Get rid of the hit.gemius.pl PUP

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

Unzip it to the Desktop!!

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"

[IMG alt=“icon2.jpg”]https://pchelpforum.net/attachments/icon2-jpg.794/

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

[IMG alt=“frst disclaimer.jpg”]https://pchelpforum.net/attachments/...aimer-jpg.795/
[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][/ol]
[IMG alt=“frst.jpg”]https://pchelpforum.net/attachments/frst-jpg.796/

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

[IMG alt=“2016-08-12_152002.jpg”]https://pchelpforum.net/attachments/...52002-jpg.797/

Please Copy and Paste the contents of these logs in your next post for review by our Security Team[/IMG]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019
Ran by Administrátor (administrator) on DESKTOP-V6VDE39 (09-07-2019 01:07:10)
Running from C:\Users\Administrátor\Desktop
Loaded Profiles: Administrátor (Available Profiles: Administrátor & Administrator)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: Czech (Czech Republic)
Default browser: “C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe” – “%1”
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19 041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.ex e
(Adobe Systems, Incorporated → Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions → Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Curio Systems GmbH → Curio Systems GmbH) C:\Program Files\Exterminate It!\ExterminateIt.exe
(Disc Soft Ltd → Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(IObit Information Technology → IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Kaspersky Lab → AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Kaspersky Lab → AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Malwarebytes Corporation → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation → NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Pandora TV Co., Ltd. → ) C:\Program Files\KMPlayer 64X\KMPLoading.exe
(Pandora TV Co., Ltd. → KMPlayer Team) C:\Program Files\KMPlayer 64X\KMPlayer64.exe
(Piriform Software Ltd → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Power Software Limited → Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(VIA Technologies Inc. → VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKLM...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
HKLM...\Run: [AvastUI.exe] => “C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui
HKLM...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (Heidi Computers Ltd → The Eraser Project)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. → Oracle Corporation)
HKLM-x32...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2018-11-22] (Power Software Limited → Power Software Ltd)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd → Disc Soft Ltd)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\MountPoints2: {aa2e3823-ad33-11e8-9346-00252281e08d} - “G:\setup.exe”
HKLM...\Drivers32: [msacm.vorbis] => c:\windows\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM...\Drivers32: [vidc.mjpg] => c:\windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company → )
HKLM...\Drivers32: [vidc.mpeg] => c:\windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company → )
HKLM...\Drivers32: [msacm.bdmpeg] => c:\windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company → )
HKLM...\Drivers32: [msacm.vorbis] => c:\windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company → )
HKLM...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company → )
HKLM...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company → )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Inst aller\chrmstp.exe [2019-06-18] (Google LLC → Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05F42D32-9EC0-4F0E-B32E-66114E0F58D9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. → AVAST Software)
Task: {2CEF0869-1D33-4792-8B09-C3305C4D2542} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14680792 2019-02-12] (Piriform Software Ltd → Piriform Software Ltd)
Task: {3DF7C0CB-9E09-4E11-9E51-8B65EA1C5D71} - System32\Tasks\Microsoft\VisualStudio\Updates\Back groundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services \Microsoft.VisualStudio.Setup.Service\BackgroundDo wnload.exe [72848 2019-06-28] (Microsoft Corporation → Microsoft Corporation)
Task: {4BBFDF0C-BAD3-4721-AE72-4D81A1A2A816} - System32\Tasks\CreateExplorerShellUnelevatedTask => c:\windows\explorer.exe /NOUACCHECK
Task: {805FCD48-5B6D-4A6E-A838-4FB241EBDD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-18] (Google Inc → Google Inc.)
Task: {810EDDAA-1D4C-48DC-8841-81C201FD9ABF} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [160448 2012-11-07] (ASUSTeK Computer Inc. → ASUSTek Computer INC.)
Task: {9855F24C-596B-48C3-BC07-6D0163E87EFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2019-06-12] (Adobe Inc. → Adobe)
