cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Commentaire : help me

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 06/06/2017 21:22:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zitso\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18426)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,30 Mb Total Physical Memory | 207,27 Mb Available Physical Memory | 20,26% Memory free
2,00 Gb Paging File | 0,91 Gb Available in Paging File | 45,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 84,31 Gb Free Space | 86,34% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 3,86 Gb Free Space | 3,95% Space Free | Partition Type: NTFS
Drive E: | 270,44 Gb Total Space | 1,85 Gb Free Space | 0,69% Space Free | Partition Type: NTFS

Computer Name: ZITSO-PC | User Name: Zitso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2017/06/06 21:19:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zitso\Downloads\OTL.exe
PRC - [2017/06/06 16:10:39 | 002,791,312 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe
PRC - [2017/06/06 16:10:39 | 001,998,832 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe
PRC - [2017/06/06 16:10:39 | 001,710,576 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Bav.exe
PRC - [2017/06/06 16:10:39 | 000,531,232 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe
PRC - [2017/05/18 10:26:46 | 000,517,064 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2016/08/20 10:12:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2016/08/20 10:07:00 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/10 10:36:30 | 001,074,496 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-125 revA\AirNCFG.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2017/06/06 16:21:38 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2017/06/06 16:10:39 | 000,277,488 | ---- | M] () -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Pulgin_Dark_DeleteFileTip.dll
MOD - [2010/05/13 10:58:00 | 000,294,912 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\WlanApp.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxSrv.exe -- (BdSandboxSrv)
SRV - [2017/06/06 16:10:39 | 002,791,312 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe -- (BavSvc)
SRV - [2017/06/06 16:10:39 | 000,531,232 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe -- (BHipsSvc)
SRV - [2017/05/18 10:26:58 | 000,173,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/08/20 10:41:53 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2016/08/20 10:14:18 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BdSandbox.sys -- (BdSandbox)
DRV - [2017/06/06 16:10:39 | 000,461,224 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bndef.sys -- (Bndef)
DRV - [2017/06/06 16:10:39 | 000,197,064 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bprotect.sys -- (Bprotect)
DRV - [2017/06/06 16:10:39 | 000,138,184 | ---- | M] (Baidu, Inc.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)
DRV - [2017/06/06 16:10:39 | 000,101,448 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdApiUtil.sys -- (BdApiUtil)
DRV - [2017/06/06 16:10:39 | 000,084,936 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Bnmon.sys -- (Bnmon)
DRV - [2017/06/06 16:10:39 | 000,081,736 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2017/06/06 16:10:39 | 000,075,432 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bnbasex.sys -- (Bnbase)
DRV - [2017/06/06 16:10:39 | 000,050,120 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)
DRV - [2017/06/06 16:10:39 | 000,031,176 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)
DRV - [2017/06/06 16:10:39 | 000,021,416 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdCameraProtect.sys -- (BdCameraProtect)
DRV - [2016/08/20 10:13:46 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2016/08/20 10:13:46 | 000,026,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2016/08/20 10:08:22 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2016/08/20 10:08:22 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/05/28 13:45:10 | 000,082,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bdark.sys -- (bdark)
DRV - [2011/04/28 14:20:26 | 001,228,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2011/01/08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/12 01:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/05/29 07:58:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF F4 92 64 D0 DE D2 01 [binary data]
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = C2 C1 A2 67 D0 DE D2 01 [binary data]
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3108174972-57148849-609387197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "DZ"
FF - prefs.js..browser.search.region: "DZ"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2017/06/06 17:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zitso\AppData\Roaming\mozilla\Extensions
[2017/06/06 21:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zitso\AppData\Roaming\mozilla\Firefox\Profiles\tdslu7c9.default\extension-data
[2017/06/06 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zitso\AppData\Roaming\mozilla\Firefox\Profiles\tdslu7c9.default\extensions
[2017/06/06 20:46:30 | 001,681,248 | ---- | M] () (No name found) -- C:\Users\Zitso\AppData\Roaming\mozilla\firefox\profiles\tdslu7c9.default\extensions\uBlock0@raymondhill.net.xpi
[2017/06/06 20:44:51 | 000,010,465 | ---- | M] () (No name found) -- C:\Users\Zitso\AppData\Roaming\mozilla\firefox\profiles\tdslu7c9.default\features\{5fae65a7-860a-40a1-bbcd-b8d7e90676bc}\followonsearch@mozilla.com.xpi
[2017/06/06 20:44:51 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\Zitso\AppData\Roaming\mozilla\firefox\profiles\tdslu7c9.default\features\{5fae65a7-860a-40a1-bbcd-b8d7e90676bc}\shield-recipe-client@mozilla.org.xpi
[2017/06/06 17:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe (Baidu, Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirNCFG.exe (D-Link Corp.)
O4 - HKU\S-1-5-21-3108174972-57148849-609387197-1000..\Run: [uTorrent] C:\Users\Zitso\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.1 192.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3F092B4-1BEE-4300-B7DF-F3CAD6BB45B0}: DhcpNameServer = 192.168.8.1 192.168.8.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: BavSvc - C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe (Baidu, Inc.)
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: BavSvc - C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe (Baidu, Inc.)
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {476F88BA-08DD-32D8-A8B0-E85EE28CB27F} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/06/06 21:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
