cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 25.12.2022 17:15:31 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IRUAMA\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19596)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,47% Memory free
7,87 Gb Paging File | 6,37 Gb Available in Paging File | 80,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 52,58 Gb Free Space | 53,85% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 116,70 Mb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive E: | 200,09 Gb Total Space | 34,52 Gb Free Space | 17,25% Space Free | Partition Type: NTFS

Computer Name: IRUAMA-NOT | User Name: IRUAMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2022.12.25 16:58:43 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\IRUAMA\Desktop\OTH.exe
PRC - [2022.12.25 16:56:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IRUAMA\Desktop\OTL.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2019.12.16 21:52:57 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2019.12.10 05:32:47 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2019.05.09 11:51:09 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:[b]64bit:[/b] - [2018.08.13 18:49:28 | 001,391,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2016.11.14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2016.11.14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013.05.27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009.07.13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2019.03.28 02:11:14 | 000,132,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.20 19:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.21 00:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.21 00:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.21 00:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.12.08 07:14:28 | 005,241,448 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2017.06.06 21:36:28 | 000,138,296 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2016.08.25 09:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2013.10.01 23:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013.02.12 01:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:[b]64bit:[/b] - [2013.02.12 01:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023.sys -- (USB_RNDIS)
DRV:[b]64bit:[/b] - [2012.08.23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012.08.23 11:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012.03.01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011.03.11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010.11.21 00:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2010.11.21 00:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010.11.21 00:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:[b]64bit:[/b] - [2010.11.21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009.07.13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009.06.10 17:34:41 | 000,057,344 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc21x4vm.sys -- (dc21x4vm)
DRV:[b]64bit:[/b] - [2009.06.10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2022.12.25 03:38:12 | 000,050,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B95A2EC-93F6-4916-845D-EB57D9714C35}\MpKslDrv.sys -- (MpKsl594d0aac)
DRV - [2009.07.13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 12 B3 89 A1 B9 D8 01 [binary data]
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = C2 87 E2 53 13 FA D8 01 [binary data]
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370231084-2802057956-1079096092-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.hiddenOneOffs: "MercadoLivre"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.region: "BR"
FF - prefs.js..browser.search.separatePrivateDefault.urlbarResult.enabled: false
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.16: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.18: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 108.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 108.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2022.09.08 20:49:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 108.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 108.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2022.08.26 20:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Extensions
[2022.12.21 20:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\extensions
[2022.09.07 05:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++b735dbcf-a8f4-4443-9f52-021f34b77bd8
[2022.12.25 16:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++b735dbcf-a8f4-4443-9f52-021f34b77bd8\idb
[2022.09.07 05:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++b735dbcf-a8f4-4443-9f52-021f34b77bd8\ls
[2022.09.06 23:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++d688e794-240f-4a9e-b694-b16ff91b0877
[2022.12.25 03:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++d688e794-240f-4a9e-b694-b16ff91b0877\ls
[2022.09.06 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++d688e794-240f-4a9e-b694-b16ff91b0877^userContextId=4294967295
[2022.12.25 16:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++d688e794-240f-4a9e-b694-b16ff91b0877^userContextId=4294967295\idb
[2022.09.06 21:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++ffedfafb-a822-418a-babf-f0ed986dd2f0^userContextId=4294967295
[2022.12.14 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\storage\default\moz-extension+++ffedfafb-a822-418a-babf-f0ed986dd2f0^userContextId=4294967295\idb
[2022.08.30 21:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\extensions
[2022.08.26 20:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++61babbec-cba3-4932-813b-eaa3c42e9f20^userContextId=4294967295
[2022.09.03 01:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++61babbec-cba3-4932-813b-eaa3c42e9f20^userContextId=4294967295\idb
[2022.08.26 20:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++a0ff9566-06f6-468d-89b6-a5639a9c1417
[2022.12.16 05:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++a0ff9566-06f6-468d-89b6-a5639a9c1417\idb
[2022.08.27 02:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++a0ff9566-06f6-468d-89b6-a5639a9c1417\ls
[2022.08.30 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++f16a6516-91a2-42e6-aaa4-9e1425d2e4ac
[2022.09.05 00:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++f16a6516-91a2-42e6-aaa4-9e1425d2e4ac\ls
[2022.08.26 20:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++f16a6516-91a2-42e6-aaa4-9e1425d2e4ac^userContextId=4294967295
[2022.12.16 05:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\storage\default\moz-extension+++f16a6516-91a2-42e6-aaa4-9e1425d2e4ac^userContextId=4294967295\idb
[2022.12.21 20:55:15 | 043,570,931 | ---- | M] () (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\extensions\support@lastpass.com.xpi
[2022.12.09 21:44:44 | 000,850,463 | ---- | M] () (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\b84jsyim.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2022.08.30 21:41:48 | 000,498,100 | ---- | M] () (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\extensions\langpack-en-US@firefox.mozilla.org.xpi
[2022.08.26 20:33:28 | 040,916,307 | ---- | M] () (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\extensions\support@lastpass.com.xpi
[2022.08.26 20:30:24 | 000,837,157 | ---- | M] () (No name found) -- C:\Users\IRUAMA\AppData\Roaming\Mozilla\Firefox\Profiles\zzpvr69a.default-release\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