Task: {B6D53096-86AD-4A04-A373-8078902904A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
Task: {B7155950-E9D7-46BB-9E75-66715B371441} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd → Piriform Software Ltd)
Task: {BF5269B0-5CDF-4DE3-9654-F545D0FDD30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-18] (Google Inc → Google Inc.)
Task: {C1E4DC7E-B724-4494-B496-3BBAC9E6689C} - System32\Tasks\Uninstaller_SkipUac_Administrátor => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5020944 2018-08-08] (IObit Information Technology → IObit)
Task: {E0D2D6F9-DCB3-48BD-8B64-E286549AEC88} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3472240800-3569865723-1055443696-1001 => C:\Users\Administrátor\AppData\Local\MEGAsync\MEGA updater.exe [760696 2018-01-15] (Mega Limited → Mega Limited)
Task: {FBA557C2-0C46-4054-B48C-7C0A5E39F457} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_207_pepper.exe [1452600 2019-06-12] (Adobe Inc. → Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor .job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip..\Interfaces{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}: [DhcpNameServer] 192.168.0.1 192.168.0.1
[HEADING=1]Internet Explorer:[/HEADING]
BHO: ExplorerWnd Helper → {10921475-03CE-4E04-90CE-E2E7EF20C814} → C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology → IObit)
BHO: Kaspersky Protection → {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} → C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-07] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-07] (Oracle America, Inc. → Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
[HEADING=1]Edge:[/HEADING]
Edge Extension: (Adblock Plus) → 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_ne utral__d55gg7py3s0m0 [2019-05-02]
[HEADING=1]FireFox:[/HEADING]
FF HKLM...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E...asp ersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-15]
FF HKLM-x32...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E...asp ersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.4 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN → VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 → C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1 .dll [2018-11-07] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 → C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-07] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc → Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc → Google LLC)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. → Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default [2019-07-05]
CHR Extension: (Ochrana Kaspersky) - C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\Extensions\amkpcclbbgegoafihnpgomddad jhcadd [2018-11-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2019-06-19]
CHR Profile: C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\System Profile [2019-06-19]
CHR HKLM...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab → AO Kaspersky Lab)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2307768 2016-05-11] (Comodo Security Solutions → Comodo)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd → Disc Soft Ltd)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [149776 2018-06-28] (IObit Information Technology → IObit)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation → Microsoft Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2018-11-29] (Kaspersky Lab → AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation → Malwarebytes)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [46736 2015-09-11] (VIA Technologies Inc. → VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation → Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation → Microsoft Corporation)
S2 avast! Antivirus; “C:\Program Files\AVAST Software\Avast\AvastSvc.exe”
S2 NGIService; “C:\Program Files (x86)\Common Files\McAfee\NGI\Service\NGIService.exe” StartAsNGIService
R2 NVDisplay.ContainerLocalSystem; “C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe” -s NVDisplay.ContainerLocalSystem -f “C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSys tem.log” -l 3 -d “C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSyste m” -r -p 30000
R2 NvTelemetryContainer; “C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe” -s NvTelemetryContainer -f “C:\ProgramData\NVIDIA\NvTelemetryContainer.log” -l 3 -d “C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins” -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [13848 2018-08-18] (Microsoft Windows Hardware Compatibility Publisher → Advanced Micro Devices Inc.)