[2017/06/06 21:01:49 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\AIMP
[2017/06/06 21:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP
[2017/06/06 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BavSvc_exe
[2017/06/06 20:54:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2017/06/06 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\Mozilla
[2017/06/06 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Local\Mozilla
[2017/06/06 17:37:17 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\uTorrent
[2017/06/06 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2017/06/06 17:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2017/06/06 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\WinRAR
[2017/06/06 17:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017/06/06 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017/06/06 17:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2017/06/06 17:04:59 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Local\Opera Software
[2017/06/06 17:04:58 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\Opera Software
[2017/06/06 16:58:54 | 000,000,000 | -HSD | C] -- C:\Boot
[2017/06/06 16:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2017/06/06 16:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
[2017/06/06 16:19:38 | 001,228,864 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\Dnetr28u.sys
[2017/06/06 16:19:38 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2017/06/06 16:19:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2017/06/06 16:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2017/06/06 16:19:33 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\InstallShield
[2017/06/06 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2017/06/06 16:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2017/06/06 16:15:26 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2017/06/06 16:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2017/06/06 16:13:20 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2017/06/06 16:10:58 | 000,461,224 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\bndef.sys
[2017/06/06 16:10:58 | 000,075,432 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\bnbasex.sys
[2017/06/06 16:10:57 | 000,197,064 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bprotect.sys
[2017/06/06 16:10:56 | 000,031,176 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bfmon.sys
[2017/06/06 16:10:55 | 000,050,120 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bfilter.sys
[2017/06/06 16:10:50 | 000,138,184 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\BHipsEx.sys
[2017/06/06 16:10:47 | 000,081,736 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bhbase.sys
[2017/06/06 16:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2017/06/06 16:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
[2017/06/06 16:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu Security
[2017/06/06 16:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2017/06/06 16:10:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2017/06/06 16:07:49 | 000,000,000 | R--D | C] -- C:\Users\Zitso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017/06/06 16:07:49 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Searches
[2017/06/06 16:07:49 | 000,000,000 | R--D | C] -- C:\Users\Zitso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017/06/06 16:07:49 | 000,000,000 | -H-D | C] -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/06/06 16:07:41 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\Identities
[2017/06/06 16:07:39 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Contacts
[2017/06/06 16:07:32 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\Adobe
[2017/06/06 16:07:28 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Local\VirtualStore
[2017/06/06 16:06:25 | 000,000,000 | --SD | C] -- C:\Users\Zitso\AppData\Roaming\Microsoft
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Videos
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Saved Games
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Pictures
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Music
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Links
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Favorites
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Downloads
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Documents
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\Desktop
[2017/06/06 16:06:25 | 000,000,000 | R--D | C] -- C:\Users\Zitso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Voisinage réseau
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Voisinage d'impression
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\AppData\Local\Temporary Internet Files
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\SendTo
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Recent
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Modèles
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Documents\Mes vidéos
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Documents\Mes images
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Mes documents
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Menu Démarrer
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Documents\Ma musique
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Local Settings
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\AppData\Local\Historique
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Cookies
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\Application Data
[2017/06/06 16:06:25 | 000,000,000 | -HSD | C] -- C:\Users\Zitso\AppData\Local\Application Data
[2017/06/06 16:06:25 | 000,000,000 | -H-D | C] -- C:\Users\Zitso\AppData
[2017/06/06 16:06:25 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Local\Temp
[2017/06/06 16:06:25 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Local\Microsoft
[2017/06/06 16:06:25 | 000,000,000 | ---D | C] -- C:\Users\Zitso\AppData\Roaming\Media Center Programs
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2017/06/06 16:05:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
