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009.07.14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys
[2009.07.14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys
[2009.07.14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys
[2009.04.22 04:08:48 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=FF72BE8FE6F69667E2C86111B4EA201B -- C:\Windows.old\Windows\System32\drivers\i8042prt.sys
[2009.04.22 04:08:48 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=FF72BE8FE6F69667E2C86111B4EA201B -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_c8a83afa72fbf87b\i8042prt.sys
[2009.04.22 04:08:48 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=FF72BE8FE6F69667E2C86111B4EA201B -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_b65ef379c8c62294\i8042prt.sys
[2009.04.22 04:08:48 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=FF72BE8FE6F69667E2C86111B4EA201B -- C:\Windows.old\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7100.0_none_0841663a2e0ebdc7\i8042prt.sys
[2009.04.22 04:08:48 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=FF72BE8FE6F69667E2C86111B4EA201B -- C:\Windows.old\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7100.0_none_bf2703de2771049b\i8042prt.sys

< MD5 for: IASTORV.SYS >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2009.04.22 06:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009.04.22 06:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.04.22 06:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
[2009.04.22 06:24:06 | 000,046,672 | ---- | M] (Microsoft Corporation) MD5=C3B2BCDC1C62EB774C1625F8023671CA -- C:\Windows.old\Windows\System32\drivers\isapnp.sys
[2009.04.22 06:24:06 | 000,046,672 | ---- | M] (Microsoft Corporation) MD5=C3B2BCDC1C62EB774C1625F8023671CA -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\isapnp.sys
[2009.04.22 06:24:06 | 000,046,672 | ---- | M] (Microsoft Corporation) MD5=C3B2BCDC1C62EB774C1625F8023671CA -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\isapnp.sys

< MD5 for: KBDCLASS.SYS >
[2009.04.22 06:24:03 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=21D8C59033A6F62DE759236F14BCC693 -- C:\Windows.old\Windows\System32\drivers\kbdclass.sys
[2009.04.22 06:24:03 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=21D8C59033A6F62DE759236F14BCC693 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_c8a83afa72fbf87b\kbdclass.sys
[2009.04.22 06:24:03 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=21D8C59033A6F62DE759236F14BCC693 -- C:\Windows.old\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7100.0_none_0841663a2e0ebdc7\kbdclass.sys
[2009.07.14 02:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=ADEF52CA1AEAE82B50DF86B56413107E -- C:\Windows\erdnt\cache\kbdclass.sys
[2009.07.14 02:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=ADEF52CA1AEAE82B50DF86B56413107E -- C:\Windows\System32\drivers\kbdclass.sys
[2009.07.14 02:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=ADEF52CA1AEAE82B50DF86B56413107E -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\kbdclass.sys
[2009.07.14 02:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=ADEF52CA1AEAE82B50DF86B56413107E -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\kbdclass.sys
[2009.07.14 02:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) MD5=ADEF52CA1AEAE82B50DF86B56413107E -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\kbdclass.sys

< MD5 for: LSASS.EXE >
[2011.11.17 08:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013.09.25 01:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2009.04.22 06:19:08 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=62C4EF46A710A84416AEA89E52C01833 -- C:\Windows.old\Windows\System32\lsass.exe
[2009.04.22 06:19:08 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=62C4EF46A710A84416AEA89E52C01833 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7100.0_none_173d8323b1e1097f\lsass.exe
[2013.09.25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\erdnt\cache\lsass.exe
[2013.09.25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\System32\lsass.exe
[2013.09.25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011.11.17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011.11.17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2012.06.02 05:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011.11.17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011.11.17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012.06.02 05:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011.11.17 06:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2012.08.22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2009.05.13 07:43:45 | 000,710,728 | ---- | M] (Microsoft Corporation) MD5=162F14C805F121CFFAE748D65F6E50FF -- C:\Windows.old\Windows\System32\drivers\ndis.sys
[2009.05.13 07:43:45 | 000,710,728 | ---- | M] (Microsoft Corporation) MD5=162F14C805F121CFFAE748D65F6E50FF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7100.19_none_807d3cc4bc699f13\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2009.05.13 08:22:42 | 000,710,744 | ---- | M] (Microsoft Corporation) MD5=37A5706ECE054AE59C1672BC06AF646F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7100.4108_none_dd1fbe77b3a0d702\ndis.sys
[2012.08.22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\erdnt\cache\ndis.sys
[2012.08.22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012.08.22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010.11.20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
[2010.11.20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
[2009.04.22 06:24:26 | 000,710,736 | ---- | M] (Microsoft Corporation) MD5=FE0FFC312609BD9EB75E57F930BB0236 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7100.0_none_18ba24287124de61\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.04.22 06:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.22 06:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2012.08.31 18:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
[2011.03.11 06:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010.11.20 13:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2010.11.20 13:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009.07.14 02:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2012.08.31 18:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a69715e87e02f01c\ntfs.sys
[2013.04.12 14:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\erdnt\cache\ntfs.sys
[2013.04.12 14:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\System32\drivers\ntfs.sys
[2013.04.12 14:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys
[2012.08.31 18:20:14 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=72D1BB12770F86033C73E288CD8E3869 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71db3bb97234108\ntfs.sys
[2013.03.02 06:01:18 | 001,211,240 | ---- | M] (Microsoft Corporation) MD5=76371F9D9FCDE3ACDFEC3D7C3E585FB5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21483_none_a6cf054f975eb5c1\ntfs.sys
[2011.03.11 06:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2013.03.02 06:07:36 | 001,212,264 | ---- | M] (Microsoft Corporation) MD5=9CDAEBE5160B9AF02AE17C62BDB6C4B5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_a88545c87b23ee60\ntfs.sys
[2013.03.02 06:09:19 | 001,210,712 | ---- | M] (Microsoft Corporation) MD5=A458A5F7FD79C477D40ED42CF5A230CB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17267_none_a65f079e7e2d464a\ntfs.sys
[2013.04.12 14:53:03 | 001,213,288 | ---- | M] (Microsoft Corporation) MD5=A543D7FD38F51123CA6B8B4722E4D322 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys
[2011.03.11 06:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2013.04.12 14:58:11 | 001,210,728 | ---- | M] (Microsoft Corporation) MD5=A8F59428E9F361C7AC42A94AC1560BC9 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17281_none_a643660a7e42e622\ntfs.sys
[2009.04.22 06:24:27 | 001,210,448 | ---- | M] (Microsoft Corporation) MD5=B2B1E77C5284C86977115FE9F220843E -- C:\Windows.old\Windows\System32\drivers\ntfs.sys
[2009.04.22 06:24:27 | 001,210,448 | ---- | M] (Microsoft Corporation) MD5=B2B1E77C5284C86977115FE9F220843E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7100.0_none_1764221e72016adc\ntfs.sys
[2013.03.02 05:30:20 | 001,213,272 | ---- | M] (Microsoft Corporation) MD5=BDC9CE1B497B6C266ED70E3D34184F40 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_a8bf31f7947dec65\ntfs.sys
[2011.03.11 06:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
[2013.04.12 16:59:24 | 001,211,240 | ---- | M] (Microsoft Corporation) MD5=E3B53A54A7AF3B3098701783BA15FF75 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21499_none_a6ca371f976169bc\ntfs.sys
[2012.08.31 18:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys

< MD5 for: NTKRNLPA.EXE >
[2013.05.06 06:10:20 | 003,972,968 | ---- | M] (Microsoft Corporation) MD5=02E107F819E1EE4ED0423B045D042789 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22318_none_6ec54d052b7f52c5\ntkrnlpa.exe
[2010.06.19 07:33:29 | 003,955,080 | ---- | M] (Microsoft Corporation) MD5=05288B088C0DFAC60D6BCF878FC32B60 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe
[2012.03.06 06:59:41 | 003,958,128 | ---- | M] (Microsoft Corporation) MD5=06EF177FE7FEBB1314E42F568FCB55A3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntkrnlpa.exe
[2012.03.06 06:41:34 | 003,972,464 | ---- | M] (Microsoft Corporation) MD5=07B026E7A2C873D09F0073141EE2099E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[2011.11.19 15:25:48 | 003,957,616 | ---- | M] (Microsoft Corporation) MD5=0B77AC2B94DFE3297B7462E7966ABA42 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe
[2011.10.26 05:42:37 | 003,957,104 | ---- | M] (Microsoft Corporation) MD5=0E5E92C8AA8ADA52D37D551E322BF1FA -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntkrnlpa.exe
[2011.10.26 05:51:11 | 003,970,416 | ---- | M] (Microsoft Corporation) MD5=0E725E4D29CBA35E680DD51099EB6598 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntkrnlpa.exe
[2011.04.09 07:02:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=102A6182087B18C795664BCD22EB52E9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[2011.06.23 05:32:02 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=11486D4317D57C6F5E4DC902EF75D811 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe
[2010.11.20 13:30:06 | 003,966,848 | ---- | M] (Microsoft Corporation) MD5=144BD78C6103C8616DE047B3532142DB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[2010.11.20 13:30:06 | 003,966,848 | ---- | M] (Microsoft Corporation) MD5=144BD78C6103C8616DE047B3532142DB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[2013.07.08 06:08:20 | 003,973,056 | ---- | M] (Microsoft Corporation) MD5=16A6C242C9B4DCA5A0B0FB7A95A75D70 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntkrnlpa.exe
[2011.06.23 05:38:05 | 003,957,120 | ---- | M] (Microsoft Corporation) MD5=1F969255E068D451BAC2D4FB0BD8C9C3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe
[2010.02.27 13:07:48 | 003,954,568 | ---- | M] (Microsoft Corporation) MD5=20926A3F64BFFCD92BAA5ECE9D65CC4A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
[2013.01.05 05:53:01 | 003,970,920 | ---- | M] (Microsoft Corporation) MD5=291E9950A38F49A5C0BBC097C6D1A07D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntkrnlpa.exe
[2010.06.19 07:37:01 | 003,964,800 | ---- | M] (Microsoft Corporation) MD5=2A37766F5121E98271ECD811A60D9420 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe
[2011.11.19 12:11:29 | 003,971,440 | ---- | M] (Microsoft Corporation) MD5=2EDA0DCCF5F00CDB91A9ECBE45CB0B3D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[2012.08.30 18:18:33 | 003,958,128 | ---- | M] (Microsoft Corporation) MD5=31805BFA4DC62A55D1C2193237DECC0F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_6c554d82153b4f9a\ntkrnlpa.exe
[2011.11.19 15:50:02 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=31C59B0CA08B1203E35D2BA19319279E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[2011.06.23 06:55:25 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=3624D782F8B061B6FBA3A35E2FE53CFD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[2012.03.06 06:59:13 | 003,971,440 | ---- | M] (Microsoft Corporation) MD5=3B237D98A0DFC9395C7D97E33AA38ACF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntkrnlpa.exe
[2013.03.19 05:41:10 | 003,972,440 | ---- | M] (Microsoft Corporation) MD5=3DFCBEEE97DF8BBAA749CAACFC9C43E1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[2013.05.06 06:06:47 | 003,968,872 | ---- | M] (Microsoft Corporation) MD5=3F63CF7DF313428CA9C5D1F410DF4645 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18147_none_6e1a3e46127af050\ntkrnlpa.exe
[2012.03.06 06:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=43711ABF8AE553A7B5FFFF61E60C419D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[2013.03.19 06:04:04 | 003,971,432 | ---- | M] (Microsoft Corporation) MD5=448A0336B56C2E927AAE8E903C721800 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_6c806c692ea0fe82\ntkrnlpa.exe
[2013.08.29 02:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) MD5=482C8CD985C727C7C78A5E9B320947F0 -- C:\Windows\erdnt\cache\ntkrnlpa.exe
[2013.08.29 02:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) MD5=482C8CD985C727C7C78A5E9B320947F0 -- C:\Windows\System32\ntkrnlpa.exe
[2013.08.29 02:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) MD5=482C8CD985C727C7C78A5E9B320947F0 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[2013.01.05 06:02:17 | 003,957,608 | ---- | M] (Microsoft Corporation) MD5=4FC77400373F727993B96CD2AD5C94CC -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntkrnlpa.exe
[2012.08.30 19:11:01 | 003,971,440 | ---- | M] (Microsoft Corporation) MD5=543F90836EFEB1CCE1DC547EF94CABAC -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntkrnlpa.exe
[2013.01.05 06:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation) MD5=660100CB90F344040EF57F52FC0681C3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[2009.04.22 06:24:28 | 003,953,232 | ---- | M] (Microsoft Corporation) MD5=6C51A94E1557197295A931FE8CD345AB -- C:\Windows.old\Windows\System32\ntkrnlpa.exe
[2009.04.22 06:24:28 | 003,953,232 | ---- | M] (Microsoft Corporation) MD5=6C51A94E1557197295A931FE8CD345AB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7100.0_none_dd235a020938e3b1\ntkrnlpa.exe
[2012.08.30 18:06:08 | 003,972,464 | ---- | M] (Microsoft Corporation) MD5=770FEEA2823E463D68E170D7EA6FAEBA -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[2012.08.30 18:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) MD5=7E1EC00B7D0D33A67DFC563574EEFF93 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[2011.04.09 07:21:36 | 003,967,360 | ---- | M] (Microsoft Corporation) MD5=83515CDDB47B08F65F1EC7451778C3CD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe
[2013.03.19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) MD5=88355CFE81D381F93C74716DAA803587 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[2013.01.05 05:49:01 | 003,971,928 | ---- | M] (Microsoft Corporation) MD5=8E43161944CE6E3A1F2B2618B992A8CE -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[2010.10.27 05:33:37 | 003,966,848 | ---- | M] (Microsoft Corporation) MD5=8E641A407A795DFB7B3A34053EF8DB39 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[2012.03.31 05:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) MD5=8F6D5704D7522AAB8B4B82C0D35D9184 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[2009.12.08 12:40:12 | 003,955,288 | ---- | M] (Microsoft Corporation) MD5=92345529A07F31547D73FF6E32E1AFE9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe
[2012.03.31 05:37:34 | 003,971,952 | ---- | M] (Microsoft Corporation) MD5=93358348D0B79812CAAA83A1377E4449 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[2009.12.08 13:04:13 | 003,954,776 | ---- | M] (Microsoft Corporation) MD5=9961859237C15878493ADE2119991614 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe
[2011.04.09 07:01:20 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=9CF7F5D025183FA10E130445BC071B70 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[2012.04.02 05:46:44 | 003,958,128 | ---- | M] (Microsoft Corporation) MD5=9D19079820928D72A5708A668B5B62AE -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe
[2011.06.23 05:33:57 | 003,967,872 | ---- | M] (Microsoft Corporation) MD5=A4A8EF2ACE5FA5863AA0B04C9BBFECA7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[2010.10.27 05:43:37 | 003,957,120 | ---- | M] (Microsoft Corporation) MD5=A6DCF9F73F2FCA7A96D9585817A08B43 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[2011.11.19 12:24:02 | 003,971,440 | ---- | M] (Microsoft Corporation) MD5=AC9FBC2847286AD78232EC9C66E28CA7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe
[2013.03.19 06:06:09 | 003,958,120 | ---- | M] (Microsoft Corporation) MD5=B02D4E4A4EBEF9E33488969DF6E9BC22 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntkrnlpa.exe
[2012.03.31 05:43:25 | 003,970,928 | ---- | M] (Microsoft Corporation) MD5=C6D1D128DE4148E35B6C04B6892EB71A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe
[2013.07.09 06:03:34 | 003,968,960 | ---- | M] (Microsoft Corporation) MD5=DD5F17D44E9966E7EA447AE8C4D12D6C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntkrnlpa.exe
[2009.07.14 02:20:44 | 003,954,768 | ---- | M] (Microsoft Corporation) MD5=E2A8596576873BC5D509031DECD8C95D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
[2013.08.29 02:58:44 | 003,973,568 | ---- | M] (Microsoft Corporation) MD5=EB6B2FB5EE07337C8B4F3A16CBC18BE3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[2011.04.09 07:13:06 | 003,957,632 | ---- | M] (Microsoft Corporation) MD5=EEDB427EAC109E0711642B65C229BC59 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe
[2011.10.26 05:47:40 | 003,967,856 | ---- | M] (Microsoft Corporation) MD5=F2368C2A4B126B2EAEF1985116B88A1D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntkrnlpa.exe
[2010.02.27 12:46:27 | 003,954,568 | ---- | M] (Microsoft Corporation) MD5=FC781D4359B553D62CBAD9F658E68784 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
[2011.10.26 08:01:50 | 003,970,928 | ---- | M] (Microsoft Corporation) MD5=FC9183A26D2AD7BD68F471262CF3946D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntkrnlpa.exe