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-12-28] (Microsoft Windows Early Launch Anti-malware Publisher → AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R3 CMUACWO; C:\Windows\system32\DRIVERS\CMUACWO.sys [189952 2012-07-13] (C-MEDIA ELECTRONICS INC. → C-Media Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab → AO Kaspersky Lab)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2018-08-31] (Disc Soft Ltd → Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation → Malwarebytes)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-08-20] (Martin Malik - REALiX → REALiX™)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-08-18] (Martin Malik - REALiX → REALiX™)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sy s [37184 2018-05-12] (IObit Information Technology → IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.s ys [43392 2018-05-15] (IObit Information Technology → IObit)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [125568 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher → AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-06-03] (Kaspersky Lab → AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1093248 2019-06-03] (Kaspersky Lab → AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197464 2019-05-29] (Kaspersky Lab → AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-06-03] (Kaspersky Lab → AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-04-29] (Kaspersky Lab → AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-23] (Kaspersky Lab → AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [302368 2019-04-29] (Kaspersky Lab → AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [116104 2019-04-29] (Kaspersky Lab → AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [198768 2019-04-29] (Kaspersky Lab → AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-08] (Malwarebytes Corporation → Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-08] (Malwarebytes Corporation → Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-08] (Malwarebytes Corporation → Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-08] (Malwarebytes Corporation → Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-07-08] (Malwarebytes Corporation → Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation → NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1139424 2018-08-18] (Realtek Semiconductor Corp. → Realtek )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2019-06-29] (Adlice → )
S3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1995592 2018-07-16] (Suzhou Qingchen Information Technology Co Ltd. → ShiningMorning Inc.)
S3 VIAHdAudAddService; C:\Windows\system32\drivers\viahduaa.sys [701136 2015-09-11] (VIA Technologies Inc. → VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows → Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-09 01:07 - 2019-07-09 01:08 - 000028171 _____ C:\Users\Administrátor\Desktop\FRST.txt
2019-07-09 01:06 - 2019-07-09 01:07 - 000000000 ____D C:\FRST
2019-07-09 01:06 - 2019-07-09 01:06 - 002420224 _____ (Farbar) C:\Users\Administrátor\Desktop\FRST64(1).exe
2019-07-09 01:06 - 2019-07-09 01:06 - 001908496 _____ C:\Users\Administrátor\Downloads\FRST64(1).zip
2019-07-09 01:06 - 2019-07-09 01:06 - 000000000 ____D C:\Users\Administrátor\Desktop\FRST-OlderVersion
2019-07-09 00:57 - 2019-07-09 00:57 - 000000927 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2019-07-09 00:57 - 2019-07-09 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2019-07-09 00:55 - 2019-07-09 00:55 - 000002544 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admi nistrátor
2019-07-09 00:55 - 2019-07-09 00:55 - 000000326 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor .job
2019-07-08 23:55 - 2019-07-08 23:58 - 993102812 _____ C:\Users\Administrátor\Downloads\Demolice 1996 nef tv cz.avi
2019-07-08 23:50 - 2019-07-08 23:50 - 240172523 _____ C:\Users\Administrátor\Downloads\House on Hooter Hill (2007).mp4.51fobg5.partial
2019-07-08 22:10 - 2019-07-08 22:10 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-08 22:10 - 2019-07-08 22:10 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-08 22:10 - 2019-07-08 22:10 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-08 22:09 - 2019-07-08 22:09 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-08 21:58 - 2019-07-08 21:58 - 007025360 _____ (Malwarebytes) C:\Users\Administrátor\Desktop\adwcleaner_7.3.exe
2019-07-08 13:26 - 2019-07-08 13:26 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-08 13:26 - 2019-07-08 13:26 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-08 13:26 - 2019-07-08 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-08 13:26 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-07-08 13:26 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-07 22:41 - 2019-07-07 23:25 - 796084224 _____ C:\Users\Administrátor\Downloads\Vampire in Vegas-horor- 2009-CZdub od Aecek.avi
2019-07-07 21:33 - 2019-07-07 21:39 - 000000000 ____D C:\Users\Administrátor\Downloads\web
2019-07-06 23:43 - 2019-07-06 23:50 - 000000064 _____ C:\Users\Administrátor\Desktop\dnb new tracks.txt
2019-07-06 20:42 - 2019-07-06 20:42 - 063008316 _____ C:\Users\Administrátor\Downloads\Amoss - Rollpipe VIP [FREE TRACK] - labmaster1644.3.wav
2019-07-06 20:31 - 2019-07-06 20:31 - 078642396 _____ C:\Users\Administrátor\Downloads\Kyrist - Ill Skill VIP v4.1.wav