[2017/06/06 16:05:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017/06/06 16:00:46 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2017/06/06 16:00:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/06/06 21:19:19 | 000,746,916 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2017/06/06 21:19:19 | 000,734,688 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2017/06/06 21:19:19 | 000,731,236 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2017/06/06 21:19:19 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017/06/06 21:19:19 | 000,152,356 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2017/06/06 21:19:19 | 000,149,440 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2017/06/06 21:19:19 | 000,146,100 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2017/06/06 21:19:19 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017/06/06 21:12:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/06/06 21:12:51 | 128,683,081 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017/06/06 21:12:47 | 804,757,504 | -HS- | M] () -- C:\hiberfil.sys
[2017/06/06 21:01:49 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\AIMP.lnk
[2017/06/06 18:25:04 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/06/06 18:25:04 | 000,016,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/06/06 18:05:07 | 000,000,868 | ---- | M] () -- C:\Users\Zitso\Desktop\Downloads.lnk
[2017/06/06 17:54:21 | 000,002,601 | ---- | M] () -- C:\Users\Zitso\Desktop\µTorrent.lnk
[2017/06/06 17:36:56 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/06/06 17:04:20 | 000,001,089 | ---- | M] () -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2017/06/06 17:04:20 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2017/06/06 16:58:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2017/06/06 16:22:45 | 000,001,419 | ---- | M] () -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/06/06 16:22:28 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2017/06/06 16:21:43 | 000,001,065 | ---- | M] () -- C:\Users\Zitso\Desktop\Documents - Raccourci.lnk
[2017/06/06 16:17:00 | 000,000,969 | ---- | M] () -- C:\Users\Zitso\Desktop\biostat rat - Raccourci.lnk
[2017/06/06 16:16:48 | 000,000,817 | ---- | M] () -- C:\Users\Zitso\Desktop\2 SmsTre CTRL - Raccourci.lnk
[2017/06/06 16:10:42 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\Baidu Antivirus.lnk
[2017/06/06 16:10:39 | 000,461,224 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\bndef.sys
[2017/06/06 16:10:39 | 000,197,064 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bprotect.sys
[2017/06/06 16:10:39 | 000,138,184 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\BHipsEx.sys
[2017/06/06 16:10:39 | 000,081,736 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bhbase.sys
[2017/06/06 16:10:39 | 000,075,432 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\bnbasex.sys
[2017/06/06 16:10:39 | 000,050,120 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bfilter.sys
[2017/06/06 16:10:39 | 000,031,176 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bfmon.sys
[2017/06/06 16:03:03 | 000,214,678 | ---- | M] () -- C:\Windows\System32\license.rtf
[2017/06/06 16:01:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/06/06 21:01:48 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\AIMP.lnk
[2017/06/06 20:54:18 | 128,683,081 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2017/06/06 20:39:44 | 000,082,376 | ---- | C] () -- C:\Windows\System32\drivers\bdark.sys
[2017/06/06 18:05:07 | 000,000,868 | ---- | C] () -- C:\Users\Zitso\Desktop\Downloads.lnk
[2017/06/06 17:54:21 | 000,002,601 | ---- | C] () -- C:\Users\Zitso\Desktop\µTorrent.lnk
[2017/06/06 17:36:52 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017/06/06 17:36:52 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/06/06 17:04:27 | 000,001,089 | ---- | C] () -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2017/06/06 17:04:27 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2017/06/06 17:04:25 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2017/06/06 16:58:56 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2017/06/06 16:58:54 | 000,391,640 | RHS- | C] () -- C:\bootmgr
[2017/06/06 16:22:44 | 000,001,419 | ---- | C] () -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/06/06 16:22:28 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2017/06/06 16:21:43 | 000,001,065 | ---- | C] () -- C:\Users\Zitso\Desktop\Documents - Raccourci.lnk
[2017/06/06 16:19:38 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2017/06/06 16:19:38 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2017/06/06 16:17:00 | 000,000,969 | ---- | C] () -- C:\Users\Zitso\Desktop\biostat rat - Raccourci.lnk
[2017/06/06 16:16:48 | 000,000,817 | ---- | C] () -- C:\Users\Zitso\Desktop\2 SmsTre CTRL - Raccourci.lnk
[2017/06/06 16:15:25 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2017/06/06 16:10:42 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\Baidu Antivirus.lnk
[2017/06/06 16:07:32 | 000,001,425 | ---- | C] () -- C:\Users\Zitso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017/06/06 16:06:25 | 000,000,290 | ---- | C] () -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017/06/06 16:06:25 | 000,000,272 | ---- | C] () -- C:\Users\Zitso\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017/06/06 16:01:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017/06/06 16:00:11 | 804,757,504 | -HS- | C] () -- C:\hiberfil.sys
[2016/08/20 08:17:49 | 000,734,688 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2016/08/20 08:17:49 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2016/08/20 08:17:49 | 000,152,356 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2016/08/20 08:17:49 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2016/08/20 08:16:42 | 000,731,236 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2016/08/20 08:16:42 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2016/08/20 08:16:42 | 000,146,100 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2016/08/20 08:16:42 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/20 10:29:43 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2017/06/06 21:02:11 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\AIMP
[2017/06/06 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\Opera Software
[2017/06/06 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2017/06/06 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\Adobe
[2017/06/06 21:02:11 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\AIMP
[2017/06/06 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\Identities
[2017/06/06 16:19:33 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\InstallShield
[2011/04/12 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\Media Center Programs
[2017/06/06 18:16:22 | 000,000,000 | --SD | M] -- C:\Users\Zitso\AppData\Roaming\Microsoft
[2017/06/06 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\Mozilla
[2017/06/06 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\Opera Software
[2017/06/06 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\uTorrent
[2017/06/06 17:35:54 | 000,000,000 | ---D | M] -- C:\Users\Zitso\AppData\Roaming\WinRAR