< MD5 for: NTOSKRNL.EXE >
[2011.11.19 12:11:28 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=00B12EA93ED392FBD09F07B63E926647 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[2011.04.09 07:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[2012.03.06 06:59:41 | 003,902,320 | ---- | M] (Microsoft Corporation) MD5=0FB535B17A519134C5F9867841B019AF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntoskrnl.exe
[2010.11.20 13:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2010.11.20 13:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2012.03.31 05:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=28F44480E411C3DDF04B63F6560E6EF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[2013.03.19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) MD5=2DFAB8C3C394E95D262E1325BDA5DFE4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntoskrnl.exe
[2012.03.31 05:37:33 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=2E02A17E8965AD671E4987E503AD38B1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[2013.01.05 05:49:01 | 003,916,648 | ---- | M] (Microsoft Corporation) MD5=2E083C7D9CA98B63FA8F8062874E9327 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe
[2010.02.27 12:46:28 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=466FD46F58768E56F7B841681014EFF1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[2011.11.19 12:24:02 | 003,915,632 | ---- | M] (Microsoft Corporation) MD5=46F86A3471AE24A604CB7E56983C8AE4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe
[2013.07.08 06:08:20 | 003,918,272 | ---- | M] (Microsoft Corporation) MD5=49248651E41EE81D4C1FFDE28FDC096C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntoskrnl.exe
[2012.08.30 18:06:07 | 003,917,168 | ---- | M] (Microsoft Corporation) MD5=5355A85D26EECFA3A68B1F55B0C59A20 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[2012.03.06 06:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53B4BDEA12A032EEC71E60B6BFF42F37 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[2009.04.22 06:24:27 | 003,897,936 | ---- | M] (Microsoft Corporation) MD5=55B63DC54E773F64C344CFF0974F3D53 -- C:\Windows.old\Windows\System32\ntoskrnl.exe
[2009.04.22 06:24:27 | 003,897,936 | ---- | M] (Microsoft Corporation) MD5=55B63DC54E773F64C344CFF0974F3D53 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7100.0_none_dd235a020938e3b1\ntoskrnl.exe
[2013.05.06 06:06:47 | 003,913,576 | ---- | M] (Microsoft Corporation) MD5=575DDD83B40880E1DEB48758673BDA71 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18147_none_6e1a3e46127af050\ntoskrnl.exe
[2012.03.06 06:41:34 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=57B7DE30C4E65AD19CA13AC3065EE60B -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[2011.04.09 07:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2012.08.30 19:11:00 | 003,915,632 | ---- | M] (Microsoft Corporation) MD5=60D216C90A0A306A2A1E69B9EC4A2BA7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntoskrnl.exe
[2011.06.23 05:32:02 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=638A384E9968036D42BDBDE499A1C8B8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[2012.04.02 05:46:44 | 003,902,320 | ---- | M] (Microsoft Corporation) MD5=678AD0F9DB55F9127851CD631456F483 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntoskrnl.exe
[2009.12.08 13:04:13 | 003,899,992 | ---- | M] (Microsoft Corporation) MD5=6C2EFFCA281F6F5044810890A0589596 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntoskrnl.exe
[2011.10.26 05:42:38 | 003,901,808 | ---- | M] (Microsoft Corporation) MD5=7539CEF9F7FF4DDAE24DAE5389DDE2C3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntoskrnl.exe
[2010.10.27 05:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[2013.03.19 05:41:07 | 003,916,632 | ---- | M] (Microsoft Corporation) MD5=80A652978002318C9723D43CFA618816 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntoskrnl.exe
[2013.08.29 02:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) MD5=813A7F5A2D6D366EB3FFB643B851BCE5 -- C:\Windows\erdnt\cache\ntoskrnl.exe
[2013.08.29 02:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) MD5=813A7F5A2D6D366EB3FFB643B851BCE5 -- C:\Windows\System32\ntoskrnl.exe
[2013.08.29 02:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) MD5=813A7F5A2D6D366EB3FFB643B851BCE5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntoskrnl.exe
[2010.06.19 07:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2013.01.05 06:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) MD5=82FF919E9236B0137B5C7455B0E1418A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe
[2011.10.26 05:51:10 | 003,915,120 | ---- | M] (Microsoft Corporation) MD5=8B5B4BEC86A77D10820E0BA21249A6B7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntoskrnl.exe
[2012.08.30 18:18:33 | 003,902,832 | ---- | M] (Microsoft Corporation) MD5=8C8FC2396921C0F897721718ABD5E70B -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_6c554d82153b4f9a\ntoskrnl.exe
[2011.06.23 06:55:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=90EFDB506F6140EEA9DEE398D9449D86 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[2012.08.30 18:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) MD5=948F0B444CB6CC35FE5F9DE52420CB95 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[2013.08.29 02:58:41 | 003,918,272 | ---- | M] (Microsoft Corporation) MD5=998141EB656327F13B8EEC01BAADC5D4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntoskrnl.exe
[2011.10.26 05:47:40 | 003,912,560 | ---- | M] (Microsoft Corporation) MD5=9DBEE8D5230881B583CF95F7C3BB8BB0 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntoskrnl.exe
[2013.03.19 06:04:04 | 003,915,608 | ---- | M] (Microsoft Corporation) MD5=9EBA1C36121835E6828AC9903F1F9AE0 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_6c806c692ea0fe82\ntoskrnl.exe
[2013.07.09 06:03:34 | 003,913,664 | ---- | M] (Microsoft Corporation) MD5=9FA7BF625122CCAC90FCD307174D8CF3 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntoskrnl.exe
[2013.01.05 06:02:17 | 003,902,312 | ---- | M] (Microsoft Corporation) MD5=B089270BACB16B8A1F0FDE1529DBFE65 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntoskrnl.exe
[2012.03.06 06:59:13 | 003,915,632 | ---- | M] (Microsoft Corporation) MD5=B83E403A94C4CB2D0576DD6945469D16 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntoskrnl.exe
[2009.07.14 02:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010.10.27 05:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[2009.12.08 12:40:12 | 003,899,464 | ---- | M] (Microsoft Corporation) MD5=CB51AEB061A5454CFC59B0B68ACF53A4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntoskrnl.exe
[2013.03.19 06:06:09 | 003,902,312 | ---- | M] (Microsoft Corporation) MD5=D1751CB2E03D7F57AC04C702D02974AC -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntoskrnl.exe
[2011.04.09 07:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2010.06.19 07:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2012.03.31 05:43:25 | 003,915,632 | ---- | M] (Microsoft Corporation) MD5=D909EAFA618BC9DB2615303DA3D9C830 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntoskrnl.exe
[2013.01.05 05:53:01 | 003,915,112 | ---- | M] (Microsoft Corporation) MD5=D93B06F0419392A2BEA3DDCFFB78FF37 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntoskrnl.exe
[2011.04.09 07:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[2010.02.27 13:07:48 | 003,899,280 | ---- | M] (Microsoft Corporation) MD5=DD2ED3246F5F4E4B07F385A9520C3C7C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[2011.06.23 05:38:04 | 003,902,336 | ---- | M] (Microsoft Corporation) MD5=DFB0E9F902FDAB7CD2E180E4072D45DD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[2013.05.06 06:10:20 | 003,917,160 | ---- | M] (Microsoft Corporation) MD5=E11BCB5515281519820F1D6EEAC4EDE7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22318_none_6ec54d052b7f52c5\ntoskrnl.exe
[2011.10.26 08:01:50 | 003,915,120 | ---- | M] (Microsoft Corporation) MD5=EB58B25AF04D7C036E648E0406AAB431 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntoskrnl.exe
[2011.11.19 15:50:02 | 003,913,584 | ---- | M] (Microsoft Corporation) MD5=F0F0E99A65F598A1A7720F5111C4DA8F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[2011.06.23 05:33:57 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=FB58ABD5E1F75A2CF713C9DFF0EC0804 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[2011.11.19 15:25:48 | 003,902,320 | ---- | M] (Microsoft Corporation) MD5=FBF900DF512EC6C5818E1554EC69A7A5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe

< MD5 for: NVRAID.SYS >
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2009.04.22 06:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) MD5=4A5984C5859D951D0B62B7B406AFE357 -- C:\Windows.old\Windows\System32\drivers\nvraid.sys
[2009.04.22 06:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) MD5=4A5984C5859D951D0B62B7B406AFE357 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvraid.sys
[2009.04.22 06:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) MD5=4A5984C5859D951D0B62B7B406AFE357 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvraid.sys
[2010.11.20 13:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2010.11.20 13:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 13:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011.03.11 06:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011.03.11 06:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 06:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011.03.11 06:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011.03.11 06:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011.03.11 06:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.04.22 06:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009.04.22 06:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009.04.22 06:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: REGEDIT.EXE >
[2009.04.22 06:19:22 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=3A258B0E6EADC270C5D2156202E801D9 -- C:\Windows.old\Windows\regedit.exe
[2009.04.22 06:19:22 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=3A258B0E6EADC270C5D2156202E801D9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7100.0_none_6521adc630ee77e0\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\erdnt\cache\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\System32\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7100.0_none_4052b8c9225ed253\services.exe

< MD5 for: SMSS.EXE >
[2013.03.19 03:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013.03.19 03:51:05 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013.07.08 04:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2009.04.22 06:19:30 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=846B9BCE1C4CFC944D04DFC476C850AA -- C:\Windows.old\Windows\System32\smss.exe
[2009.04.22 06:19:30 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=846B9BCE1C4CFC944D04DFC476C850AA -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7100.0_none_1d2da05e6e477103\smss.exe
[2013.03.19 03:50:03 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013.08.29 01:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2013.03.19 03:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\System32\smss.exe
[2013.03.19 03:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2013.05.06 04:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe

< MD5 for: SPOOLSV.EXE >
[2012.02.11 06:31:45 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=13B48314BF02091B30597DF20B71CBAC -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_d6daba6e3bd61215\spoolsv.exe
[2010.08.20 05:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009.07.14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010.11.20 13:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010.11.20 13:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\erdnt\cache\spoolsv.exe
[2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\System32\spoolsv.exe
[2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[2009.04.22 06:19:33 | 000,313,856 | ---- | M] (Microsoft Corporation) MD5=BF197280C152DE799B283575773D5FD7 -- C:\Windows.old\Windows\System32\spoolsv.exe
[2009.04.22 06:19:33 | 000,313,856 | ---- | M] (Microsoft Corporation) MD5=BF197280C152DE799B283575773D5FD7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7100.0_none_473e9b83169e965f\spoolsv.exe
[2012.02.11 06:21:14 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe
[2010.08.21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
[2012.02.11 06:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=E17323B0AA9FB3FF9945731D736EDA2F -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_d634a3a322cec58a\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\System32\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7100.0_none_26ae52025a638f2e\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.05.13 08:22:42 | 001,267,288 | ---- | M] (Microsoft Corporation) MD5=26594595C626E4845CDFCAC6038E3DE3 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.4108_none_e876a502fdf80ae0\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 06:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2009.05.13 07:43:46 | 001,267,288 | ---- | M] (Microsoft Corporation) MD5=473DAB2B280C4751D1C3C67D5925D666 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009.05.13 07:43:46 | 001,267,288 | ---- | M] (Microsoft Corporation) MD5=473DAB2B280C4751D1C3C67D5925D666 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.19_none_8bd4235006c0d2f1\tcpip.sys
[2013.01.04 05:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 06:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.0_none_24110ab3bb7c123f\tcpip.sys
[2013.07.06 05:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2012.03.30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2013.05.08 07:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011.09.29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2013.09.07 03:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 06:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 06:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2013.01.04 05:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2011.06.21 06:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2013.09.08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\erdnt\cache\tcpip.sys
[2013.09.08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013.09.08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013.05.08 06:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012.10.03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2011.06.21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: TDX.SYS >
[2009.04.22 04:09:30 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=890765BBEE701E758E35BF8E2EF1857C -- C:\Windows.old\Windows\System32\drivers\tdx.sys
[2009.04.22 04:09:30 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=890765BBEE701E758E35BF8E2EF1857C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7100.0_none_5b30c0ad312b7a00\tdx.sys
[2010.11.20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
[2010.11.20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2010.11.20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010.11.20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009.07.14 00:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USER32.DLL >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009.04.22 06:22:10 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=5CF35E5261DAA5C68DEBA4618DBE4121 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.0_none_3e2b64a2c272507b\user32.dll
[2009.05.13 07:28:15 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=A025B11D116A571FCFAEB5B1FB61346A -- C:\Windows.old\Windows\System32\user32.dll
[2009.05.13 07:28:15 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=A025B11D116A571FCFAEB5B1FB61346A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.19_none_a5ee7d3f0db7112d\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2009.05.13 08:10:36 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F8EFD2F06AF7F6BD2C0E3E83A4E686E4 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.4108_none_0290fef204ee491c\user32.dll