O1 HOSTS File: ([2009.06.10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF92784-290F-46FF-B6DB-5B2A83607C8D}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{538AF670-F862-4944-8ED3-0B28FD3282DD}: DhcpNameServer = 192.168.43.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A667797-A8C3-4304-A0C4-E6254EB62BB8}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF310E15-B304-47BD-ABD9-2B3156A8B0DD}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD59DA74-F197-48B0-9912-82B0466E244B}: DhcpNameServer = 192.168.42.129
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2022.10.14 22:40:40 | 002,502,032 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2022.09.23 04:55:56 | 000,000,000 | ---D | M] - C:\Autoruns1 -- [ NTFS ]
O32 - AutoRun File - [2022.10.14 14:43:54 | 000,000,000 | ---D | M] - E:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2022.10.06 02:30:35 | 003,862,520 | ---- | M] () - E:\Autoruns.zip -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2022.12.25 16:58:10 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\IRUAMA\Desktop\OTH.exe
[2022.12.25 16:54:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\IRUAMA\Desktop\OTL.exe
[2022.12.25 02:36:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2022.12.25 02:16:58 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\Documents\Interwrite WorkSpace
[2022.12.25 02:16:58 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\GTCO CalComp
[2022.12.25 02:16:58 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\Documents\Galeria do Interwrite Content (Conteúdo do Interwrite)
[2022.12.25 02:16:55 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\Documents\Interwrite Content Gallery
[2022.12.24 07:13:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2022.12.24 07:07:34 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\eInstruction
[2022.12.24 06:57:05 | 000,102,400 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2022.12.24 06:56:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2022.12.24 06:56:11 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\Hermitech Laboratory
[2022.12.24 06:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hermitech Laboratory
[2022.12.24 06:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eInstruction
[2022.12.24 06:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eInstruction
[2022.12.24 06:47:12 | 000,000,000 | -H-D | C] -- C:\Users\IRUAMA\InstallAnywhere
[2022.12.23 08:51:07 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Local\fontconfig
[2022.12.16 06:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2022.12.16 06:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2022.12.16 05:46:18 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\Documents\FormatFactory
[2022.12.16 05:43:09 | 000,000,000 | ---D | C] -- C:\FFOutput
[2022.12.16 05:42:37 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2022.12.16 05:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FormatFactory
[2022.12.13 20:52:55 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\vlc
[2022.12.05 19:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2022.12.05 19:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2022.11.26 20:12:16 | 000,000,000 | -H-D | C] -- C:\$AV_ASW
[2022.11.24 02:37:02 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Local\Avast Software
[2022.11.24 02:33:51 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Local\CEF
[2022.11.24 02:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avast Software
[2022.11.23 21:20:18 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\Windows\SysWow64\staco.dll
[2022.11.23 21:19:55 | 000,219,648 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2022.11.23 21:19:04 | 000,508,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2022.11.23 21:12:04 | 000,000,000 | ---D | C] -- C:\driv
[2022.11.23 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2022.11.23 21:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2022.11.23 21:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2022.11.23 20:57:14 | 000,000,000 | ---D | C] -- C:\BIOS
[2022.11.23 20:50:22 | 000,342,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSES.dll
[2022.11.23 20:50:22 | 000,342,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSEL.dll
[2022.11.23 20:50:22 | 000,334,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSFR.dll
[2022.11.23 20:50:22 | 000,334,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSESM.dll
[2022.11.23 20:50:22 | 000,330,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSPT.dll
[2022.11.23 20:50:22 | 000,330,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSIT.dll
[2022.11.23 20:50:22 | 000,326,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSPTB.dll
[2022.11.23 20:50:22 | 000,326,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSNL.dll
[2022.11.23 20:50:22 | 000,322,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSRU.dll
[2022.11.23 20:50:22 | 000,322,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSHU.dll
[2022.11.23 20:50:22 | 000,318,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSDE.dll
[2022.11.23 20:50:22 | 000,309,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSTR.dll
[2022.11.23 20:50:22 | 000,309,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSSL.dll
[2022.11.23 20:50:22 | 000,309,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSFI.dll
[2022.11.23 20:50:22 | 000,305,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSSK.dll
[2022.11.23 20:50:22 | 000,305,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSNO.dll
[2022.11.23 20:50:22 | 000,301,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSSV.dll
[2022.11.23 20:50:22 | 000,301,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSPL.dll
[2022.11.23 20:50:22 | 000,301,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSDA.dll
[2022.11.23 20:50:22 | 000,297,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSTH.dll
[2022.11.23 20:50:22 | 000,293,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSENU.dll
[2022.11.23 20:50:22 | 000,293,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSENG.dll
[2022.11.23 20:50:22 | 000,293,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSCS.dll
[2022.11.23 20:50:22 | 000,289,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSAR.dll
[2022.11.23 20:50:22 | 000,285,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSHE.dll
[2022.11.23 20:50:22 | 000,219,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSJA.dll
[2022.11.23 20:50:22 | 000,203,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSKO.dll
[2022.11.23 20:50:22 | 000,174,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSZHT.dll
[2022.11.23 20:50:22 | 000,170,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVWRSZHC.dll
[2022.11.23 20:50:22 | 000,000,000 | ---D | C] -- C:\Windows\nview
[2022.11.23 20:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2022.11.23 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2022.11.23 06:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jmesoft
[2022.11.23 06:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2022.11.23 06:32:30 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\SysWow64\ISUSPM.cpl
[2022.11.23 06:32:30 | 000,000,000 | ---D | C] -- C:\Windows\jmesoft
[2022.11.23 06:32:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2022.11.23 06:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2022.11.22 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\Visisino
[2022.11.22 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\IRUAMA\AppData\Roaming\ServiceGet
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2022.12.25 17:17:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2022.12.25 16:58:43 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\IRUAMA\Desktop\OTH.exe
[2022.12.25 16:56:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IRUAMA\Desktop\OTL.exe
[2022.12.25 16:17:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2022.12.25 03:09:06 | 000,034,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2022.12.25 03:09:06 | 000,034,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2022.12.25 02:37:48 | 3168,215,040 | -HS- | M] () -- C:\hiberfil.sys
[2022.12.24 07:10:00 | 000,823,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2022.12.24 07:10:00 | 000,685,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2022.12.24 07:10:00 | 000,130,956 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2022.12.24 07:04:34 | 000,411,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2022.12.24 06:56:42 | 000,000,476 | ---- | M] () -- C:\Program Files (x86)\Common Files\eInstruction.ini
[2022.12.24 06:56:41 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\WorkSpace.lnk
[2022.12.16 06:11:13 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z OC.lnk
[2022.12.16 05:42:39 | 000,001,078 | ---- | M] () -- C:\Users\IRUAMA\Desktop\Format Factory.lnk
[2022.12.13 20:52:15 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2022.12.10 21:53:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2022.11.30 21:45:38 | 000,007,636 | ---- | M] () -- C:\Users\IRUAMA\AppData\Local\Resmon.ResmonCfg
[2022.11.10 01:02:39 | 000,262,655 | ---- | M] () -- C:\Users\IRUAMA\Documents\New Image File.daa
[2022.11.04 02:25:23 | 000,002,256 | -H-- | M] () -- C:\Users\IRUAMA\Documents\Default.rdp
[2022.11.02 22:59:39 | 000,001,749 | ---- | M] () -- C:\Users\IRUAMA\Desktop\Acrobat.exe - Shortcut.lnk
[2022.10.30 12:42:55 | 000,001,072 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2022.12.25 17:17:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2022.12.24 06:56:41 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\WorkSpace.lnk
[2022.12.24 06:54:50 | 000,000,476 | ---- | C] () -- C:\Program Files (x86)\Common Files\eInstruction.ini
[2022.12.16 06:11:13 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z OC.lnk
[2022.12.16 05:42:39 | 000,001,078 | ---- | C] () -- C:\Users\IRUAMA\Desktop\Format Factory.lnk
[2022.12.10 21:53:30 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2022.11.23 20:50:22 | 001,731,176 | ---- | C] () -- C:\Windows\SysNative\nvwdmcpl.dll
[2022.11.23 20:50:22 | 001,657,448 | ---- | C] () -- C:\Windows\SysNative\nwiz.exe
[2022.11.23 20:50:22 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2022.11.23 20:50:22 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2022.11.23 20:50:22 | 000,473,704 | ---- | C] () -- C:\Windows\SysNative\nvShell.dll
[2022.11.23 20:50:22 | 000,449,128 | ---- | C] () -- C:\Windows\SysNative\nvAppBar.exe
[2022.11.23 20:50:22 | 000,260,712 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2022.11.23 06:32:30 | 000,000,678 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO OKE FN PS2 KEYBOARD.lnk
[2022.11.10 01:02:39 | 000,262,655 | ---- | C] () -- C:\Users\IRUAMA\Documents\New Image File.daa
[2022.11.04 02:21:12 | 000,002,256 | -H-- | C] () -- C:\Users\IRUAMA\Documents\Default.rdp
[2022.11.02 22:59:39 | 000,001,749 | ---- | C] () -- C:\Users\IRUAMA\Desktop\Acrobat.exe - Shortcut.lnk
[2022.10.30 12:32:29 | 000,001,072 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2022.09.23 04:52:47 | 000,007,636 | ---- | C] () -- C:\Users\IRUAMA\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2019.05.24 21:04:16 | 014,185,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2019.05.24 20:59:03 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2022.09.08 21:48:50 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Dev-Cpp
[2022.12.24 07:07:34 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\eInstruction
[2022.12.25 02:16:58 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\GTCO CalComp
[2022.12.24 06:56:12 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Hermitech Laboratory
[2022.12.03 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\ServiceGet
[2022.09.08 23:51:43 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\SolidDocuments
[2022.11.22 20:34:39 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Visisino

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< *crack* /s >[/color]
[2009.07.14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 02:08:49 | 000,032,614 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#A23BEC]< *keygen* /s >[/color]