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2017/06/06 17:34:31 | 002,240,192 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zitso\AppData\Roaming\uTorrent\uTorrent.exe
[2017/06/06 17:34:31 | 002,240,192 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zitso\AppData\Roaming\uTorrent\updates\3.5.0_43804.exe
[2017/06/06 17:54:55 | 000,396,992 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zitso\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: ALG.EXE >[/color]
[2009/07/14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\System32\alg.exe
[2009/07/14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2010/11/20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< MD5 for: CSRSS.EXE >[/color]
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

[color=#A23BEC]< MD5 for: CTFMON.EXE >[/color]
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2016/08/20 10:33:57 | 000,057,280 | ---- | M] (Microsoft Corporation) MD5=268CDDF109509B819A18051DD4D71055 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7601.23336_none_fc43b614eb9ae28c\disk.sys
[2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys
[2016/08/20 10:33:57 | 000,057,280 | ---- | M] (Microsoft Corporation) MD5=B7B470F163002A0D0E381EE45834BF6B -- C:\Windows\System32\drivers\disk.sys
[2016/08/20 10:33:57 | 000,057,280 | ---- | M] (Microsoft Corporation) MD5=B7B470F163002A0D0E381EE45834BF6B -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b1d91cea6f3429b1\disk.sys
[2016/08/20 10:33:57 | 000,057,280 | ---- | M] (Microsoft Corporation) MD5=B7B470F163002A0D0E381EE45834BF6B -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7601.19133_none_fbb71685d27ff996\disk.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2016/08/20 10:07:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016/08/20 10:07:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2016/08/20 10:07:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2009/07/14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
[2009/07/14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009/07/14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys
[2009/07/14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2016/08/20 10:06:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2016/08/20 10:06:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2016/08/20 10:06:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2016/08/20 10:06:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[color=#A23BEC]< MD5 for: INTELIDE.SYS >[/color]
[2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\drivers\intelide.sys
[2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\intelide.sys
[2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\intelide.sys
[2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\intelide.sys
[2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\intelide.sys
[2009/07/14 03:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\intelide.sys