< MD5 for: USERINIT.EXE >
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\System32\userinit.exe
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WDF01000.SYS >
[2013.06.25 23:56:40 | 000,527,064 | ---- | M] (Microsoft Corporation) MD5=25944D2CC49E0A6C581D02A74B7D6645 -- C:\Windows\System32\drivers\Wdf01000.sys
[2013.06.25 23:56:40 | 000,527,064 | ---- | M] (Microsoft Corporation) MD5=25944D2CC49E0A6C581D02A74B7D6645 -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_7807e58d7c6b9bde\Wdf01000.sys
[2009.04.22 06:23:56 | 000,445,008 | ---- | M] (Microsoft Corporation) MD5=6D77FF2224D2D3984760ACBDF4024A7B -- C:\Windows.old\Windows\System32\drivers\Wdf01000.sys
[2009.04.22 06:23:56 | 000,445,008 | ---- | M] (Microsoft Corporation) MD5=6D77FF2224D2D3984760ACBDF4024A7B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7100.0_none_e746109b7301ea33\Wdf01000.sys
[2009.07.14 02:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) MD5=9950E3D0F08141C7E89E64456AE7DC73 -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_76296e5d7f3fae5b\Wdf01000.sys
[2012.07.26 04:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) MD5=A840213F1ACDCC175B4D1D5AAEAC0D7A -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.17013_none_767300c37f08da42\Wdf01000.sys
[2012.07.26 04:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) MD5=A840213F1ACDCC175B4D1D5AAEAC0D7A -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.21203_none_77076f60981e5b42\Wdf01000.sys
[2012.07.26 04:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) MD5=A840213F1ACDCC175B4D1D5AAEAC0D7A -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_786457797c26f422\Wdf01000.sys
[2012.07.26 04:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) MD5=A840213F1ACDCC175B4D1D5AAEAC0D7A -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22004_none_78eeccb09543e085\Wdf01000.sys
[2013.06.25 23:57:32 | 000,527,064 | ---- | M] (Microsoft Corporation) MD5=CF68C54937BACCC0DA9A056FFA2A3988 -- C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22374_none_78a322ee957c9b91\Wdf01000.sys