[color=#A23BEC]< *serial* /s >[/color]
[2012.11.09 09:30:56 | 000,050,130 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\Serialio.jar
[2012.02.07 17:13:39 | 000,002,605 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\ca_ES\Serial_Numbers.htm
[2012.05.22 14:02:56 | 000,003,533 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\de_DE\Serial_Numbers.htm
[2012.05.22 14:03:00 | 000,003,517 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\en_US\Serial_Numbers.htm
[2012.05.22 14:03:04 | 000,003,604 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\es_ES\Serial_Numbers.htm
[2012.05.22 14:03:08 | 000,003,617 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\es_MX\Serial_Numbers.htm
[2012.05.22 14:03:12 | 000,003,599 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\fr_FR\Serial_Numbers.htm
[2012.01.25 14:22:00 | 000,003,542 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\it_IT\Serial_Numbers.htm
[2012.01.25 14:22:00 | 000,003,505 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\nl_NL\Serial_Numbers.htm
[2012.01.25 14:22:00 | 000,003,546 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\pl_PL\Serial_Numbers.htm
[2012.01.25 14:22:00 | 000,003,563 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\pt_BR\Serial_Numbers.htm
[2012.01.25 14:22:00 | 000,003,566 | ---- | M] () -- \Program Files (x86)\eInstruction\Device Manager\help\pt_PT\Serial_Numbers.htm
[2013.03.14 14:19:48 | 000,003,778 | ---- | M] () -- \Program Files (x86)\eInstruction\Workspace\Help\wsENU\Serial_Numbers.htm
[2013.03.14 14:20:08 | 000,003,902 | ---- | M] () -- \Program Files (x86)\eInstruction\Workspace\Help\wsESM\Serial_Numbers.htm
[2013.03.22 15:52:40 | 000,003,847 | ---- | M] () -- \Program Files (x86)\eInstruction\Workspace\Help\wsPTB\Serial_Numbers.htm
[2019.07.03 20:01:01 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2019.07.03 20:01:16 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2022.12.25 02:17:47 | 000,000,939 | ---- | M] () -- \Users\IRUAMA\AppData\Roaming\Microsoft\Windows\Recent\serial - Cópia.txt.lnk
[2014.06.23 20:43:20 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2019.07.03 20:01:01 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2022.10.11 21:23:49 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3dfbba7cde935a8e49a4d49b9006c4a9\System.Runtime.Serialization.ni.dll
[2022.10.11 21:14:34 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ec15ba573e2fd9d3f9f559bdccd35548\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2022.10.11 21:19:17 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\96c96f03b302309e44c42f610a5fe1f4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2022.10.11 21:25:06 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\978a99a5bae098549ecb9a31d7e67911\System.Runtime.Serialization.ni.dll
[2022.09.05 20:19:39 | 000,318,464 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\4258406b3d1a49f54d88b3524397331e\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2022.09.05 20:19:39 | 000,000,644 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\4258406b3d1a49f54d88b3524397331e\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2022.09.05 20:19:39 | 002,956,800 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\4dd0adc78feadb0f3d91c49d0c7e12ee\System.Runtime.Serialization.ni.dll
[2022.09.05 20:19:39 | 000,001,100 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\4dd0adc78feadb0f3d91c49d0c7e12ee\System.Runtime.Serialization.ni.dll.aux
[2022.09.05 20:27:22 | 000,025,088 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\c1efbe0b2e671347d15c87d206fe4338\System.Xml.Serialization.ni.dll
[2022.09.05 20:27:22 | 000,000,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\c1efbe0b2e671347d15c87d206fe4338\System.Xml.Serialization.ni.dll.aux
[2022.09.05 20:31:48 | 000,353,280 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\be5ab153b3bf2ead9034faf8c5125ea3\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2022.09.05 20:31:48 | 000,000,644 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\be5ab153b3bf2ead9034faf8c5125ea3\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2022.09.05 20:31:48 | 003,414,528 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\89b580a8c7d8769dd94cdb1b14f6d77d\System.Runtime.Serialization.ni.dll
[2022.09.05 20:31:48 | 000,001,100 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\89b580a8c7d8769dd94cdb1b14f6d77d\System.Runtime.Serialization.ni.dll.aux
[2022.09.05 20:33:45 | 000,027,136 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\04b500d4a663ac6b9b9171548d2f5241\System.Xml.Serialization.ni.dll
[2022.09.05 20:33:45 | 000,000,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\04b500d4a663ac6b9b9171548d2f5241\System.Xml.Serialization.ni.dll.aux
[2019.03.28 02:11:14 | 001,054,112 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7FA53761D8D11863495A5C876AE18C23\4.8.3761\System.Runtime.Serialization.dll.amd64
[2019.03.28 02:11:14 | 001,054,112 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7FA53761D8D11863495A5C876AE18C23\4.8.3761\System.Runtime.Serialization.dll.x86
[2019.03.28 02:11:14 | 001,054,112 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7FA53761D8D11863495A5C876AE18C23\4.8.3761\System.Runtime.Serialization.dll_gac_x86
[2019.03.28 02:11:14 | 000,141,216 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2019.03.28 02:11:14 | 000,029,600 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2019.12.03 18:55:12 | 001,054,856 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2019.03.28 02:11:14 | 000,045,472 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2019.03.28 02:11:14 | 000,029,600 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014.06.23 20:43:20 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2019.07.03 20:01:01 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2019.12.03 18:55:12 | 001,054,856 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.dll
[2019.03.28 02:11:14 | 000,141,216 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2019.03.28 02:11:14 | 000,029,600 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2019.03.28 02:11:14 | 000,045,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2019.03.28 02:11:14 | 000,029,600 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2014.06.23 20:43:09 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2019.07.03 20:01:17 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2019.12.03 18:55:12 | 001,054,856 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.dll
[2019.03.28 02:11:14 | 000,141,216 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2019.03.28 02:11:14 | 000,029,088 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2019.03.28 02:11:14 | 000,029,600 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2019.03.28 02:11:14 | 000,045,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2019.03.28 02:11:14 | 000,029,600 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009.07.13 22:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.13 21:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 17:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010.11.21 04:06:15 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.13 22:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010.11.21 04:06:15 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2010.11.21 04:06:20 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009.07.13 22:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010.11.21 04:06:21 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.13 21:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 17:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.23 20:43:09 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_a9a7e561157d82e9\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.23 20:43:05 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 17:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 00:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2014.03.09 18:48:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff\System.Runtime.Serialization.dll
[2014.03.17 11:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad\System.Runtime.Serialization.dll
[2018.07.17 18:15:19 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.24213_none_424b36288e8b33b8\System.Runtime.Serialization.dll
[2019.07.03 20:01:17 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.24496_none_4252f3d88e844bf5\System.Runtime.Serialization.dll
[2010.11.21 00:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2014.03.09 18:48:50 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98\System.Runtime.Serialization.dll
[2014.03.17 11:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846\System.Runtime.Serialization.dll
[2018.07.17 18:15:18 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24213_none_7d2242f2e2832e51\System.Runtime.Serialization.dll
[2019.07.03 20:01:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24496_none_7d2a00a2e27c468e\System.Runtime.Serialization.dll
[2018.11.15 18:04:58 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2018.11.15 18:04:58 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010.11.21 04:06:44 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009.07.13 23:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010.11.21 04:06:45 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.13 23:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.13 23:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 14:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 10:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.13 23:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 00:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2014.07.02 03:30:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff.manifest
[2014.07.02 03:30:44 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad.manifest
[2018.07.27 01:23:13 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.24213_none_424b36288e8b33b8.manifest
[2019.07.03 23:12:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.24496_none_4252f3d88e844bf5.manifest
[2010.11.21 00:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2014.07.02 03:31:00 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98.manifest
[2014.07.02 03:30:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846.manifest
[2018.07.27 01:23:19 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24213_none_7d2242f2e2832e51.manifest
[2019.07.03 23:12:34 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24496_none_7d2a00a2e27c468e.manifest
[2010.11.21 00:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2014.07.02 02:57:49 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29.manifest
[2014.07.02 03:07:46 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7.manifest
[2018.07.27 01:05:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.24213_none_8fb198628e81bbe2.manifest
[2019.07.03 23:20:28 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.24496_none_8fb956128e7ad41f.manifest
[2010.11.21 04:05:51 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2014.07.02 03:12:55 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_en-us_8f47fbdfbfd0e755.manifest
[2014.07.02 03:12:12 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_en-us_787b5545d9776103.manifest
[2018.07.27 01:05:37 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.24213_en-us_78795931d979270e.manifest
[2019.07.03 22:19:24 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.24496_en-us_788116e1d9723f4b.manifest
[2010.11.21 00:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2014.07.02 03:00:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c.manifest
[2014.07.02 03:10:04 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a.manifest
[2018.07.27 01:07:28 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.24213_none_bff4cdfcb628bd15.manifest
[2019.07.03 23:21:47 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.24496_none_bffc8bacb621d552.manifest
[2010.11.21 00:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2014.07.02 02:58:58 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e.manifest
[2014.07.02 03:08:55 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c.manifest
[2018.07.27 01:06:42 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24213_none_c4cf79c9f6ff5757.manifest
[2019.07.03 23:21:07 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24496_none_c4d73779f6f86f94.manifest
[2009.06.10 18:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.23 20:43:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_1c70653de072abde\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.23 20:43:36 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_05a3bea3fa19258c\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.21 00:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2014.03.09 18:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29\System.Runtime.Serialization.dll
[2014.03.17 11:38:28 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7\System.Runtime.Serialization.dll
[2018.07.17 18:14:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.24213_none_8fb198628e81bbe2\System.Runtime.Serialization.dll
[2019.07.03 20:01:01 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.24496_none_8fb956128e7ad41f\System.Runtime.Serialization.dll
[2010.11.21 00:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2014.03.09 18:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c\System.Runtime.Serialization.dll
[2014.03.17 11:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a\System.Runtime.Serialization.dll
[2018.07.17 18:14:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.24213_none_bff4cdfcb628bd15\System.Runtime.Serialization.dll
[2019.07.03 20:01:01 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.24496_none_bffc8bacb621d552\System.Runtime.Serialization.dll
[2010.11.21 04:06:15 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.13 22:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.21 00:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2014.03.09 18:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e\System.Runtime.Serialization.dll
[2014.03.17 11:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c\System.Runtime.Serialization.dll
[2018.07.17 18:14:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24213_none_c4cf79c9f6ff5757\System.Runtime.Serialization.dll
[2019.07.03 20:01:01 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.24496_none_c4d73779f6f86f94\System.Runtime.Serialization.dll

[color=#A23BEC]< *AutoKMS* /s >[/color]