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2016/08/20 10:28:10 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=2F3DFD64D97830B5F00D2BFC4AC1445F -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.23136_none_f515552a7e742878\mountmgr.sys
[2016/08/20 10:25:28 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=644905A19D0F37F2233DFCE53BC4BC19 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18741_none_f47c0b136562f85c\mountmgr.sys
[2016/08/20 10:25:28 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=B4867EA6A6BC23EBE4DB0839ED3E3DC2 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.22948_none_f50cabca7e7a46ae\mountmgr.sys
[2016/08/20 10:28:10 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=BAD9C0366134BA181514E9263C8CE606 -- C:\Windows\System32\drivers\mountmgr.sys
[2016/08/20 10:28:10 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=BAD9C0366134BA181514E9263C8CE606 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18933_none_f488df5f65590967\mountmgr.sys
[2010/11/20 23:29:11 | 000,078,208 | ---- | M] (Microsoft Corporation) MD5=FC8771F45ECCCFD89684E38842539B9B -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.17514_none_f49f8eb16547dc9f\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2016/08/20 10:27:25 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=000C1EEF05D422A76E57E84736EF25F0 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23126_none_82196d85c883b816\mrxsmb.sys
[2016/08/20 10:36:15 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=5DE91624A4D0B7FAA1D2BDF03AEC9560 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23391_none_81c8c06bc8c0f748\mrxsmb.sys
[2016/08/20 10:28:10 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=688E0D9C2F56F4A6C7156F067D43D2FD -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23136_none_820e9d99c88bd407\mrxsmb.sys
[2016/08/20 10:27:25 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=7A97B5B6E04AB52FA53C8EA574913A04 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18923_none_818cf7baaf689905\mrxsmb.sys
[2016/08/20 10:35:53 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=7B9C4C7FAE04079D405AE658A7616ED0 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23392_none_81c9c0b5c8c0109f\mrxsmb.sys
[2016/08/20 10:29:28 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=A6D93B0EAED452179B7A032CE9EEC4A1 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18951_none_816a8762af82ba2a\mrxsmb.sys
[2010/11/20 23:29:15 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=B272B4C3E085EA860C12F2E4FAF2FFA2 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_8198d720af5f882e\mrxsmb.sys
[2016/08/20 10:33:23 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=B69369AAB43B36B9EF3AB8596E6B5921 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23338_none_8210a1f9c88a0103\mrxsmb.sys
[2016/08/20 10:36:45 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=C04D36B97BCEE4A83EC34325A3424768 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23418_none_822643b7c879c648\mrxsmb.sys
[2016/08/20 10:06:53 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=C76FD653DB8B90DA85EAD12B12FFFC9F -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_81ee64e3c8a3e65b\mrxsmb.sys
[2016/08/20 10:29:28 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=C99F13B5B86A602F95777AC4358C0947 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23154_none_81f6fd2dc89dd93b\mrxsmb.sys
[2016/08/20 10:36:26 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=CEC36AABB88088C9D7B019338CC08B42 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23390_none_81c7c021c8c1ddf1\mrxsmb.sys
[2016/08/20 10:21:26 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=DFBE5EA4569CF2B902DCFE52EE4E9D6E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.22917_none_822563b3c87a8513\mrxsmb.sys
[2016/08/20 10:33:23 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=E900BD16B9EE8F09609D7FBE2027B376 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19135_none_8184026aaf6f180d\mrxsmb.sys
[2016/08/20 10:06:53 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=ED3D3419B064F28D812995ED8CADC541 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_8163c7ceaf872d3a\mrxsmb.sys
[2016/08/20 10:38:36 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=F667683CB800A04AA2F353326F65A6ED -- C:\Windows\System32\drivers\mrxsmb.sys
[2016/08/20 10:38:36 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=F667683CB800A04AA2F353326F65A6ED -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23497_none_81cec40dc8bb8c79\mrxsmb.sys
[2016/08/20 10:28:10 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=FEDAAB6716B44DE8B9EFC14DD9A26215 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18933_none_818227ceaf70b4f6\mrxsmb.sys
[2016/08/20 10:21:26 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=FFD09089BBBD94546821FD7F093F7427 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18711_none_8195c346af625018\mrxsmb.sys

[color=#A23BEC]< MD5 for: MRXSMB10.SYS >[/color]
[2016/08/20 10:36:26 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=1EDB7D39BC683F69D67BF8A971118EA2 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23390_none_8adade75c3131c53\mrxsmb10.sys
[2016/08/20 10:27:25 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=2A67D41C8007F57A527CDFF7D8AEB0C3 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23126_none_8b2c8bd9c2d4f678\mrxsmb10.sys
[2016/08/20 10:21:26 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=348C882F66AE4E4C53025FDF1FFB1618 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18711_none_8aa8e19aa9b38e7a\mrxsmb10.sys
[2016/08/20 10:33:23 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=34F71B69DD2875AF07C4DDF19563C457 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.19135_none_8a9720bea9c0566f\mrxsmb10.sys
[2016/08/20 10:21:26 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=3871DEF84E7FD13531A0B8557DE5A4EA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.22917_none_8b388207c2cbc375\mrxsmb10.sys
[2016/08/20 10:27:25 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=59C105984629EEF7B3B72B8235207575 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18923_none_8aa0160ea9b9d767\mrxsmb10.sys
[2016/08/20 10:28:10 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=77DD652AB8708CDB55FDB7073B868784 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18933_none_8a954622a9c1f358\mrxsmb10.sys
[2016/08/20 10:29:28 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=82AF4C0CF396B47D90E3499E39E9541C -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23154_none_8b0a1b81c2ef179d\mrxsmb10.sys
[2016/08/20 10:36:45 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=84D65385A4DF3577C9CA697B67DFCE26 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23418_none_8b39620bc2cb04aa\mrxsmb10.sys
[2016/08/20 10:38:36 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=85A2BBE6E1CC787EB39224610AF446C0 -- C:\Windows\System32\drivers\mrxsmb10.sys
[2016/08/20 10:38:36 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=85A2BBE6E1CC787EB39224610AF446C0 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23497_none_8ae1e261c30ccadb\mrxsmb10.sys
[2016/08/20 10:35:53 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=8E5D0A077B5592B4E8F26D8CDC2492CE -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23392_none_8adcdf09c3114f01\mrxsmb10.sys
[2010/11/20 23:29:13 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=9AC33EF26C8A3AD0F117D00EB7301D03 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8aabf574a9b0c690\mrxsmb10.sys
[2016/08/20 10:33:23 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=9DAEA5984C6BDC6DD6B0639AC47549BA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23338_none_8b23c04dc2db3f65\mrxsmb10.sys
[2016/08/20 10:29:28 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=B7A61200A1833380B3F0893E2C2369AA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18951_none_8a7da5b6a9d3f88c\mrxsmb10.sys
[2016/08/20 10:28:10 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=BEE5EA8E1F77925487774ECC9E680C0B -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23136_none_8b21bbedc2dd1269\mrxsmb10.sys
[2016/08/20 10:06:53 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=DC914446049169A964E27FD8888FFAEE -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17565_none_8a76e622a9d86b9c\mrxsmb10.sys
[2016/08/20 10:36:15 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=F83019CBC59BB6D1B2A6F28F78C48ACC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23391_none_8adbdebfc31235aa\mrxsmb10.sys
[2016/08/20 10:06:53 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=FF9C1079052D007EF6650BD526437F08 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21666_none_8b018337c2f524bd\mrxsmb10.sys