< MD5 for: WIN32K.SYS >
[2011.11.24 05:21:21 | 002,350,080 | ---- | M] (Microsoft Corporation) MD5=02BFBA93CCF65EDD3BE36AFBD1551987 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_bb507535120d3b46\win32k.sys
[2012.06.12 03:44:03 | 002,344,448 | ---- | M] (Microsoft Corporation) MD5=03E35310E7C90E274D3FC69FD85B051B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17039_none_b903c427fbae5b04\win32k.sys
[2013.03.01 03:54:56 | 002,355,712 | ---- | M] (Microsoft Corporation) MD5=046885B67396DA1863AC957DA3FF31DC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22271_none_bb4081ab121a033b\win32k.sys
[2012.11.22 08:43:13 | 002,344,960 | ---- | M] (Microsoft Corporation) MD5=07AD63235FE8F350F727F7373819454B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17174_none_b8d384ebfbd3493c\win32k.sys
[2013.03.01 04:11:14 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=07D392455923063F463DB218AC5A2B0B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17266_none_b8e05751fbc95d20\win32k.sys
[2013.03.01 04:03:47 | 002,354,688 | ---- | M] (Microsoft Corporation) MD5=09F0DB0A4F4B5A94D0A7AE8EFF176C11 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21482_none_b950550314facc97\win32k.sys
[2012.11.23 04:23:23 | 002,354,688 | ---- | M] (Microsoft Corporation) MD5=0D38F23822E3E7213862EED55C2FA18B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22172_none_bb41800f12191f6b\win32k.sys
[2012.11.23 04:08:18 | 002,353,664 | ---- | M] (Microsoft Corporation) MD5=0F42829CD65E5BAD85AD908BAB6DBFAB -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21380_none_b94e528914fc9cc2\win32k.sys
[2011.06.11 03:40:56 | 002,341,376 | ---- | M] (Microsoft Corporation) MD5=124B16EC7B6EFEE21F2B6AF9930C5D9D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20983_none_b951759314f9be10\win32k.sys
[2009.04.22 04:24:18 | 002,323,456 | ---- | M] (Microsoft Corporation) MD5=19E84544D84D8A26B41E002DC8C3C159 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7100.0_none_29e6721bef9c9b09\win32k.sys
[2012.02.03 05:13:43 | 002,351,104 | ---- | M] (Microsoft Corporation) MD5=1D254EB0A5A2F1A6DA948D67E4F5D2CB -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys
[2010.10.20 04:00:24 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=2A289486AC840210526D55F457DDB03C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16691_none_b8bb047bfbe60d3b\win32k.sys
[2010.06.19 05:13:29 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=2DD6DCA5E68661380FC13F73D854618A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_b98c82d514ccb6c0\win32k.sys
[2012.11.22 04:04:47 | 002,353,664 | ---- | M] (Microsoft Corporation) MD5=304237E5B3DF3915C84EC5D284B5B96E -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21379_none_b962250f14ec64e0\win32k.sys
[2011.09.06 03:28:37 | 002,334,720 | ---- | M] (Microsoft Corporation) MD5=316B6B871CD99CDBBA3813EFB5D3593F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17685_none_bab03661f900bce0\win32k.sys
[2009.07.14 00:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) MD5=34999766FBCAB11BA5C4D26CE0378903 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_b8c9cfddfbda5f31\win32k.sys
[2009.05.13 03:51:54 | 002,323,968 | ---- | M] (Microsoft Corporation) MD5=3499ED5B5400D8500EA18F121956C6AE -- C:\Windows.old\Windows\System32\win32k.sys
[2009.05.13 03:51:54 | 002,323,968 | ---- | M] (Microsoft Corporation) MD5=3499ED5B5400D8500EA18F121956C6AE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7100.19_none_91a98ab83ae15bbb\win32k.sys
[2012.05.15 02:05:37 | 002,351,616 | ---- | M] (Microsoft Corporation) MD5=37B7B474158AB41E53D10473DA5F57D5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21215_none_b99f018914bf5ab7\win32k.sys
[2012.06.12 03:30:54 | 002,354,176 | ---- | M] (Microsoft Corporation) MD5=3C76BEB63EAB9055DCDEDDD5C53BB97A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22016_none_bb865ed911e4dffa\win32k.sys
[2013.08.28 02:04:30 | 002,348,544 | ---- | M] (Microsoft Corporation) MD5=445C354D772DFEBF46F73078C8C2C797 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18246_none_badc57fbf8df8b78\win32k.sys
[2012.11.22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=46538741E0230731D3635D12DF85A7B5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18009_none_bb0a94bdf8bc6d6b\win32k.sys
[2013.06.05 04:05:09 | 002,347,520 | ---- | M] (Microsoft Corporation) MD5=4D52150FC35E333F6CBBB6B6E6D9366D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18176_none_babbe651f8f7e224\win32k.sys
[2013.04.10 04:14:06 | 002,347,520 | ---- | M] (Microsoft Corporation) MD5=52948A58E4E64427DC399A409EF1CAB5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18126_none_baf1f5edf8cf566f\win32k.sys
[2012.02.03 04:54:27 | 002,343,424 | ---- | M] (Microsoft Corporation) MD5=5A9079677B2923127C43E880DC6A92CA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys
[2011.01.05 04:35:48 | 002,330,624 | ---- | M] (Microsoft Corporation) MD5=5C9B4781279418319F999D75379166EB -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21634_none_bb6ee09911f6ba77\win32k.sys
[2012.03.31 03:31:48 | 002,351,616 | ---- | M] (Microsoft Corporation) MD5=5E7C260B168054FCB68BE9C030A81CE8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_bb5a46bd12060325\win32k.sys
[2011.03.03 04:49:55 | 002,340,352 | ---- | M] (Microsoft Corporation) MD5=5EB944CB356805A9D17932D26D87BBBC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20914_none_b99e255114c013d0\win32k.sys
[2013.04.10 04:19:09 | 002,355,712 | ---- | M] (Microsoft Corporation) MD5=67938E8424598FF65DE0B6D48AFAB258 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22296_none_bb2fe3451225b9d0\win32k.sys
[2011.09.29 04:37:56 | 002,341,888 | ---- | M] (Microsoft Corporation) MD5=68086561B077267552496314B3730BAA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17697_none_baa76709f9070b7f\win32k.sys
[2010.11.20 10:09:20 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=687464342342B933D6B7FAA4A907AF4C -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_bafae3a5f8c8e2cb\win32k.sys
[2010.11.20 10:09:20 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=687464342342B933D6B7FAA4A907AF4C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_bafae3a5f8c8e2cb\win32k.sys
[2011.03.03 04:31:32 | 002,331,136 | ---- | M] (Microsoft Corporation) MD5=6941E265224A6A3C9F5F116696190B14 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16772_none_b8d1a683fbd4ebd7\win32k.sys
[2011.09.06 04:46:28 | 002,342,400 | ---- | M] (Microsoft Corporation) MD5=6C6EBCFCBCB1416C8E6C9E316C61AABA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21811_none_bb81835f11e930de\win32k.sys
[2013.03.01 04:09:59 | 002,347,008 | ---- | M] (Microsoft Corporation) MD5=6FCC2090F055F5C96236DCD057DD705D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_bb06957bf8c00536\win32k.sys
[2009.05.13 03:59:37 | 002,323,456 | ---- | M] (Microsoft Corporation) MD5=701A28B45D028D1D15A158734F6173A3 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7100.4108_none_ee4c0c6b321893aa\win32k.sys
[2011.06.11 03:29:25 | 002,334,208 | ---- | M] (Microsoft Corporation) MD5=7057358F26265EB5DEE28ED36C504D7A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17630_none_bae1448bf8dcb278\win32k.sys
[2013.01.04 03:59:29 | 002,355,712 | ---- | M] (Microsoft Corporation) MD5=73C7E51214D81E8D0B46C207CA2323C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22209_none_bb94336f11da0a5c\win32k.sys
[2013.06.04 04:17:38 | 002,356,224 | ---- | M] (Microsoft Corporation) MD5=79F3AF094AF785C4583387C4F4D2392A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22348_none_bb67f55b11fb5df0\win32k.sys
[2011.09.29 05:49:54 | 002,349,568 | ---- | M] (Microsoft Corporation) MD5=7D19B17342D31690A1F1F0668A383385 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21828_none_bb7db57911eafe30\win32k.sys
[2011.11.24 05:23:31 | 002,340,352 | ---- | M] (Microsoft Corporation) MD5=7FB4FC007502796CA9C23E2DE37AF966 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_b905b957fbae27c2\win32k.sys
[2012.11.22 04:23:26 | 002,354,688 | ---- | M] (Microsoft Corporation) MD5=8021E6077829435CC7D4005E4ADF22E3 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22171_none_bb407fc5121a0614\win32k.sys
[2012.10.18 18:47:50 | 002,354,176 | ---- | M] (Microsoft Corporation) MD5=842C2C543E030EC8406EFA64A841B19C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22137_none_bb71c13111f42e5a\win32k.sys
[2012.01.14 04:35:26 | 002,351,104 | ---- | M] (Microsoft Corporation) MD5=8921D709DF515FF7A801F43820D3A212 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21898_none_bb3206051223c1c7\win32k.sys
[2013.10.30 02:27:28 | 002,349,056 | ---- | M] (Microsoft Corporation) MD5=8ACB33EF85F9EA87D18FECEAD593A255 -- C:\Windows\System32\win32k.sys
[2013.10.30 02:27:28 | 002,349,056 | ---- | M] (Microsoft Corporation) MD5=8ACB33EF85F9EA87D18FECEAD593A255 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18300_none_bb0197d5f8c480d1\win32k.sys
[2010.05.01 15:38:59 | 002,327,040 | ---- | M] (Microsoft Corporation) MD5=8C90AB796EFEB63FD079D0323BC3E52B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20704_none_b9a8f17114b7fd91\win32k.sys
[2011.09.29 04:35:42 | 002,349,056 | ---- | M] (Microsoft Corporation) MD5=8EC950ADC497690D344DFA8B489A30B5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21060_none_b963ecaf14ec6d6b\win32k.sys
[2012.11.23 04:06:48 | 002,344,960 | ---- | M] (Microsoft Corporation) MD5=9148A35D8710DDDDE7BBDE32147827A0 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17175_none_b8d48535fbd26293\win32k.sys
[2011.06.11 03:37:19 | 002,332,672 | ---- | M] (Microsoft Corporation) MD5=950D9E5CBB7D7307A4AE199B10C73FE3 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16830_none_b8fae785fbb6468c\win32k.sys
[2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=97A30C905E6080E72E23425D72A15957 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17977_none_babd0c93f8f6cb12\win32k.sys
[2012.07.18 17:57:14 | 002,354,176 | ---- | M] (Microsoft Corporation) MD5=97B9865AFA75BD25EBC54A85D33554E1 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22060_none_bb4a4d811212d3a5\win32k.sys
[2012.05.15 02:05:38 | 002,343,936 | ---- | M] (Microsoft Corporation) MD5=97E30608734F953BE141CE5B4FD22CEF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17842_none_bad878fff8e2fb65\win32k.sys
[2011.01.05 04:37:38 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=99C83825A46B97CE5F69586D23F928B1 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16732_none_b8fce633fbb47c13\win32k.sys
[2013.08.28 02:08:30 | 002,357,248 | ---- | M] (Microsoft Corporation) MD5=9DA2F88950510900733F320DEA3567F7 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22435_none_bb6fc64f11f5f321\win32k.sys
[2011.09.29 05:20:25 | 002,339,840 | ---- | M] (Microsoft Corporation) MD5=9FEFA3577816CE56046A88E7AF46DFD4 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16889_none_b8cdda83fbd6b650\win32k.sys
[2012.07.18 18:47:53 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=A36F22FB7A78A0591DA3A6E0783825E7 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17904_none_bb05bb29f8c0bb76\win32k.sys
[2013.01.04 04:00:30 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=A7F9EAC3EC67C68B216A5AB22EE51BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17206_none_b92136d9fb98b57a\win32k.sys
[2012.01.14 04:39:27 | 002,350,080 | ---- | M] (Microsoft Corporation) MD5=ACCB44739D60B88D1B36B3699F143302 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21127_none_b996304b14c5ac2f\win32k.sys
[2010.09.01 03:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=B1CA529E534D6B1607D5ABDAE570744F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_b8e175fbfbc85172\win32k.sys
[2012.07.18 18:10:29 | 002,344,448 | ---- | M] (Microsoft Corporation) MD5=B20590705A646DC1E9FE1915062022F0 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17073_none_b8d282bbfbd432be\win32k.sys
[2011.06.11 04:28:14 | 002,341,888 | ---- | M] (Microsoft Corporation) MD5=B50256D1F720191264F0F7425942DBD9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21744_none_bb64129311fed38f\win32k.sys
[2012.05.15 02:12:09 | 002,342,400 | ---- | M] (Microsoft Corporation) MD5=B60D3972146C5AF3685A1F9977CE41F7 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17024_none_b90992a1fbaac060\win32k.sys
[2012.10.18 18:57:28 | 002,344,960 | ---- | M] (Microsoft Corporation) MD5=B7C53E7A0B5436FB475EB4A5404FE43F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17147_none_b8f6f58dfbb8416e\win32k.sys
[2011.11.24 05:26:56 | 002,349,568 | ---- | M] (Microsoft Corporation) MD5=BCA764B7CB22449A803D4149F5028A97 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_b94a7ef114fe729f\win32k.sys
[2012.03.31 03:38:35 | 002,351,104 | ---- | M] (Microsoft Corporation) MD5=C2A5AC4EE6F5F10A54E557B606257648 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21179_none_b962214314ec6a92\win32k.sys
[2013.01.04 03:56:44 | 002,354,688 | ---- | M] (Microsoft Corporation) MD5=C60F755DC0B32C7F782F4E7DFD348B5B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21416_none_b9a0059f14be6e5c\win32k.sys
[2011.03.03 04:18:52 | 002,340,864 | ---- | M] (Microsoft Corporation) MD5=C750F2271D87EB809ADD947A7C56FF1C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21673_none_bb42a09f121810e4\win32k.sys
[2010.09.01 07:16:51 | 002,328,064 | ---- | M] (Microsoft Corporation) MD5=C78BEE7964C8D99180B9D19EDF6F53CE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_b945a1911502c65c\win32k.sys
[2012.11.23 03:56:23 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=C7ECD7583B56569DC3DE77FE05641565 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18010_none_baf6c237f8cca54d\win32k.sys
[2012.06.12 03:41:44 | 002,353,664 | ---- | M] (Microsoft Corporation) MD5=C8A0B3B36700582D664D91CB3DF9A91B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21231_none_b985608914d32d3d\win32k.sys
[2012.10.18 19:04:11 | 002,353,664 | ---- | M] (Microsoft Corporation) MD5=CB3DC35CD348B9E826A6C28F7D0BD6F7 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21347_none_b980943f14d5de5f\win32k.sys
[2012.02.03 05:01:58 | 002,341,376 | ---- | M] (Microsoft Corporation) MD5=CB81F1311A46B08FACD95A2D03EB0C20 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys
[2012.07.18 18:00:29 | 002,353,664 | ---- | M] (Microsoft Corporation) MD5=CC9772E9046C06BDA874AA5F61FC135D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21274_none_b95d21b714f0e906\win32k.sys
[2013.10.30 02:09:19 | 002,357,248 | ---- | M] (Microsoft Corporation) MD5=CCF2E6C5D39C6B82879DE66431710F0F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22496_none_bb2fe7111225b41e\win32k.sys
[2011.09.06 03:29:33 | 002,341,376 | ---- | M] (Microsoft Corporation) MD5=CECF871EE0D4E92440175EBCE24F1F5E -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21046_none_b97f8e4314d6cd93\win32k.sys
[2011.01.05 04:36:49 | 002,330,112 | ---- | M] (Microsoft Corporation) MD5=D1F9C481FD1410D92036605CFD54DC84 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20873_none_b95c439914f1a4f8\win32k.sys
[2012.02.03 04:53:37 | 002,350,592 | ---- | M] (Microsoft Corporation) MD5=D205D02CB50F65CB9D028CF4659815E5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys
[2012.01.14 04:48:30 | 002,340,864 | ---- | M] (Microsoft Corporation) MD5=D2E7C3F69B42AF85BE38BF2193A9D87A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16948_none_b8f81bcffbb72a5c\win32k.sys
[2013.01.04 04:00:29 | 002,347,008 | ---- | M] (Microsoft Corporation) MD5=D45B118114C9B18814CE18F72A34E934 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18043_none_bad95351f8e24525\win32k.sys
[2012.06.12 03:40:48 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=D50D29956340829AB26290AE265EC6D6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17860_none_bac0d893f8f50099\win32k.sys
[2011.03.03 04:42:34 | 002,333,184 | ---- | M] (Microsoft Corporation) MD5=D5E6EDABF7B7DCD7FC7E1C173F9901FA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17570_none_bab602f5f8fd2515\win32k.sys
[2011.11.24 05:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) MD5=DE73113D7FBE0C48B4DCD63E1D56184A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_bae14671f8dcaf9f\win32k.sys
[2012.05.15 01:58:35 | 002,351,616 | ---- | M] (Microsoft Corporation) MD5=E263ABCA5D85854CBDCB38D5B69DD1B4 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21995_none_bb2f070d122672e9\win32k.sys
[2011.09.06 03:38:14 | 002,332,672 | ---- | M] (Microsoft Corporation) MD5=E6A94C3E7AF173F76186FA759BAC539C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16878_none_b8d7aa25fbcf8108\win32k.sys
[2011.01.05 04:51:01 | 002,330,624 | ---- | M] (Microsoft Corporation) MD5=EC67D8A1DE09BC61300FD2245E37620B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17535_none_bae64417f8d83404\win32k.sys
[2013.08.08 02:03:07 | 002,348,544 | ---- | M] (Microsoft Corporation) MD5=ED880065BBB2C5F57B74F30812A65F4F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18233_none_bae42709f8da2382\win32k.sys
[2010.10.20 03:54:54 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=F0B5915007EEBCE94616C5E235206BF6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20821_none_b99052a114cae695\win32k.sys
[2013.08.08 02:03:48 | 002,356,736 | ---- | M] (Microsoft Corporation) MD5=F26A2B1000F6AC694B7F0E8FB5778B55 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22416_none_bb86667111e4d496\win32k.sys
[2010.05.01 15:49:25 | 002,326,528 | ---- | M] (Microsoft Corporation) MD5=F4CFFCE8B56D8FD895CA505A98EAE018 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16585_none_b8c9d3a9fbda597f\win32k.sys
[2012.03.31 03:36:11 | 002,343,424 | ---- | M] (Microsoft Corporation) MD5=F8DB740114248CE6910E550EE9C054A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_bb04b8f9f8c1a4f8\win32k.sys
[2010.06.19 05:07:18 | 002,326,016 | ---- | M] (Microsoft Corporation) MD5=F97031D1F370E3A82F2B684BB426CF87 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd\win32k.sys
[2012.04.02 03:43:16 | 002,342,400 | ---- | M] (Microsoft Corporation) MD5=FD853D524C23B8C44AACF28395692680 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16988_none_b8ccdc1ffbd79a20\win32k.sys
[2012.01.14 04:35:54 | 002,343,424 | ---- | M] (Microsoft Corporation) MD5=FE337D6C8E0A109879A765AF20FB88C5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17762_none_bac2d741f8f33620\win32k.sys