[color=#A23BEC]< *loader* /s >[/color]
[2012.09.23 20:43:52 | 000,012,278 | ---- | M] () -- \Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\WebPublish\BootStrapLoader.swf
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2022.03.02 20:44:48 | 000,054,784 | ---- | M] () -- \Program Files\Hasleo\WinToUSB\bin\CloneLoader.exe
[2022.03.02 20:44:48 | 000,054,784 | ---- | M] () -- \Program Files\Hasleo\WinToUSB\x64\WinToUSB\bin\CloneLoader.exe
[2022.03.02 20:43:42 | 000,054,784 | ---- | M] () -- \Program Files\Hasleo\WinToUSB\x86\WinToUSB\bin\CloneLoader.exe
[2022.08.21 20:00:15 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2019.08.29 01:19:55 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_cs-cz_91e2f9922cd2aa71.manifest
[2019.08.29 01:18:12 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_da-dk_2f1cd9b92318a670.manifest
[2019.08.29 01:17:28 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_de-de_2c486ef524eefb0a.manifest
[2019.08.29 01:18:57 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_el-gr_d4de9c8814046398.manifest
[2019.08.29 01:19:47 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_es-es_d504a1d213f3f874.manifest
[2019.08.29 01:16:43 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_fi-fi_741fa67f090dea9e.manifest
[2019.08.29 01:18:31 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_fr-fr_77bc17d106c60ed6.manifest
[2019.08.29 01:18:49 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_hu-hu_bf2c9818eb25ddf2.manifest
[2019.08.29 01:17:31 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_it-it_61e40e17ddf7f454.manifest
[2019.08.29 01:17:40 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_ja-jp_04098d24d113062f.manifest
[2019.08.29 01:20:33 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_ko-kr_a77369d9c383cd45.manifest
[2019.08.29 01:17:41 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_nb-no_9005eb0e9ba8f901.manifest
[2019.08.29 01:17:45 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_nl-nl_8e45364c9cd502d6.manifest
[2019.08.29 01:18:35 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_pl-pl_d48190ce81f7708a.manifest
[2019.08.29 01:19:45 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_pt-br_d6d57b728081046e.manifest
[2019.08.29 01:20:07 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_pt-pt_d7b74ade7ff0744a.manifest
[2019.08.29 01:19:45 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_ru-ru_1e5a5ca264d20276.manifest
[2019.08.29 01:17:30 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_sv-se_ba5547175bfb0cd1.manifest
[2019.08.29 01:20:05 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_tr-tr_6362915e4ab70ec2.manifest
[2019.08.29 01:20:28 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_zh-cn_34bfaf5bfaeee0e1.manifest
[2019.08.29 01:15:47 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_zh-hk_336aa7e9fbca5371.manifest
[2019.08.29 01:18:30 | 000,004,431 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_zh-tw_38bbecb1f85fbd51.manifest
[2019.08.29 01:19:15 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_cs-cz_9fd5d07e67ef5fcd.manifest
[2019.08.29 01:18:11 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_da-dk_3d0fb0a55e355bcc.manifest
[2019.08.29 01:16:58 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_de-de_3a3b45e1600bb066.manifest
[2019.08.29 01:18:57 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_el-gr_e2d173744f2118f4.manifest
[2019.08.28 23:56:31 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_en-us_e32c1bda4ee9bc2b.manifest
[2019.08.29 01:19:16 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_es-es_e2f778be4f10add0.manifest
[2019.08.29 01:16:42 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_fi-fi_82127d6b442a9ffa.manifest
[2019.08.29 01:18:02 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_fr-fr_85aeeebd41e2c432.manifest
[2019.08.29 01:18:19 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_hu-hu_cd1f6f052642934e.manifest
[2019.08.29 01:16:57 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_it-it_6fd6e5041914a9b0.manifest
[2019.08.29 01:17:08 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_ja-jp_11fc64110c2fbb8b.manifest
[2019.08.29 01:20:01 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_ko-kr_b56640c5fea082a1.manifest
[2019.08.29 01:17:40 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_nb-no_9df8c1fad6c5ae5d.manifest
[2019.08.29 01:17:11 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_nl-nl_9c380d38d7f1b832.manifest
[2019.08.29 01:18:05 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_pl-pl_e27467babd1425e6.manifest
[2019.08.29 01:19:17 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_pt-br_e4c8525ebb9db9ca.manifest
[2019.08.29 01:19:27 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_pt-pt_e5aa21cabb0d29a6.manifest
[2019.08.29 01:19:18 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_ru-ru_2c4d338e9feeb7d2.manifest
[2019.08.29 01:17:01 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_sv-se_c8481e039717c22d.manifest
[2019.08.29 01:19:26 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_tr-tr_7155684a85d3c41e.manifest
[2019.08.29 01:19:57 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_zh-cn_42b28648360b963d.manifest
[2019.08.29 01:15:46 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_zh-hk_415d7ed636e708cd.manifest
[2019.08.29 01:18:04 | 000,004,434 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_zh-tw_46aec39e337c72ad.manifest
[2019.08.29 00:17:56 | 000,005,793 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.24520_none_9e8f19ca9a606dd0.manifest
[2019.08.28 23:50:18 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24520_none_69527adeab992398\api-ms-win-core-libraryloader-l1-1-0.dll
[2019.08.28 23:52:18 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eee5375532a2818fdfac1d94a5f1bd4\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24520_none_0d33df5af33bb262\api-ms-win-core-libraryloader-l1-1-0.dll
[2020.01.03 00:37:32 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.13 22:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2020.01.03 00:37:32 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.13 22:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.13 22:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.13 22:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2018.11.15 17:31:43 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.01 23:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.25 15:11:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_68a6d625929398fb\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 00:06:41 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 15:00:47 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_68c146139280aa45\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.22 20:52:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18939_none_68c747cf927b424f\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 03:12:24 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_68c320af927f0d5c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 02:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.11 23:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.25 15:14:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_691e7920abbfd697\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 00:11:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_69588bcaab93ad65\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 15:05:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.22 18:52:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23142_none_693eeacaaba77feb\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 03:17:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_694fc03eab99f652\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.03.16 15:44:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_6907deb0abd0ec97\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.02 12:30:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23539_none_6950c454ab9909f7\api-ms-win-core-libraryloader-l1-1-0.dll
[2018.11.10 22:24:27 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24291_none_6907c602abd10911\api-ms-win-core-libraryloader-l1-1-0.dll
[2019.02.21 01:06:31 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24384_none_691598b2abc6364c\api-ms-win-core-libraryloader-l1-1-0.dll
[2020.01.03 00:33:11 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24545_none_6941dc78aba4da2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2022.10.14 07:57:05 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24545_en-us_d528a68813d8bd64.manifest
[2022.10.14 07:57:05 | 000,034,528 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24545_en-us_d528a68813d8bd64_winload.efi.mui_35ee487d
[2022.10.14 07:57:05 | 000,034,528 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24545_en-us_d528a68813d8bd64_winload.exe.mui_3bc5b827
[2022.10.14 07:57:05 | 000,031,456 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24545_en-us_d528a68813d8bd64_winresume.efi.mui_f412814e
[2022.10.14 07:57:05 | 000,031,456 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24545_en-us_d528a68813d8bd64_winresume.exe.mui_ff8b5358
[2022.10.14 07:57:05 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24545_none_b9b6a6b49c7bc739.manifest
[2022.10.14 07:57:05 | 000,709,856 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24545_none_b9b6a6b49c7bc739_winload.efi_75834aa0
[2022.10.14 07:57:05 | 000,629,984 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24545_none_b9b6a6b49c7bc739_winload.exe_75835076
[2022.10.14 07:57:05 | 000,627,424 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24545_none_b9b6a6b49c7bc739_winresume.efi_85cd069f
[2022.10.14 07:57:05 | 000,546,656 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24545_none_b9b6a6b49c7bc739_winresume.exe_85cd1215
[2009.07.13 23:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.13 23:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2018.11.15 18:36:17 | 000,000,616 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2010.11.21 04:05:43 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2015.01.16 03:36:33 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_d53c7af413ca142e.manifest
[2015.05.25 15:25:12 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_d505433013f3b9ce.manifest
[2015.07.15 00:32:59 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_d53f55da13c7909c.manifest
[2015.07.15 15:15:00 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_d53485ee13cfac8d.manifest
[2015.07.22 19:05:32 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_d525b4da13db6322.manifest
[2016.01.22 03:29:17 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_d5368a4e13cdd989.manifest
[2016.03.16 15:55:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23391_en-us_d4eea8c01404cfce.manifest
[2016.09.02 12:37:24 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_d5378e6413cced2e.manifest
[2018.11.10 22:53:38 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24291_en-us_d4ee90121404ec48.manifest
[2019.02.21 01:14:07 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24384_en-us_d4fc62c213fa1983.manifest
[2019.08.28 23:56:56 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24520_en-us_d53944ee13cd06cf.manifest
[2020.01.03 00:40:53 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.24545_en-us_d528a68813d8bd64.manifest
[2010.11.21 00:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 14:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 10:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2015.01.16 03:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015.05.25 15:45:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_b993435c9c96c3a3.manifest
[2015.07.15 00:48:43 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71.manifest
[2015.07.15 15:39:45 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_b9c2861a9c72b662.manifest
[2015.07.22 22:47:39 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_b9b3b5069c7e6cf7.manifest
[2016.01.22 03:51:12 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e.manifest
[2016.03.16 16:24:30 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23391_none_b97ca8ec9ca7d9a3.manifest
[2016.09.02 12:55:50 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_b9c58e909c6ff703.manifest
[2018.11.10 23:01:40 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24291_none_b97c903e9ca7f61d.manifest
[2019.02.21 01:31:18 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24384_none_b98a62ee9c9d2358.manifest
[2019.08.29 00:17:52 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24520_none_b9c7451a9c7010a4.manifest
[2020.01.03 04:02:46 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.24545_none_b9b6a6b49c7bc739.manifest
[2009.07.13 23:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.13 22:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.13 22:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2018.11.15 17:31:43 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.01 22:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.25 14:55:18 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_0c883aa1da3627c5\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.14 23:47:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_0cad7a7bda1b1d1e\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 14:44:18 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_0ca2aa8fda23390f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.22 14:42:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18939_none_0ca8ac4bda1dd119\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 02:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 01:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.11 23:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.25 15:00:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_0cffdd9cf3626561\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.14 23:51:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_0d39f046f3363c2f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.15 14:40:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_0d2f205af33e5820\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.07.22 20:54:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23142_none_0d204f46f34a0eb5\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 02:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.03.16 15:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_0ce9432cf3737b61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.09.02 12:16:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23539_none_0d3228d0f33b98c1\api-ms-win-core-libraryloader-l1-1-0.dll
[2018.11.10 22:09:51 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24291_none_0ce92a7ef37397db\api-ms-win-core-libraryloader-l1-1-0.dll
[2019.02.21 00:56:24 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24384_none_0cf6fd2ef368c516\api-ms-win-core-libraryloader-l1-1-0.dll
[2020.01.03 00:37:32 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.24545_none_0d2340f4f34768f7\api-ms-win-core-libraryloader-l1-1-0.dll