[color=#A23BEC]< MD5 for: MRXSMB20.SYS >[/color]
[2016/08/20 10:29:28 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=11861345E0001D63EBBB7A869D03005F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23154_none_8d40859401464b0e\mrxsmb20.sys
[2016/08/20 10:33:23 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=14063258261AA807DAADC9233422A5E5 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.19135_none_8ccd8ad0e81789e0\mrxsmb20.sys
[2016/08/20 10:36:26 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=189230AF3C373E372443EFABB2BB6FC1 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23390_none_8d114888016a4fc4\mrxsmb20.sys
[2016/08/20 10:28:10 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=27689A7AD30ADF2442CB66CE357C964A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23136_none_8d582600013445da\mrxsmb20.sys
[2016/08/20 10:38:36 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=46EB65AA7774F1582DA8A4E5DAD887FD -- C:\Windows\System32\drivers\mrxsmb20.sys
[2016/08/20 10:38:36 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=46EB65AA7774F1582DA8A4E5DAD887FD -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23497_none_8d184c740163fe4c\mrxsmb20.sys
[2016/08/20 10:28:10 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=4ACDB6414918D8920875B00B286E1FBC -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18933_none_8ccbb034e81926c9\mrxsmb20.sys
[2016/08/20 10:27:25 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=4FDCF05ED0346C73D148129B7EAE81CE -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23126_none_8d62f5ec012c29e9\mrxsmb20.sys
[2016/08/20 10:21:26 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=52A9EAA529D84F2B432D5483A9192B0B -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.22917_none_8d6eec1a0122f6e6\mrxsmb20.sys
[2016/08/20 10:33:23 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=5B0340F02610BF978FEBB90A53004DB6 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23338_none_8d5a2a60013272d6\mrxsmb20.sys
[2016/08/20 10:35:53 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=5D5A1C8C046AA8DAF5FC778B4019D7CE -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23392_none_8d13491c01688272\mrxsmb20.sys
[2016/08/20 10:21:26 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=68E0C10F0917DB2DBA059D253116E7FA -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18711_none_8cdf4bace80ac1eb\mrxsmb20.sys
[2016/08/20 10:29:28 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=77ABC3A8389EB0579566427CF2184EC6 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18951_none_8cb40fc8e82b2bfd\mrxsmb20.sys
[2016/08/20 10:27:25 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=7AF31FE4FAAD7770919CF0D3E774D753 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18923_none_8cd68020e8110ad8\mrxsmb20.sys
[2016/08/20 10:06:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=86CF607351BF18DB7B0B3FE593F5791E -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.21666_none_8d37ed4a014c582e\mrxsmb20.sys
[2016/08/20 10:36:45 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=8758312AE2602620E6C972F527EC64ED -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23418_none_8d6fcc1e0122381b\mrxsmb20.sys
[2016/08/20 10:36:15 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=C0D7B253E9948951F689B8A4CE45EB33 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23391_none_8d1248d20169691b\mrxsmb20.sys
[2010/11/20 23:29:20 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=E0ABDB5ED7E199E242A7D028E76C1D3A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8ce25f86e807fa01\mrxsmb20.sys
[2016/08/20 10:06:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=E7D90388D14FAE057C166C1801E0BF94 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17565_none_8cad5034e82f9f0d\mrxsmb20.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2016/08/20 10:10:50 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2016/08/20 10:30:42 | 000,713,152 | ---- | M] (Microsoft Corporation) MD5=43C1C599FF590C875764CB6254A506B6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_aa435dc7937e55cc\ndis.sys
[2016/08/20 10:10:50 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2016/08/20 10:30:42 | 000,712,640 | ---- | M] (Microsoft Corporation) MD5=9804FB2E46077F2977552347DFCA7E05 -- C:\Windows\System32\drivers\ndis.sys
[2016/08/20 10:30:42 | 000,712,640 | ---- | M] (Microsoft Corporation) MD5=9804FB2E46077F2977552347DFCA7E05 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_a9b4bda47a653a28\ndis.sys
[2010/11/20 23:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2010/11/20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2016/08/20 10:06:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2016/08/20 10:06:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2016/08/20 10:06:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2016/08/20 10:06:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\System32\drivers\rasacd.sys
[2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys

[color=#A23BEC]< MD5 for: RDPCDD.SYS >[/color]
[2010/11/20 23:29:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=23DAE03F29D253AE74C44F99E515F9A1 -- C:\Windows\System32\drivers\RDPCDD.sys
[2010/11/20 23:29:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=23DAE03F29D253AE74C44F99E515F9A1 -- C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7601.17514_none_d6e28e069c8110ef\RDPCDD.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2010/11/20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2016/08/20 10:27:06 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2016/08/20 10:27:06 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2016/08/20 10:27:06 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe

[color=#A23BEC]< MD5 for: SMSS.EXE >[/color]
[2016/08/20 10:25:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=01C6C743FE49D0FB3F0A1391FEF1DEB3 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_ae1e8e4a778ed482\smss.exe
[2016/08/20 10:27:25 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=10F4A8EE79F4E0ECC88AC71CA068B54C -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18923_none_ae363282777cc99c\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2016/08/20 10:33:23 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=1B30E9AF06CD2D24A8E781907D5CBEEE -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19135_none_ae2d3d32778348a4\smss.exe
[2016/08/20 10:28:10 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=2B8B8E5AE54D0EAAE5B84F65C325C3A7 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_ae2b62967784e58d\smss.exe
[2016/08/20 10:33:23 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=63FC218758C0D7DB656B9D61148D799F -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23338_none_aeb9dcc1909e319a\smss.exe
[2016/08/20 10:27:25 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=697A24C3A9F1ECD602C3D961D001036C -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23126_none_aec2a84d9097e8ad\smss.exe
[2016/08/20 10:36:45 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=6BC921FF016A5BD8EC60578ACBF3324F -- C:\Windows\System32\smss.exe
[2016/08/20 10:36:45 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=6BC921FF016A5BD8EC60578ACBF3324F -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23418_none_aecf7e7f908df6df\smss.exe
[2016/08/20 10:25:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=7FFC65934B6CC409D62448ADFE50EBF1 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_aeaf2f0190a622d4\smss.exe
[2016/08/20 10:28:10 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=C288ED8B99BC77DD8C8006CB8E97DC10 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_aeb7d86190a0049e\smss.exe
[2016/08/20 10:16:00 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2016/08/20 10:15:50 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe
[2016/08/20 10:15:50 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22917_none_aece9e7b908eb5aa\smss.exe
[2016/08/20 10:15:50 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_aebfcd67909a6c3f\smss.exe
[2016/08/20 10:35:53 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DD1314B5C4AFC9F93E1F678B5F417229 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23392_none_ae72fb7d90d44136\smss.exe
[2016/08/20 10:15:50 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2016/08/20 10:36:15 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=F8FEEE64AB2349519ED9AC4A887F4FC7 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23391_none_ae71fb3390d527df\smss.exe

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2010/11/20 23:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2016/08/20 10:09:12 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\System32\spoolsv.exe
[2016/08/20 10:09:12 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[2016/08/20 10:09:12 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe

[color=#A23BEC]< MD5 for: STORPORT.SYS >[/color]
[2016/08/20 10:06:11 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=9B5ED67D98DAEC1DC31F9C2766E90285 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.21680_none_29bda4c3a7cafce3\storport.sys
[2010/11/20 23:29:12 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=B40CCEC755DC3FBAE95E568C7849405E -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17514_none_2983b8948e70fede\storport.sys
[2016/08/20 10:17:05 | 000,149,952 | ---- | M] (Microsoft Corporation) MD5=ECFE2AE9092C672965131CF376AAF4BD -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.22589_none_29c68eafa7c2fd6c\storport.sys
[2016/08/20 10:06:11 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=EF3D32464EBBB10449465C8CAB57CA19 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17577_none_2945d9ea8e9ef289\storport.sys
[2016/08/20 10:17:05 | 000,149,440 | ---- | M] (Microsoft Corporation) MD5=F1A449D762657230629D8BFC107ABC14 -- C:\Windows\System32\drivers\storport.sys
[2016/08/20 10:17:05 | 000,149,440 | ---- | M] (Microsoft Corporation) MD5=F1A449D762657230629D8BFC107ABC14 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.18386_none_2939ef208ea81476\storport.sys