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_e0b5f9782a074d3e\winlogon.exe

< MD5 for: WINSRV.DLL >
[2011.07.16 05:37:32 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=008F51AE989C3DF1CBAF8B39DC423CCC -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_b6706495fd94ea59\winsrv.dll
[2009.04.22 06:22:16 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=0EDE23A3639AB9B78F8A15BC6B34F2CA -- C:\Windows.old\Windows\System32\winsrv.dll
[2009.04.22 06:22:16 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=0EDE23A3639AB9B78F8A15BC6B34F2CA -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7100.0_none_27718f03f16b06f4\winsrv.dll
[2012.11.30 06:05:20 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=116C866FC57C1798C787C2EE3EA9ECA1 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_b8d19e6913e30a09\winsrv.dll
[2011.06.24 05:27:01 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=183B4188D5D91B271613EC3EFD1B3CEF -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_b86291d1fab253ab\winsrv.dll
[2012.11.30 05:51:30 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=1A687F04AB5F636A4378D89E4F68C8A7 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21386_none_b6df712d16c5a0b7\winsrv.dll
[2013.01.04 05:50:52 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=1F5F07091D50244F17DD8D5147A628CC -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_b8647039fab0b110\winsrv.dll
[2012.08.20 18:56:54 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=27CF1AB64FEA3B11036BD8138F9895AA -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21306_none_b735f08d1684c12f\winsrv.dll
[2012.08.18 12:23:05 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=43B34CADB516800794BDF486E493ED32 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17107_none_b6ad5225fd663d95\winsrv.dll
[2012.08.20 18:40:31 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=48CB4FDBCAAEAC7BCE2F5941545FF071 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17932_none_b86e67b9faa94886\winsrv.dll
[2012.10.04 17:36:13 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=4D1FD51385C10892644468B907F8AE78 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22125_none_b905ad7113bc4ba6\winsrv.dll
[2013.01.04 05:50:38 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=50E1B3BB8A5236C4657BCD5E2C54BC17 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21416_none_b72b2287168cda47\winsrv.dll
[2013.08.02 02:50:36 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=51BB04243DF6196C06E125898127E397 -- C:\Windows\System32\winsrv.dll
[2013.08.02 02:50:36 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=51BB04243DF6196C06E125898127E397 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18229_none_b8801599fa9b0b86\winsrv.dll
[2013.08.02 06:55:32 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=592A1ED8122FAAB25CE9C0A99F583ABF -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22411_none_b90c81e713b7c1ce\winsrv.dll
[2011.06.02 06:59:55 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=5D64830655890B64D717392CFE4CEDA7 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16823_none_b693d537fd79e28b\winsrv.dll
[2011.06.03 07:04:17 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=69DE8C799BA07A0EF6B834F76B4C0711 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20978_none_b6ec63d916bb8cbd\winsrv.dll
[2013.01.04 05:51:45 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=6F5B6690AF222993F7877E66B5BD80B8 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22209_none_b91f505713a87647\winsrv.dll
[2009.07.14 02:16:19 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=827E4F75901CA3F990B1487D3301841E -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_b654ecc5fda8cb1c\winsrv.dll
[2011.06.03 08:19:33 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=83873E04B9C4192C7CC06C2BBAD6B85D -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_b8fe008f13c188e5\winsrv.dll
[2013.01.04 05:50:40 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=8531AAF69394EFB93BC653916C46D245 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17206_none_b6ac53c1fd672165\winsrv.dll
[2012.10.04 17:47:18 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=93F86C5CCC37D70EA09CE5E76F3E4338 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17965_none_b850f8d3fabee85e\winsrv.dll
[2011.05.14 07:35:55 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=955CDF38E16B659DD7E1DF48C75E962C -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16816_none_b6a1a601fd6f129f\winsrv.dll
[2012.11.30 06:06:15 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=A031E84E7A5884841171E13A73315A7B -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17179_none_b663a345fd9d33da\winsrv.dll
[2012.10.04 17:53:53 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=A9E43C040F405DB689FC29534EF0389B -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17135_none_b68ae1cdfd805eba\winsrv.dll
[2010.11.20 13:21:36 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=A9F564F254E9DDDE120A7135767EC24B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_b886008dfa974eb6\winsrv.dll
[2010.11.20 13:21:36 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=A9F564F254E9DDDE120A7135767EC24B -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_b886008dfa974eb6\winsrv.dll
[2011.06.24 07:05:56 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=AB00D1D5B8C4D59D641A626240E90589 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_b8e6602313d38e19\winsrv.dll
[2011.06.24 05:31:50 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=BA5584A89EEB75FC2942CFD7C90766F7 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_b6d3c32316ce789a\winsrv.dll
[2011.05.14 07:30:30 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=BA64A75A87C78D60D2A5919F5FB6A90A -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_b8890351fa9497e2\winsrv.dll
[2011.05.14 08:43:29 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=C47DE705BE85D4E6D7FC24E8F86B3612 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_b908d07b13b96cf4\winsrv.dll
[2012.11.30 05:53:34 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=D70FE45855CAD4C0C6B1C1426ABDEBA9 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_b886e091fa968feb\winsrv.dll
[2011.06.03 07:01:04 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=EFCAEF8437ED81CE4AEF7465011D090C -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_b87c32d1fa9e8125\winsrv.dll
[2012.10.04 17:55:55 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=F1C60633802FAC8BCFAA0F7671E38C47 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21335_none_b714807f169dfbab\winsrv.dll
[2012.08.20 18:37:29 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=F9381F0141ADF6C76ECB9A2C00B2BD68 -- C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22091_none_b8b5faef13f8acba\winsrv.dll

< MD5 for: WS2_32.DLL >
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.04.22 06:22:22 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=B5CB7AE5F565869DF4F0E90C9AF662E5 -- C:\Windows.old\Windows\System32\ws2_32.dll
[2009.04.22 06:22:22 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=B5CB7AE5F565869DF4F0E90C9AF662E5 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7100.0_none_63aaa924236bd70d\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< MD5 for: WSCRIPT.EXE >
[2013.10.14 02:58:50 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=59E6F9BB291848B14F05EE194AF43327 -- C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.1.7601.22480_none_4aa98e9c77f627de\wscript.exe
[2009.04.22 06:19:45 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=86F4056513494530A3E182DFAB4779D7 -- C:\Windows.old\Windows\System32\wscript.exe
[2009.04.22 06:19:45 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=86F4056513494530A3E182DFAB4779D7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.1.7100.0_none_b95b4b77556fc2c4\wscript.exe
[2013.10.12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=979D74799EA6C8B8167869A68DF5204A -- C:\Windows\System32\wscript.exe
[2013.10.12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=979D74799EA6C8B8167869A68DF5204A -- C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.1.7601.18283_none_4a22f0c95ed5d6f2\wscript.exe
[2009.07.14 02:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=D1AB72DB2BEDD2F255D35DA3DA0D4B16 -- C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_483ea93961ad86ec\wscript.exe

< >

< %systemroot%\system32\logevent.dll /md5 >

< %systemroot%\system32\sceclt.dll /md5 >

< %systemroot%\system32\ntelogon.dll /md5 >

< %systemroot%\system32\consrv.dll /md5 >

< >

< %systemroot%\system32\logevent.dll /md5 /64 >

< %systemroot%\system32\sceclt.dll /md5 /64 >

< %systemroot%\system32\ntelogon.dll /md5 /64 >

< %systemroot%\system32\consrv.dll /md5 /64 >

< >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.04 19:48:14 | 000,000,512 | ---- | M] () MD5=EDC38630BE8136AABA54E31F1B25C8AC -- C:\PhysicalMBR.bin