[color=#A23BEC]< *msconfig* >[/color]

[color=#A23BEC]< *activex* >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2022.10.14 22:40:40 | 002,502,032 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2018.11.17 23:44:07 | 000,399,860 | RHS- | M] () -- C:\bootmgr
[2022.08.21 21:18:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2022.09.07 09:08:08 | 000,240,491 | RHS- | M] () -- C:\ERPWF
[2022.12.25 02:37:48 | 3168,215,040 | -HS- | M] () -- C:\hiberfil.sys
[2022.12.25 02:37:49 | 4224,290,816 | -HS- | M] () -- C:\pagefile.sys
[2022.12.25 17:17:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2022.09.07 09:08:08 | 000,000,020 | RHS- | M] () -- C:\win7.ld

[color=#A23BEC]< %APPDATA%\Local\*. >[/color]

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2022.11.23 21:08:51 | 000,010,134 | R--- | M] () -- C:\Users\IRUAMA\AppData\Roaming\Microsoft\Installer\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}\ARPPRODUCTICON.exe
[2022.11.23 21:08:53 | 000,010,134 | R--- | M] () -- C:\Users\IRUAMA\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe
[2022.12.24 07:11:54 | 004,660,760 | R--- | M] (Flexera Software, Inc.) -- C:\Users\IRUAMA\AppData\Roaming\Microsoft\Installer\{CDE317AB-13D1-47A1-929A-018603072780}\ARPPRODUCTICON.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2022.09.15 21:20:34 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Adobe
[2022.09.08 21:48:50 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Dev-Cpp
[2022.12.03 22:40:42 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\dvdcss
[2022.12.24 07:07:34 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\eInstruction
[2022.12.25 02:16:58 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\GTCO CalComp
[2022.12.24 06:56:12 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Hermitech Laboratory
[2022.08.21 16:26:54 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Identities
[2010.11.21 04:16:58 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Media Center Programs
[2022.11.23 21:08:51 | 000,000,000 | --SD | M] -- C:\Users\IRUAMA\AppData\Roaming\Microsoft
[2022.08.26 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Mozilla
[2022.12.03 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\ServiceGet
[2022.09.08 23:51:43 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\SolidDocuments
[2022.11.22 20:34:39 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\Visisino
[2022.12.25 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\vlc
[2022.08.31 19:52:39 | 000,000,000 | ---D | M] -- C:\Users\IRUAMA\AppData\Roaming\WinRAR

[color=#A23BEC]< %systemdrive%\drivers\*.exe >[/color]

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color]
[2022.12.24 21:53:42 | 000,109,656 | ---- | M] () -- C:\Users\IRUAMA\AppData\Local\GDIPFONTCACHEV1.DAT
[2022.12.25 02:36:43 | 004,608,367 | -H-- | M] () -- C:\Users\IRUAMA\AppData\Local\IconCache.db
[2022.11.30 21:45:38 | 000,007,636 | ---- | M] () -- C:\Users\IRUAMA\AppData\Local\Resmon.ResmonCfg

[color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.ini >[/color]
[2022.09.03 12:43:49 | 000,765,732 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

[color=#A23BEC]< %systemroot%\Tasks\*.* >[/color]
[2022.12.25 02:38:02 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2022.10.15 14:22:17 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#A23BEC]< %systemroot%\system32\tasks\*.* /s /64 >[/color]
[2009.07.14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009.07.14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\PolicyConverter
[2009.07.14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009.07.14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\AitAgent
[2022.12.24 05:47:21 | 000,004,110 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[2022.10.14 08:04:53 | 000,003,574 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009.07.14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Autochk\Proxy
[2022.10.16 07:00:48 | 000,003,432 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009.07.14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009.07.14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009.07.14 01:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009.07.14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009.07.14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009.07.14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009.07.14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Diagnosis\Scheduled
[2022.09.18 01:00:02 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2011.12.20 09:23:33 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2022.10.11 21:08:58 | 000,002,132 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\End Of Support\Notify1
[2022.10.11 21:09:00 | 000,002,142 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\End Of Support\Notify2
[2009.07.14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Location\Notifications
[2022.09.05 20:46:41 | 000,004,084 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Maintenance\WinSAT
[2011.12.20 09:23:58 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
[2011.12.20 09:23:56 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
[2011.12.20 09:23:59 | 000,002,592 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
[2011.12.20 09:23:54 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ehDRMInit
[2011.12.20 09:23:57 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\InstallPlayReady
[2011.12.20 09:23:39 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\mcupdate
[2011.12.20 09:23:43 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[2011.12.20 09:23:40 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[2011.12.20 09:23:53 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURActivate
[2011.12.20 09:23:52 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2011.12.20 09:23:53 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscovery
[2011.12.20 09:23:50 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
[2011.12.20 09:23:51 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
[2011.12.20 09:23:44 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
[2011.12.20 09:23:40 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
[2011.12.20 09:23:42 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrScheduleTask
[2011.12.20 09:23:47 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RecordingRestart
[2011.12.20 09:23:56 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RegisterSearch
[2011.12.20 09:23:58 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
[2011.12.20 09:23:41 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
[2011.12.20 09:23:55 | 000,002,736 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\UpdateRecordPath
[2009.07.14 01:53:33 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009.07.14 01:53:33 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2011.12.20 09:23:38 | 000,003,576 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MobilePC\HotStart
[2009.07.14 01:54:22 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MUI\LPRemove
[2009.07.14 01:57:07 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009.07.14 01:54:39 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2011.12.20 09:27:55 | 000,004,082 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Offline Files\Background Synchronization
[2011.12.20 09:23:30 | 000,003,058 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Offline Files\Logon Synchronization
[2009.07.14 01:55:03 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009.07.14 01:53:47 | 000,003,752 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009.07.14 01:57:07 | 000,004,370 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RAC\RacTask
[2009.07.14 01:49:35 | 000,003,052 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Ras\MobilityManager
[2009.07.14 01:54:36 | 000,003,956 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009.07.14 01:57:09 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2022.10.14 08:04:50 | 000,004,138 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Setup\EOSNotify
[2022.10.14 08:04:51 | 000,003,888 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Setup\EOSNotify2
[2009.07.14 01:57:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009.07.14 02:09:03 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2011.12.20 09:23:34 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\AutoWake
[2011.12.20 09:23:36 | 000,003,612 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\GadgetManager
[2022.08.21 16:26:56 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SessionAgent
[2022.08.21 16:27:11 | 000,003,792 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2009.07.14 01:49:17 | 000,003,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009.07.14 02:01:13 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SystemRestore\SR
[2009.07.14 01:53:50 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Task Manager\Interactive
[2009.07.14 01:53:21 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009.07.14 01:53:21 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009.07.14 01:53:46 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009.07.14 01:49:48 | 000,003,388 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009.07.14 01:49:26 | 000,001,730 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009.07.14 01:53:37 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009.07.14 01:49:24 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WDI\ResolutionHost
[2022.12.14 23:02:07 | 000,004,364 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
[2022.12.14 23:02:08 | 000,004,362 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
[2009.07.14 01:49:16 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009.07.14 01:49:42 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2010.11.20 23:53:42 | 000,004,330 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2022.11.06 02:08:38 | 000,003,530 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2018.11.15 17:52:35 | 000,003,540 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Wininet\CacheTask
[2022.12.19 21:46:32 | 000,004,576 | ---- | M] () -- C:\Windows\SysNative\tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.* /90 >[/color]