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[color=#A23BEC]< MD5 for: TCPIP.SYS >[/color]
[2010/11/20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2016/08/20 10:18:55 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2016/08/20 10:18:55 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2016/08/20 10:11:54 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2016/08/20 10:11:54 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2016/08/20 10:18:55 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2010/11/20 23:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\System32\drivers\termdd.sys
[2010/11/20 23:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\termdd.sys
[2010/11/20 23:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\termdd.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2016/08/20 10:19:59 | 002,350,080 | ---- | M] (Microsoft Corporation) MD5=2A58DBC1BADEA2F496099F8CB068E698 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18512_none_baf8cc49f8cac9be\win32k.sys
[2016/08/20 10:19:59 | 002,358,272 | ---- | M] (Microsoft Corporation) MD5=4DEBEBEAEDB6B740172E8C649C8B815C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22722_none_bb779b0f11f082a0\win32k.sys
[2016/08/20 10:19:22 | 002,352,640 | ---- | M] (Microsoft Corporation) MD5=5B1828278F3200EE4FAF48411894F6D2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18528_none_baf3fe19f8cd7db9\win32k.sys
[2016/08/20 10:09:55 | 002,351,616 | ---- | M] (Microsoft Corporation) MD5=5E7C260B168054FCB68BE9C030A81CE8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_bb5a46bd12060325\win32k.sys
[2016/08/20 10:29:09 | 002,393,088 | ---- | M] (Microsoft Corporation) MD5=660B481786C666371FD9657A95A6E939 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23149_none_bb68db1111fa969a\win32k.sys
[2016/08/20 10:31:43 | 002,395,648 | ---- | M] (Microsoft Corporation) MD5=66F4D11BE5475F990045329A3BDAB9DE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23265_none_bb4f3bf7120e6647\win32k.sys
[2010/11/20 23:29:24 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=687464342342B933D6B7FAA4A907AF4C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_bafae3a5f8c8e2cb\win32k.sys
[2016/08/20 10:35:44 | 002,397,184 | ---- | M] (Microsoft Corporation) MD5=7B36BA338408A68B84574EB4D5FE6BC3 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23407_none_bb921fdf11dbeb9d\win32k.sys
[2016/08/20 10:19:22 | 002,360,832 | ---- | M] (Microsoft Corporation) MD5=7E82C4BBA3C8EB0887DCAF8E7BE53D5E -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22739_none_bb73cd2911f24ff2\win32k.sys
[2016/08/20 10:38:46 | 002,398,208 | ---- | M] (Microsoft Corporation) MD5=98CCE59A4D2AD289A1F8A1406722E4D3 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23471_none_bb406eaf121a172a\win32k.sys
[2016/08/20 10:29:09 | 002,384,384 | ---- | M] (Microsoft Corporation) MD5=A22126F58B07E937D10F96A506E40107 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18946_none_badc6545f8df7789\win32k.sys
[2016/08/20 10:31:43 | 002,386,944 | ---- | M] (Microsoft Corporation) MD5=C2B6C9E4F6FDE6CC534D5D9427D5A84D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.19061_none_bac19c1df8f463fa\win32k.sys
[2016/08/20 10:39:04 | 002,399,232 | ---- | M] (Microsoft Corporation) MD5=E81344F0302BC4986B8C63DC41A78383 -- C:\Windows\System32\win32k.sys
[2016/08/20 10:39:04 | 002,399,232 | ---- | M] (Microsoft Corporation) MD5=E81344F0302BC4986B8C63DC41A78383 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23497_none_bb30d0931224e716\win32k.sys
[2016/08/20 10:09:55 | 002,343,424 | ---- | M] (Microsoft Corporation) MD5=F8DB740114248CE6910E550EE9C054A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_bb04b8f9f8c1a4f8\win32k.sys

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2016/08/20 10:20:44 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2016/08/20 10:20:44 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2016/08/20 10:20:44 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2016/08/20 10:15:50 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2016/08/20 10:15:50 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

< End of report >

Publicité

Signaler le contenu de ce document

Publicité