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.09.06 18:08:37 | 000,912,344 | ---- | M] (Mozilla Corporation) MD5=46426C87F878E0E3E62F7939F9C2161E -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.12.03 23:05:48 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2009.07.14 02:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
[2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2007.04.09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll
[2010.11.20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll
[2009.07.14 09:43:31 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /10 >

< %systemroot%\system32\drivers\*.sys /X >
[2009.08.18 01:37:56 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\drivers\ati2erec.dll
[2009.06.10 22:19:15 | 000,328,162 | ---- | M] () -- C:\Windows\system32\drivers\ativcaxx.cpa
[2009.06.10 22:19:15 | 000,000,929 | ---- | M] () -- C:\Windows\system32\drivers\ativcaxx.vp
[2009.06.10 22:19:15 | 000,002,096 | ---- | M] () -- C:\Windows\system32\drivers\ativdkxx.vp
[2009.06.10 22:19:15 | 000,002,096 | ---- | M] () -- C:\Windows\system32\drivers\ativokxx.vp
[2009.06.10 22:19:15 | 000,002,096 | ---- | M] () -- C:\Windows\system32\drivers\ativpkxx.vp
[2009.06.10 22:19:15 | 000,052,400 | ---- | M] () -- C:\Windows\system32\drivers\ativvpxx.vp
[2009.06.10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 22:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2008.07.05 18:19:50 | 000,007,575 | ---- | M] () -- C:\Windows\system32\drivers\KLPCL.BIN
[2008.07.05 18:19:50 | 000,000,248 | ---- | M] () -- C:\Windows\system32\drivers\KLST0.BIN
[2008.07.05 18:19:50 | 000,001,800 | ---- | M] () -- C:\Windows\system32\drivers\KLST1.BIN
[2008.07.05 18:19:50 | 000,001,824 | ---- | M] () -- C:\Windows\system32\drivers\KLST2.BIN
[2008.07.05 18:19:50 | 000,000,177 | ---- | M] () -- C:\Windows\system32\drivers\KT2ST0.BIN
[2008.07.05 18:19:50 | 000,001,801 | ---- | M] () -- C:\Windows\system32\drivers\KT2ST1.BIN
[2008.07.05 18:19:50 | 000,001,825 | ---- | M] () -- C:\Windows\system32\drivers\KT2ST2.BIN
[2008.07.05 18:19:50 | 000,262,144 | ---- | M] () -- C:\Windows\system32\drivers\KTC.BIN
[2008.07.05 18:19:50 | 000,015,557 | ---- | M] () -- C:\Windows\system32\drivers\KTX485.BIN
[2008.07.05 18:19:50 | 000,009,139 | ---- | M] () -- C:\Windows\system32\drivers\KTXPCL.BIN
[2008.07.05 18:19:50 | 000,000,301 | ---- | M] () -- C:\Windows\system32\drivers\KTXST0.BIN
[2008.07.05 18:19:50 | 000,001,800 | ---- | M] () -- C:\Windows\system32\drivers\KTXST1.BIN
[2012.06.02 15:34:21 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.06.02 15:57:50 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2010.02.21 01:15:38 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2008.07.05 18:19:50 | 000,015,664 | ---- | M] () -- C:\Windows\system32\drivers\PCMK485.BIN
[2008.07.05 18:19:50 | 000,009,282 | ---- | M] () -- C:\Windows\system32\drivers\PCMKPCL.BIN
[2008.07.05 18:19:50 | 000,000,301 | ---- | M] () -- C:\Windows\system32\drivers\PCMKST0.BIN
[2008.07.05 18:19:50 | 000,001,800 | ---- | M] () -- C:\Windows\system32\drivers\PCMKST1.BIN
[2008.07.05 18:19:50 | 000,000,011 | ---- | M] () -- C:\Windows\system32\drivers\PCMKST2.BIN
[2008.07.05 18:19:50 | 000,001,824 | ---- | M] () -- C:\Windows\system32\drivers\PCMKST3.BIN
[2008.07.05 18:19:52 | 000,005,433 | ---- | M] () -- C:\Windows\system32\drivers\SDDH.BIN
[2008.07.05 18:19:52 | 000,006,298 | ---- | M] () -- C:\Windows\system32\drivers\SDDH.SS1
[2008.07.05 18:19:52 | 000,007,449 | ---- | M] () -- C:\Windows\system32\drivers\SDDHP.BIN
[2008.07.05 18:19:52 | 000,007,622 | ---- | M] () -- C:\Windows\system32\drivers\SDDHP.SS1
[2008.07.05 18:19:52 | 000,006,400 | ---- | M] () -- C:\Windows\system32\drivers\slcnewkt.bin

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /10 >
[2014.01.04 17:13:17 | 000,017,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.04 17:13:17 | 000,017,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.02 22:44:08 | 000,150,614 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.01.02 22:44:08 | 000,133,514 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.01.02 22:44:08 | 000,699,266 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.01.02 22:44:08 | 000,682,674 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.01.02 22:44:08 | 001,660,760 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.* /lockedfiles >
[2009.07.14 00:43:53 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb

< %systemroot%\system32\config\*.sav >

< >

< c:\$Recycle.Bin|L,N,U,@;true;true;true /FN >

< c:\Windows\Installer|L,N,U,@;true;true;true /FN >

< >

< %systemroot%\Tasks\*.job >
[2014.01.04 19:35:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000Core.job
[2014.01.04 21:35:00 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000UA.job
[2014.01.04 13:52:54 | 000,000,486 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job

< %systemroot%\*.* /U /s >
[20 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1263bccb6d6d49ae97e1fc31640fa1da\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1263bccb6d6d49ae97e1fc31640fa1da\*.tmp -> ]

< %systemroot%\*. /rp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %APPDATA%\*. >
[2013.09.15 23:27:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\.minecraft
[2013.05.29 07:12:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ABBYY
[2012.10.27 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Adobe
[2010.02.25 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Blender Foundation
[2011.07.25 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\CAD-KAS
[2011.03.22 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\codeblocks
[2010.02.21 19:46:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dev-Cpp
[2012.09.15 16:24:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\dvdcss
[2010.03.23 16:50:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FLEXnet
[2010.03.25 12:05:00 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\fltk.org
[2012.09.18 12:00:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICQ
[2010.02.20 17:29:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Identities
[2013.02.25 09:58:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\LibreOffice
[2010.02.20 21:09:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2013.12.29 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2012.10.09 17:20:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\MathWorks
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Media Center Programs
[2013.05.03 15:08:22 | 000,000,000 | --SD | M] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2011.05.08 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Miranda
[2010.02.20 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mozilla
[2013.03.20 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PSpad
[2011.10.30 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Razor
[2013.07.24 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Skype
[2010.08.27 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\teamspeak2
[2013.06.25 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2012.12.20 19:36:18 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Unity
[2010.08.27 15:20:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Ventrilo
[2010.02.20 18:50:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\vlc
[2012.12.04 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\VMware
[2010.03.23 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vodafone
[2014.01.02 21:32:17 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Winamp
[2013.09.15 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Wings3D

< %APPDATA%\*.* >
[2011.06.21 17:06:53 | 000,000,565 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\myMPQ.ini

< %APPDATA%\*.exe /s >
[2013.09.12 19:41:35 | 000,352,256 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\.minecraft\Minecraft.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32|bak;true;false;false /fp >

< %PROGRAMFILES%|bak;true;false;false /fp >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Data aplikací] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programy] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Data aplikací] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Filmy] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Hudba] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Obrázky] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Dokumenty] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Nabídka Start] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Okolní síť] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Okolní tiskárny] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Poslední] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Soubory cookie] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Šablony] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