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\GAC\*.* /S /MD5 >[/color]
[2022.08.21 20:00:16 | 000,110,592 | ---- | M] () MD5=7ECB661F50F34A941A44DAC7241F7D08 -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
[2022.08.21 20:02:08 | 000,000,196 | ---- | M] () MD5=44300D5320DA9FE1A79F85D3CC8369AB -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2022.08.21 20:00:15 | 000,065,536 | ---- | M] () MD5=BA073EDDE13179DA2DEFF264C2A272AB -- C:\Windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
[2022.08.21 20:02:08 | 000,000,195 | ---- | M] () MD5=19B3B194049ED86FA5D9F6EB31556E80 -- C:\Windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2022.08.21 20:00:17 | 000,004,608 | ---- | M] () MD5=74C8987F1B2549E1DF3EB3874B68ECAC -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
[2022.08.21 20:02:08 | 000,000,204 | ---- | M] () MD5=B020031BAAF51236A37136B9198E0ECC -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2022.08.21 20:00:15 | 001,215,328 | ---- | M] () MD5=11CD947E77F4B91E61EFDCF7DD1A8766 -- C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
[2022.08.21 20:02:20 | 000,000,197 | ---- | M] () MD5=518608D6F97FAB45E5D610E3793EF228 -- C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2022.08.21 20:00:15 | 000,082,784 | ---- | M] () MD5=523E4CC118AD2751A6A6C0EA3CC08F70 -- C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2022.08.21 20:02:20 | 000,000,199 | ---- | M] () MD5=3689B8AC7230590BB996DD400FA24139 -- C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2022.08.21 20:00:11 | 000,031,560 | ---- | M] () MD5=038334CD1EFE7B2CB5684B09AF39F666 -- C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
[2022.08.21 20:02:20 | 000,000,197 | ---- | M] () MD5=D4A0EA981874B9885745A2F6E62C273A -- C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2009.07.14 01:55:04 | 000,356,352 | ---- | M] () MD5=DD2EB5E64619613C4C108CFB192F4950 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009.07.14 01:55:04 | 000,000,325 | ---- | M] () MD5=3A74C27634435F509DC024FEEBE670E5 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2009.07.14 01:55:04 | 000,516,096 | ---- | M] () MD5=A02EE61542CAAE25F8A44C9428D30247 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll
[2009.07.14 01:55:04 | 000,000,328 | ---- | M] () MD5=FAF707724A740277714E33A65F4995BF -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini
[2022.08.21 20:00:16 | 008,007,680 | ---- | M] () MD5=5440EE9CD44616D60CDE57EBDB286E95 -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
[2022.08.21 20:02:08 | 000,000,207 | ---- | M] () MD5=1FF29DC2A2197D5984E5D418C904D3DF -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2022.08.21 20:00:11 | 000,016,712 | ---- | M] () MD5=8CB3CF3CDD7E41FAE6D0CBF94F00DEF5 -- C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
[2022.08.21 20:02:20 | 000,000,225 | ---- | M] () MD5=0C4DC2E9F3A0B42477BA5BFCA042ACF7 -- C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 19:59:55 | 000,080,696 | ---- | M] () MD5=54582B7054EAD1EFBF9F0A8218B61C4B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
[2022.08.21 20:02:20 | 000,000,224 | ---- | M] () MD5=553A1D17C8B2C73D599EC156ACA6CB7D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:03 | 001,612,592 | ---- | M] () MD5=F653D1F20A2EC194EAEC6E59435C5C7B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
[2022.08.21 20:02:08 | 000,000,220 | ---- | M] () MD5=BD77A7B56575BAF85941BF1AB5589890 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 20:00:17 | 001,279,864 | ---- | M] () MD5=A30331358FA33B3C7FDB972D802F57C4 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
[2022.10.04 20:03:41 | 000,000,219 | ---- | M] () MD5=1F7EE91CD8AE8A1CBF71624227DB3D63 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 19:59:51 | 000,149,368 | ---- | M] () MD5=3AF754C16AF954DB7367FB39C3739387 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
[2022.10.04 20:03:41 | 000,000,219 | ---- | M] () MD5=2E0B0F90BA89FA1EDCC289688BF58A7B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:11 | 000,404,296 | ---- | M] () MD5=604DE0F15138665E4108B986F0FDD94B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
[2022.08.21 20:02:20 | 000,000,232 | ---- | M] () MD5=0AFFE8E498124664ADDFAB6632A93927 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,088,896 | ---- | M] () MD5=B1CD282FBEF31E321F48E103E2840DD0 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
[2022.08.21 20:02:20 | 000,000,226 | ---- | M] () MD5=0A56011D14E56BA6037C48FAE6064F2B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,146,232 | ---- | M] () MD5=9A0E901BACEF14628977517AA002C765 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
[2022.08.21 20:02:20 | 000,000,222 | ---- | M] () MD5=CCC7961EC6B4CEF20C4A41E1BFF5CF78 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:09 | 000,017,208 | ---- | M] () MD5=5B8B3F76720166BF777A6AD38D12010F -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
[2022.08.21 20:02:20 | 000,000,221 | ---- | M] () MD5=7C1C66BFBB15C0B3C1B9AFEEE2986CF8 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,920,376 | ---- | M] () MD5=5CBE57423C5CAFAA11B50E5C25DAE19D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
[2022.08.21 20:02:20 | 000,000,221 | ---- | M] () MD5=6B6872FAF93931EA6EB4F2E1E30A37D4 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 20:00:23 | 000,034,696 | ---- | M] () MD5=7E181C30E192223908BBF509AB827B41 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
[2022.10.04 20:03:43 | 000,000,228 | ---- | M] () MD5=2C6E214F297382A5343D10D8D8ED62C6 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 20:59:15 | 000,360,200 | ---- | M] () MD5=AB7A28BEDBF9CCE0CB58837545790066 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
[2022.10.04 20:59:17 | 000,000,224 | ---- | M] () MD5=2E033FF3FDFA30D8599E4694CBC12452 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,232,248 | ---- | M] () MD5=0944C6C65C258A4BE89605D666DE5880 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
[2022.08.21 20:02:20 | 000,000,223 | ---- | M] () MD5=89274E3F135691355EBD73770EAFF34D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,020,280 | ---- | M] () MD5=8DE09C912BF57F3A8C1CE68734731BA4 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
[2022.08.21 20:02:20 | 000,000,222 | ---- | M] () MD5=B73ACB18CA60A159357E6E46F60F0B6B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 20:00:29 | 000,870,256 | ---- | M] () MD5=54719FDC6A752DC78B364A3980DBC2E9 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
[2022.10.04 20:03:44 | 000,000,218 | ---- | M] () MD5=2A6411671028D5A543646989CB01DBD8 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:15 | 000,013,312 | ---- | M] () MD5=D80746B2F94A3A28E380735D4B8A9EA3 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
[2022.08.21 20:02:08 | 000,000,210 | ---- | M] () MD5=A57C6028DAE8D855FFC2BBC2D6E57246 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,371,496 | ---- | M] () MD5=BA4FB255E3887A039CB74A5870192220 -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
[2022.08.21 20:02:20 | 000,000,216 | ---- | M] () MD5=E9A3D4644D3B7C20C5EE60970BC5681C -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 19:59:56 | 000,063,336 | ---- | M] () MD5=B60C87E3CD3ACFA71DAD8145C66D6E9C -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
[2022.10.04 20:03:24 | 000,000,210 | ---- | M] () MD5=F4663120ABF3E8FF67D7AAF33BD68EDF -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:15 | 000,229,376 | ---- | M] () MD5=FDA48714F6A291E25A1A219E89D59D9B -- C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
[2022.08.21 20:02:20 | 000,000,200 | ---- | M] () MD5=481E504FBEA25FBF5408DB65F44FA5FA -- C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2022.08.21 20:00:16 | 000,004,096 | ---- | M] () MD5=AAA2E20588E154A10747BF1B31B55125 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
[2022.08.21 20:02:08 | 000,000,200 | ---- | M] () MD5=C1F5FADD74964959FC4394832BBC3E59 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
[2022.08.21 20:00:04 | 000,416,544 | ---- | M] () MD5=A74A9A50110E5F5B3AD0B2DCBDB1E6E8 -- C:\Windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
[2022.08.21 20:02:08 | 000,000,195 | ---- | M] () MD5=67CB36A8928117AA046DA806B545C159 -- C:\Windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 19:59:54 | 000,000,900 | ---- | M] () MD5=3D144BF3BA28D9E2BEDBA405FA672780 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.config
[2022.08.21 19:59:54 | 000,012,104 | ---- | M] () MD5=3BBBF705C91C7F399A073D96A4AE304A -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
[2022.08.21 20:02:08 | 000,000,232 | ---- | M] () MD5=F14297FB0C6A046E4FB77263CBE167AF -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 19:59:55 | 000,000,898 | ---- | M] () MD5=DCC5E6E13187570656FB60EBB51751A8 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.config
[2022.08.21 19:59:55 | 000,012,096 | ---- | M] () MD5=9310D21A839AED88A1DBC3C7ACE562D5 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
[2022.08.21 20:02:20 | 000,000,231 | ---- | M] () MD5=A2AD17395886B306688B50016EB15F43 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:05 | 000,000,898 | ---- | M] () MD5=CC9313747F69E39B66D6B7EFE22FD328 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.config
[2022.08.21 20:00:05 | 000,012,096 | ---- | M] () MD5=F90C96528648E9DD29318D7D2D86CAD2 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
[2022.08.21 20:02:20 | 000,000,231 | ---- | M] () MD5=C05A5B2C34730C701E5FF841BA731289 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:11 | 000,000,912 | ---- | M] () MD5=8A8FAFB921AFF270260924C1D31CE163 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.config
[2022.08.21 20:00:11 | 000,012,616 | ---- | M] () MD5=EC7F771DBC984954E076D03F055E0DBF -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
[2022.08.21 20:02:20 | 000,000,238 | ---- | M] () MD5=8352AC255CC3F25FDF9AF1FECC8BD6F3 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:11 | 000,000,904 | ---- | M] () MD5=577D9B55DE8E70B51042ED8124D55C18 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.config
[2022.08.21 20:00:11 | 000,012,616 | ---- | M] () MD5=5B97D1FFA46C9CF752FA8164AB171C56 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
[2022.08.21 20:02:20 | 000,000,234 | ---- | M] () MD5=8F1C69873B1ADCE21B3005A52A6921BA -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:09 | 000,000,902 | ---- | M] () MD5=E2724C2DF4C312D34E4A7BCABBDD5AB6 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.config
[2022.08.21 20:00:09 | 000,012,104 | ---- | M] () MD5=2EE2F1AD6A3B6317D045D2C31F6FEF65 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
[2022.08.21 20:02:20 | 000,000,233 | ---- | M] () MD5=A1C0A9578F9D8E0FCA9A4440070F31B0 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:09 | 000,000,916 | ---- | M] () MD5=DA6AC9B205A7A7FF0AB028049FD3AEA1 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.config
[2022.08.21 20:00:09 | 000,012,632 | ---- | M] () MD5=DB1CC715650EC69FA2B20042B2DC6B5B -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
[2022.08.21 20:02:20 | 000,000,240 | ---- | M] () MD5=47440CFB37970DEFA6E164D85EE5491B -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:09 | 000,000,908 | ---- | M] () MD5=49E684EE5FF535D8FF08056769A9F9E6 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.config
[2022.08.21 20:00:09 | 000,012,112 | ---- | M] () MD5=7B83E0B58C4B24F05EBC52A4C18C3F51 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
[2022.08.21 20:02:20 | 000,000,236 | ---- | M] () MD5=0732C831A80A3285F4BC43E9A99FA695 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:10 | 000,000,906 | ---- | M] () MD5=1B1C62C31CB95E0E1D20FF7F4EE99A34 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.config
[2022.08.21 20:00:10 | 000,012,104 | ---- | M] () MD5=554DA52E16EAB6C18D003C0157BE0DD3 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
[2022.08.21 20:02:20 | 000,000,235 | ---- | M] () MD5=B3B78A70350941D7D6992D5142275669 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:08 | 000,000,904 | ---- | M] () MD5=AC1B446DC4969CE1D3F605D9CE098DDB -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.config