a poslední log z gmer

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-01-05 12:40:16
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 ST9320320AS rev.0303 298,09GB
Running: gmer.exe; Driver: C:\Users\Roman\AppData\Local\Temp\aglorpow.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8FE3D610]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8FE3E0E6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8FE49F18]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8FE49F64]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8FE4A0FE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8FE49E86]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x8FE49FA8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8FE49ECE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8FE3E5E4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8FE3E800]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8FE4A0B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8FE3EE9C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8FE3D676]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8FE42596]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8FE3D25E]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8FE3D6DC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8FE4298C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8FE3F92C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8FE49F42]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8FE49F86]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8FE4A122]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8FE49EAC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8FE41E78]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8FE4A036]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8FE49EF6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8FE4226E]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8FE4A0DC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8FE3F7F8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8FE3F506]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8FE3D742]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8FE3D7A8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetContextThread [0x8FE3ED16]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8FE3D2F8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8FE3D4CE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8FE3D45C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8FE3F066]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8FE3F1C8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8FE3D556]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateProcess [0x8FE3EB54]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8FE3ECF6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8FE3D80E]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8FE3E142]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83048A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83082212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83089460 4 Bytes [10, D6, E3, 8F] {ADC DH, DL; JECXZ 0xffffff93}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830894E8 4 Bytes [E6, E0, E3, 8F] {OUT 0xe0, AL; JECXZ 0xffffff93}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8308953C 8 Bytes [18, 9F, E4, 8F, 64, 9F, E4, ...] {SBB [EDI-0x609b701c], BL; IN AL, 0x8f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83089548 4 Bytes [FE, A0, E4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83089564 4 Bytes [86, 9E, E4, 8F]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832444DF 4 Bytes CALL 8FE3FFEF \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8325E347 4 Bytes CALL 8FE40005 \??\C:\Windows\system32\drivers\aswSnx.sys
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9163B000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[340] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[356] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[420] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text ...
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtCreateFile + 6 7796560E 4 Bytes [28, BC, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtCreateFile + B 77965613 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtMapViewOfSection + 6 77965C6E 4 Bytes [28, BF, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtMapViewOfSection + B 77965C73 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenFile + 6 77965D1E 4 Bytes [68, BC, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenFile + B 77965D23 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenProcess + 6 77965DCE 4 Bytes [A8, BD, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenProcess + B 77965DD3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenProcessToken + B 77965DE3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenProcessTokenEx + 6 77965DEE 4 Bytes [A8, BE, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenProcessTokenEx + B 77965DF3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenThread + 6 77965E4E 4 Bytes [68, BD, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenThread + B 77965E53 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenThreadToken + 6 77965E5E 4 Bytes [68, BE, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenThreadToken + B 77965E63 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtOpenThreadTokenEx + B 77965E73 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtQueryAttributesFile + 6 77965F7E 4 Bytes [A8, BC, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtQueryAttributesFile + B 77965F83 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtQueryFullAttributesFile + B 77966033 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtSetInformationFile + 6 7796667E 4 Bytes [28, BD, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtSetInformationFile + B 77966683 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtSetInformationThread + 6 779666DE 4 Bytes [28, BE, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtSetInformationThread + B 779666E3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtUnmapViewOfSection + 6 779669FE 4 Bytes [68, BF, A0, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] ntdll.dll!NtUnmapViewOfSection + B 77966A03 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5132] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtCreateFile + 6 7796560E 4 Bytes [28, 80, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtCreateFile + B 77965613 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtMapViewOfSection + 6 77965C6E 4 Bytes [28, 83, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtMapViewOfSection + B 77965C73 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenFile + 6 77965D1E 4 Bytes [68, 80, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenFile + B 77965D23 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcess + 6 77965DCE 4 Bytes [A8, 81, 76, 00] {TEST AL, 0x81; JBE 0x4}
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcess + B 77965DD3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessToken + B 77965DE3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessTokenEx + 6 77965DEE 4 Bytes [A8, 82, 76, 00] {TEST AL, 0x82; JBE 0x4}
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenProcessTokenEx + B 77965DF3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThread + 6 77965E4E 4 Bytes [68, 81, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThread + B 77965E53 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadToken + 6 77965E5E 4 Bytes [68, 82, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadToken + B 77965E63 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtOpenThreadTokenEx + B 77965E73 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryAttributesFile + 6 77965F7E 4 Bytes [A8, 80, 76, 00] {TEST AL, 0x80; JBE 0x4}
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryAttributesFile + B 77965F83 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtQueryFullAttributesFile + B 77966033 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationFile + 6 7796667E 4 Bytes [28, 81, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationFile + B 77966683 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationThread + 6 779666DE 4 Bytes [28, 82, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtSetInformationThread + B 779666E3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtUnmapViewOfSection + 6 779669FE 4 Bytes [68, 83, 76, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] ntdll.dll!NtUnmapViewOfSection + B 77966A03 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5204] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtCreateFile + 6 7796560E 4 Bytes [28, 4C, 42, 00] {SUB [EDX+EAX*2+0x0], CL}
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtCreateFile + B 77965613 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtMapViewOfSection + 6 77965C6E 4 Bytes [28, 4F, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtMapViewOfSection + B 77965C73 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenFile + 6 77965D1E 4 Bytes [68, 4C, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenFile + B 77965D23 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenProcess + 6 77965DCE 4 Bytes [A8, 4D, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenProcess + B 77965DD3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenProcessToken + B 77965DE3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenProcessTokenEx + 6 77965DEE 4 Bytes [A8, 4E, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenProcessTokenEx + B 77965DF3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenThread + 6 77965E4E 4 Bytes [68, 4D, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenThread + B 77965E53 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenThreadToken + 6 77965E5E 4 Bytes [68, 4E, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenThreadToken + B 77965E63 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtOpenThreadTokenEx + B 77965E73 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtQueryAttributesFile + 6 77965F7E 4 Bytes [A8, 4C, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtQueryAttributesFile + B 77965F83 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtQueryFullAttributesFile + B 77966033 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtSetInformationFile + 6 7796667E 4 Bytes [28, 4D, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtSetInformationFile + B 77966683 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtSetInformationThread + 6 779666DE 4 Bytes [28, 4E, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtSetInformationThread + B 779666E3 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtUnmapViewOfSection + 6 779669FE 4 Bytes [68, 4F, 42, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] ntdll.dll!NtUnmapViewOfSection + B 77966A03 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[5332] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[5428] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[5488] kernel32.dll!GetBinaryTypeW + 70 760069E4 1 Byte [62]

---- Devices - GMER 2.1 ----

Device \Driver\usbhub \Device\0000008e hcmon.sys

---- Threads - GMER 2.1 ----

Thread System [4:4360] B5855F2E

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR928X \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c11194
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c11194@001cd6b0965d 0xEF 0x43 0x67 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c11194@002376398772 0x4D 0xAB 0xD7 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c11194@e0a670a22ea6 0x2C 0x21 0xA9 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243c11194@d0176afa49ec 0x02 0xDE 0xF6 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR928X \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c11194 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c11194@001cd6b0965d 0xEF 0x43 0x67 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c11194@002376398772 0x4D 0xAB 0xD7 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c11194@e0a670a22ea6 0x2C 0x21 0xA9 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243c11194@d0176afa49ec 0x02 0xDE 0xF6 0x80 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_OTL.exe_5d175335c3c8693e2c42cd8785d1d9bef6e8b59_168f371c

---- EOF - GMER 2.1 ----

no Spybot mi teď neoznačil při kontrole jako double click absolutně nic ... tak sem se díval na staré logy ale nejstarší mám 2.1. 2014 a od té doby jsou označeny jen ty cookies, možná bylo něco ve starších ale ty nevím kde dohledat

ComboFix 14-01-01.01 - Roman 05.01.2014 16:38:28.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2815.1814 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\DRIVERS\atikmdag.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!drivers!atikmdag.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RAK
-------\Service_First
-------\Service_rak
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-05 do 2014-01-05 )))))))))))))))))))))))))))))))
.
.
2014-01-05 15:49 . 2014-01-05 15:49 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-01-05 15:49 . 2014-01-05 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 17:01 . 2014-01-04 18:48 512 ----a-w- C:\PhysicalMBR.bin
2014-01-04 13:30 . 2014-01-04 13:31 -------- d-----w- C:\rsit
2014-01-04 13:30 . 2014-01-04 13:30 -------- d-----w- c:\program files\trend micro
2014-01-03 19:37 . 2014-01-05 15:53 -------- d-----w- c:\users\Roman\AppData\Local\temp
2014-01-03 15:51 . 2014-01-03 20:33 -------- d-----w- C:\AdwCleaner
2013-12-29 14:44 . 2013-12-29 14:44 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2013-12-29 14:43 . 2013-12-29 14:43 -------- d-----w- c:\programdata\Malwarebytes
2013-12-11 22:26 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 22:26 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 14:48 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 14:48 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 14:48 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 14:48 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 14:48 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 14:48 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 14:48 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 14:48 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 14:48 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 14:48 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 14:48 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-07 08:42 . 2013-12-07 08:42 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-05 11:14 . 2014-01-05 11:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D8489E-E6FB-4C4D-B13C-0A82A9EB8AAC}\offreg.dll
2014-01-04 01:07 . 2013-12-29 22:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 43392 ----a-w- c:\windows\system32\drivers\winhv.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 61296 ----a-w- c:\windows\system32\drivers\vsock.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 61848 ----a-w- c:\windows\system32\drivers\vmx86.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 5632 ----a-w- c:\windows\system32\drivers\vms3cap.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 40704 ----a-w- c:\windows\system32\drivers\vmstorfl.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 25752 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 37016 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 19608 ----a-w- c:\windows\system32\drivers\vmnet.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 16664 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 71152 ----a-w- c:\windows\system32\drivers\vmci.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 25624 ----a-w- c:\windows\system32\drivers\VMkbd.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 17920 ----a-w- c:\windows\system32\drivers\VMBusHID.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 175360 ----a-w- c:\windows\system32\drivers\vmbus.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-04 01:07 . 2013-12-29 22:33 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 76288 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-04 01:07 . 2013-12-29 22:33 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-04 01:07 . 2013-12-29 22:33 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-04 01:07 . 2013-12-29 22:33 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 74752 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 53120 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 21504 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 148864 ----a-w- c:\windows\system32\drivers\storport.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 310272 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak
2014-01-04 01:07 . 2013-12-29 22:33 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-04 01:06 . 2013-12-29 22:33 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-04 01:06 . 2013-12-29 22:33 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys.bak
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-31 06:45 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-10-31 4858968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-02 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-08-18 09:56 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-29 15:20 3806544 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 10:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbCipHelper]
2008-05-27 15:17 434176 ----a-w- c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
.
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 CFcatchme;CFcatchme;c:\users\Roman\AppData\Local\Temp\CFcatchme.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-07-05 39067]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 61296]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-31 770344]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-31 369584]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-31 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-31 66336]
S2 CwIPCSvc;Control Web IPC;c:\program files\Moravian Instruments\Shared\cwsvc.exe [2013-08-29 64512]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MSSQL$ABBEPCADCZ;SQL Server (ABBEPCADCZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-08-01 719512]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 19:02]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181207809-651417714-1976190808-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 19:02]
.
2014-01-05 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- d:\skola\Matlab\bin\win32\MATLABStartupAccelerator.exe [2012-10-09 03:08]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
LSP: %windir%\system32\vsocklib.dll
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ysk0x51m.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-01-05 16:59:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-05 15:59
ComboFix2.txt 2014-01-03 20:27
ComboFix3.txt 2014-01-03 19:37
.
Před spuštěním: 443 703 296
Po spuštění: 175 828 992
.
- - End Of File - - 41E0311A0F7C666C15FCEBD66A5324A5
A36C5E4F47E84449FF07ED3517B43A31

bohužel proklikávání stále pokračuje

Nad bodem obnovy jsem už uvažoval, ale popravdě nevím kdy přesně problém začal, protože byl špatně pozorovatelný. Když jsem chtěl nějaký použít tak sem zjistil, že ani žádný nemám.
Nad závadou hw sem moc neuvažoval vzhledem k nálezu těch cookies doubleclick ... ozkouším jak příjdu z práce a dám vědět.

Prozatím děkuji za veškerou pomoc.