[2022.08.21 20:00:08 | 000,012,104 | ---- | M] () MD5=B99AE7A2293A8112DF87E6729515FD79 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
[2022.08.21 20:02:20 | 000,000,234 | ---- | M] () MD5=5BB6353688749A80AFAACCAF96E47D90 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.10.04 20:00:25 | 000,000,896 | ---- | M] () MD5=33324BF6E22A322816FD4C1C58BB032C -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.config
[2022.10.04 20:00:25 | 000,011,144 | ---- | M] () MD5=2CE989B779144889EA1F30A046DF13CB -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
[2022.10.04 20:03:45 | 000,000,230 | ---- | M] () MD5=314847472C40A8C3574130C873856447 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:08 | 000,000,880 | ---- | M] () MD5=AEEFC22DA8D1EBBA43AC2E8B0599DFE3 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.config
[2022.08.21 20:00:08 | 000,012,080 | ---- | M] () MD5=DDC9DC5962B242946B9B34F42BDDC398 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
[2022.08.21 20:02:08 | 000,000,222 | ---- | M] () MD5=6858EED9F1E635424819A33C09216066 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:08 | 000,000,850 | ---- | M] () MD5=5717939AB3C1CFFDF93DDC9A14856755 -- C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.office.config
[2022.08.21 20:00:08 | 000,011,544 | ---- | M] () MD5=25C1AFE1050B92C314F444982223F0A3 -- C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
[2022.08.21 20:02:08 | 000,000,207 | ---- | M] () MD5=87E5482AB75316992F4DF1FF04ACD317 -- C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini
[2022.08.21 20:00:15 | 000,016,384 | ---- | M] () MD5=E1EEB7E26AB04075EECC7275239B20B3 -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
[2022.08.21 20:02:08 | 000,000,197 | ---- | M] () MD5=FC75E46DA5B9F9263B958C7B027ACBFC -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.* /S /MD5 >[/color]
[2009.07.13 22:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll
[2010.11.21 00:25:07 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2014.03.20 19:49:17 | 000,069,120 | ---- | M] () MD5=9E19C88C388985D7C47038317DAE0228 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2009.07.13 22:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
[2009.07.13 18:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
[2014.03.20 19:49:17 | 000,072,192 | ---- | M] () MD5=742A9A0D7910C5BFE74BCBD2AE35601D -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010.11.21 00:25:07 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2010.11.21 04:06:30 | 000,090,112 | ---- | M] () MD5=7643FE2D5D8DC339868BD4D952E0F385 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll
[2010.11.21 00:25:06 | 000,189,952 | ---- | M] () MD5=38D88B9F15909C5EB12543B9ADD60665 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll
[2010.11.21 00:25:06 | 000,145,920 | ---- | M] () MD5=7473DCFFD01F73BA2B2621555B02E09A -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll
[2009.07.13 22:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009.07.13 22:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2022.10.04 20:54:12 | 000,117,160 | ---- | M] () MD5=569124F95660007F8C470D00A96CBD7D -- C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
[2009.07.13 22:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll
[2014.03.09 18:47:42 | 000,163,840 | ---- | M] () MD5=A04EC43FA40362481F69A6C757398948 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2022.08.21 20:00:18 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009.07.13 22:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2009.06.10 18:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009.06.10 18:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009.06.10 18:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009.06.10 18:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009.06.10 18:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2019.03.29 10:04:45 | 004,558,848 | ---- | M] () MD5=6C3B33CD1521D2696196E9EDE9BB1E25 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009.06.10 18:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009.06.10 18:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009.06.10 18:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009.06.10 18:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009.06.10 18:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009.06.10 18:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009.06.10 18:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009.06.10 18:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009.06.10 18:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009.06.10 18:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010.11.21 00:24:32 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010.11.21 00:23:48 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009.07.13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2009.07.13 22:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2009.06.10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009.07.13 22:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009.06.10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009.07.13 22:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009.07.13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2009.07.13 22:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2009.07.13 19:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009.07.13 22:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2019.12.10 03:16:45 | 004,222,976 | ---- | M] () MD5=A3C81F79853FE189EE50084E4E6896F6 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009.06.10 18:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2019.12.10 03:16:46 | 001,747,952 | ---- | M] () MD5=BA9BA35A34DE7916FCA8640B9A4D0902 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2014.03.20 19:49:19 | 000,486,400 | ---- | M] () MD5=469D49F42B827F18DC679336C9167075 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2017.04.06 10:05:04 | 002,975,744 | ---- | M] () MD5=96AB3756AB2EDE80BC5B37BAA424045A -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2014.03.20 19:49:20 | 000,258,048 | ---- | M] () MD5=55B31298D64466EFE349F7C6E5F30EF5 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2014.07.01 23:50:29 | 000,113,664 | ---- | M] () MD5=E7A008C39813138A60F1DBF0C533F6BA -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2019.12.10 03:16:46 | 000,372,736 | ---- | M] () MD5=021C3DC07A21C72DF8D8BA5E87EA67F9 -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2014.03.04 02:57:21 | 000,261,632 | ---- | M] () MD5=8336A3A549B46E789DE798070B61D3DE -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2017.04.07 10:05:29 | 005,287,936 | ---- | M] () MD5=DCE62FB7B96BC92C3B8B0E8EC00C9F6D -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.* /S /MD5 >[/color]
[2009.07.13 22:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll
[2010.11.21 00:24:42 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2014.03.20 19:50:30 | 000,080,896 | ---- | M] () MD5=4EC8247BB1DB0BCFDC96669B7AB17B16 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2014.03.20 19:50:30 | 000,089,600 | ---- | M] () MD5=F08B460FE242588A3A5A9E975C813E44 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010.11.21 00:24:42 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2017.12.31 23:21:54 | 000,198,656 | ---- | M] () MD5=FB01B3AD3C8B4A5E8D3247B31AFA169D -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
[2010.11.21 00:24:42 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2010.11.21 04:06:30 | 000,090,112 | ---- | M] () MD5=36FC4413674DEE77D586535E7075ACB4 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll
[2010.11.21 00:24:41 | 000,196,096 | ---- | M] () MD5=6E1F814CEEFC54E14DDBA66415823CFE -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll
[2010.11.21 00:24:41 | 000,151,040 | ---- | M] () MD5=63A87E4AEF8F906BABEF2612C2A00586 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll
[2009.07.13 22:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009.07.13 22:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2011.08.17 02:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
[2010.11.21 00:24:42 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
[2010.11.21 00:24:42 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
[2010.11.21 00:24:42 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
[2010.11.21 00:24:42 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2009.07.13 22:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll
[2014.03.09 18:48:51 | 000,163,840 | ---- | M] () MD5=FBBD9303B286C2ECA65118D2EC802CC0 -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2009.07.13 22:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2010.11.21 00:24:49 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010.11.21 00:24:59 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009.06.10 17:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009.06.10 17:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009.06.10 17:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009.06.10 17:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2019.03.29 10:04:57 | 004,575,232 | ---- | M] () MD5=A8CA64A15E08FFCB6D59AB4707EC1C12 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009.06.10 17:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009.06.10 17:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009.06.10 17:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009.06.10 17:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009.06.10 17:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009.06.10 17:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009.06.10 17:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009.06.10 17:40:02 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009.06.10 17:40:02 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009.06.10 17:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010.11.21 00:24:16 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010.11.21 00:24:24 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009.06.10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009.07.13 22:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009.06.10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009.07.13 22:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009.07.13 18:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009.07.13 22:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2019.12.10 03:17:01 | 004,006,400 | ---- | M] () MD5=C0B297E6D35AB4B0E2F142F1D3C8C42B -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009.06.10 17:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2019.12.10 03:17:01 | 002,265,888 | ---- | M] () MD5=8C38BCBA1ADE01BAD271188BBCD526A0 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2014.03.20 19:50:32 | 000,502,272 | ---- | M] () MD5=7332793F735C21F83B1810D1F553991C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2017.04.06 10:05:23 | 003,150,336 | ---- | M] () MD5=FCE86BE1D62137E6D0F1C894BE567A0F -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2014.03.20 19:50:33 | 000,245,760 | ---- | M] () MD5=F42BCE391F2B92F9A08DDB0787FA8FDB -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2014.03.20 19:50:33 | 000,133,120 | ---- | M] () MD5=284335FE5C62E1681D3A63742DF5CD23 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2019.12.10 03:17:01 | 000,358,400 | ---- | M] () MD5=05EA260F7CF40C067FA1E2D246D4AB3A -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2014.03.04 02:58:33 | 000,283,136 | ---- | M] () MD5=B4226208E9B1D38A749652036D675FD0 -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2017.04.07 10:05:50 | 005,296,128 | ---- | M] () MD5=804D84AA2AA138DCB1784C68636C69A6 -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >[/color]
[2022.10.11 21:08:59 | 000,860,160 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-6d3cb70b.exe
[2022.10.11 20:16:52 | 000,000,000 | -H-- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-43-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock
[2022.12.25 02:54:03 | 000,390,060 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log
[2022.11.10 23:39:03 | 000,026,236 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpSigStub.log

[color=#A23BEC]< %systemdrive%\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.* >[/color]

[color=#A23BEC]< %systemdrive%\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.* >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s >[/color]
"auditbaseobjects" = 0
"auditbasedirectories" = 0
"crashonauditfail" = 0
"fullprivilegeauditing" = [binary data]
"Bounds" = 0 [binary data]
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2010.11.21 00:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation)
"Security Packages" = kerberosmsv1_0schannelwdigesttspkgpku2u [binary data]
"Authentication Packages" = msv1_0 [binary data] -- [2020.01.03 00:38:26 | 000,261,632 | ---- | M] (Microsoft Corporation)
"LsaPid" = 588
"SecureBoot" = 1
"ProductType" = 6
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 1
"restrictanonymous" = 0
"restrictanonymoussam" = 1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"MartaExtension" = ntmarta.dll -- [2009.07.13 22:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation)
"ProviderOrder" = Windows NT Access Provider [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath" = %SystemRoot%\system32\ntmarta.dll -- [2009.07.13 22:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\AuditPolicy]
"AuditPolicySD" = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 0F 41 2E F2 47 F9 08 4E 8F 2A 8F 65 DF 60 3F 8D 00 00 00 20 1C 00 00 00 41 00 75 00 64 00 69 00 74 00 50 00 6F 00 6C 00 69 00 63 00 79 00 53 00 44 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 52 60 40 24 5E 30 6A 9D 5A 56 93 B0 DC 1B 7D 38 6D 47 11 24 6C BB 7A A8 C7 74 20 17 73 69 BD EA 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 E3 1A 4B 3A 21 86 6F B1 AC 07 01 F7 2B 2E E3 6E 1F C9 DE 1C 98 C0 35 AB 80 EB B9 88 AA D8 9D B0 70 00 00 00 C7 D2 05 CA D2 E5 79 20 D6 FC C6 A9 D1 77 97 3B C0 DF C7 36 2E 19 49 93 FA 64 C1 34 6A F5 EB 45 95 46 21 01 E5 8D 9D 12 7E 86 E1 FD EF E6 C2 CD BE E2 AD FD 33 7F DF B8 B9 2E 7B 0E AC E5 95 32 13 38 1C C5 1D 58 5C F7 9A 13 31 AA 38 17 98 9F AE CD 35 8C 9B FF 54 20 99 B1 B8 4A 05 34 AC 92 3C FD 32 7B BE 01 CD 9A 8D 8A BD 3E 85 D2 9F 86 40 00 00 00 BB 99 42 A6 FF 3F 51 C8 FE DC 26 61 D8 D7 7D D6 E6 7D FD B8 BA 43 4F 0E 5F 48 53 6B 43 AE 35 E6 46 8D 9D D7 19 5E 0D 63 1C 9C DF 0E 2E D4 F5 D7 71 18 EB 92 4A 7C 49 1E 9A 41 F8 EC 00 F0 47 3C [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp]
"DebugLogLevel" = 0
"fCredentialLessLogonSupported" = 1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnlyDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyDefaultCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyDefaultCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyFreshCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenyFreshCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenySavedCredentials]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp\PolicyDefaults\DenySavedCredentialsDomain]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern" = 70 AC E8 98 87 CE CA 04 EC 21 2E 4A 6C 9A 5F 06 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy]
"Enabled" = 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup" = 15 D9 52 63 4F AC E4 33 9C [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup" = FC 81 AF ED 8E 46 [binary data] -- [2009.07.13 22:14:20 | 000,019,968 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\HostToRealm]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Parameters]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132" = IISSUBA
"NtlmMinClientSec" = 536870912
"NtlmMinServerSec" = 536870912
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix" = 53 2A 86 40 38 AC C3 47 9A 0C 35 F8 F4 AB AF 72 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL" = http://www.passport.com
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time" = E8 7E 37 77 BC DF D8 01 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\credssp.dll]
"Name" = CREDSSP
"Comment" = Microsoft CredSSP Security Provider
"Capabilities" = 67379
"RpcId" = 65535
"Version" = 1
"TokenSize" = 37032
"Time" = 00 D3 44 8B E6 C1 D5 01 [binary data]
"Type" = 33

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"DefaultPackCorrection" = 1
"DefaultPackNTCorrection" = 1
"KnownProvidersUpgradeTime" = 74 43 77 39 9E B9 D8 01 [binary data]
"DownloadRetries" = 4
"Version" = 4
"UpgradeTime" = 4E 4E ED C1 D6 C3 D8 01 [binary data]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings >[/color]
"IE5_UA_Backup_Flag" = 5.0
"User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName" = User@
"PrivDiscUiShown" = 1
"EnableHttp1_1" = 1
"WarnOnIntranet" = 1
"MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy" = wininet.dll -- [2019.12.16 20:43:02 | 004,387,840 | ---- | M] (Microsoft Corporation)
"UseSchannelDirectly" = 01 00 00 00 [binary data]
"WarnOnPost" = 01 00 00 00 [binary data]
"UrlEncoding" = 0
"SecureProtocols" = 2688
"PrivacyAdvanced" = 0
"ZonesSecurityUpgrade" = E2 78 F5 FF 93 B5 D8 01 [binary data]
"DisableCachingOfSSLPages" = 0
"WarnonZoneCrossing" = 0
"CertificateRevocation" = 1
"EnableNegotiate" = 1
"MigrateProxy" = 1
"ProxyEnable" = 0
"SyncMode5" = 0
"ProxyHttp1.1" = 1
"ShowPunycode" = 0
"EnablePunycode" = 1
"DisableIDNPrompt" = 0
"EnforceP3PValidity" = 0
"WarnonBadCertRecving" = 1
"WarnOnPostRedirect" = 1
"EnableAutodial" = 1
"NoNetAutodial" = 1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List >[/color]

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009.07.13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2015.04.11 01:31:36 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=43DCEC23557C32F7702C8D5BC729738F -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2019.11.14 22:45:25 | 000,327,680 | ---- | M] (Microsoft Corporation) MD5=4B3A70E412A7A18A4DBA277251E85BCF -- C:\Windows\SysNative\services.exe
[2019.11.14 22:45:25 | 000,327,680 | ---- | M] (Microsoft Corporation) MD5=4B3A70E412A7A18A4DBA277251E85BCF -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.24537_none_2dfc7d69fd13feb8\services.exe
[2015.04.13 00:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe

[color=#A23BEC]< %windir%\tasks\*.* /s >[/color]
[2022.12.25 02:38:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2022.10.15 14:22:17 | 000,032,614 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< End of report >

Publicité

Signaler le contenu de ce document

Publicité