2019-07-06 20:25 - 2019-07-06 20:25 - 062022584 _____ C:\Users\Administrátor\Downloads[FREE GIVE AWAY ALBUM BONUS TRACK]. Amoss - Fathoms - AT Master.wav
2019-07-06 14:05 - 2019-07-06 14:05 - 051880000 _____ C:\Users\Administrátor\Downloads\The Upbeats - SSxUB - Solitaire (Ulterior Motive Remix).wav
2019-07-06 13:19 - 2019-07-06 13:19 - 000000697 _____ C:\Users\Administrátor\Desktop\akiko(2).txt
2019-07-05 23:18 - 2019-07-05 23:21 - 1028672588 _____ C:\Users\Administrátor\Downloads\Frankenweenie.Dom aci.mazlicek.(2012) CZ Dabing.avi
2019-07-05 23:15 - 2019-07-05 23:18 - 862280444 _____ C:\Users\Administrátor\Downloads\Aladin 2019 (CZ titulky kino).mkv
2019-07-05 16:04 - 2019-07-05 16:04 - 048112830 _____ C:\Users\Administrátor\Downloads\Mikal - Dub Machine - Mastered.wav
2019-07-05 15:50 - 2019-07-05 15:50 - 051258604 _____ C:\Users\Administrátor\Downloads\DNB France - SIGNS - Ketama.wav
2019-07-04 23:33 - 2019-07-04 23:33 - 021974406 _____ C:\Users\Administrátor\Downloads\NEST075.zip
2019-07-04 23:18 - 2019-07-04 23:19 - 000000078 _____ C:\Users\Administrátor\Desktop\techno.txt
2019-07-03 18:30 - 2019-07-03 18:35 - 1727907473 _____ C:\Users\Administrátor\Downloads\DNB France - FRENCH PLATES 2017.zip
2019-07-03 18:13 - 2019-07-03 18:13 - 072622210 _____ C:\Users\Administrátor\Downloads\YouKnowRight-1991.zip
2019-06-29 22:22 - 2019-06-29 22:24 - 827447534 _____ C:\Users\Administrátor\Downloads\Devítky 2007 Cz Dab.avi
2019-06-29 22:02 - 2019-06-29 22:03 - 300669399 _____ C:\Users\Administrátor\Downloads\Scrat_Spaced Out (2016).mkv
2019-06-29 09:59 - 2019-07-08 22:14 - 000000000 ____D C:\ProgramData\ProductData
2019-06-29 09:53 - 2019-06-29 09:53 - 000001490 _____ C:\Users\Administrátor\Desktop\JRT.txt
2019-06-28 20:18 - 2019-06-28 20:19 - 000000000 ____D C:\KRD2018_Data
2019-06-28 17:57 - 2019-06-28 17:57 - 000000000 ____D C:\Users\Administrátor\source
2019-06-28 17:56 - 2019-06-28 17:59 - 000000000 ____D C:\Users\Administrátor\Documents\Visual Studio 2019
2019-06-28 17:56 - 2019-06-28 17:56 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
2019-06-28 17:56 - 2019-06-28 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2019-06-28 17:51 - 2019-06-28 18:00 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\Visual Studio Setup
2019-06-28 17:51 - 2019-06-28 17:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-06-28 17:51 - 2019-06-28 17:51 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-06-28 17:51 - 2019-06-28 17:51 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\vstelemetry
2019-06-28 17:51 - 2019-06-28 17:51 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\vs_installe rshell
2019-06-28 17:51 - 2019-06-28 17:51 - 000000000 ____D C:\Users\Administrátor\AppData\Local\ServiceHub
2019-06-28 17:50 - 2019-06-28 17:50 - 001339864 _____ (Microsoft Corporation) C:\Users\Administrátor\Downloads\vs_community__142 9971524.1561737004.exe
2019-06-28 17:50 - 2019-06-28 17:50 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2019-06-28 17:33 - 2019-06-28 17:33 - 001447178 _____ (Igor Pavlov) C:\Users\Administrátor\Downloads\7z1900-x64.exe
2019-06-28 17:33 - 2019-06-28 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-06-28 17:33 - 2019-06-28 17:33 - 000000000 ____D C:\Program Files\7-Zip
2019-06-28 17:22 - 2019-06-28 17:22 - 000000000 ____D C:\Users\Administrátor\Documents\Ashampoo Burning Studio FREE
2019-06-28 17:21 - 2019-06-28 17:21 - 000001380 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\Ashampoo
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\ProgramData\Ashampoo
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2019-06-28 17:19 - 2019-06-28 17:19 - 041877736 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Administrátor\Downloads\ashampoo_burning_ studio_free_24045.exe
2019-06-28 17:09 - 2019-06-28 17:09 - 000000000 ____D C:\Temp
2019-06-28 17:08 - 2019-06-28 17:08 - 002284808 _____ C:\Users\Administrátor\Downloads\SH-222AB_SB01.exe
2019-06-28 16:07 - 2019-06-28 16:09 - 595562496 _____ C:\Users\Administrátor\Downloads\krd.iso
2019-06-28 00:33 - 2019-06-28 00:33 - 164432168 _____ (AO Kaspersky Lab) C:\Users\Administrátor\Desktop\KVRT.exe
2019-06-28 00:32 - 2019-06-28 00:33 - 164432168 _____ (AO Kaspersky Lab) C:\Users\Administrátor\Downloads\Unconfirmed 205204.crdownload
2019-06-26 14:16 - 2019-06-26 14:16 - 000087651 _____ C:\Users\Administrátor\Downloads\20190531_21119353 77_BU.pdf
2019-06-26 14:16 - 2019-06-26 14:16 - 000085026 _____ C:\Users\Administrátor\Downloads\20190430_21119353 77_BU.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000147541 _____ C:\Users\Administrátor\Downloads\20190225_21119353 77_VP.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000086990 _____ C:\Users\Administrátor\Downloads\20190329_21119353 77_BU.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000085180 _____ C:\Users\Administrátor\Downloads\20190131_21119353 77_BU.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000084487 _____ C:\Users\Administrátor\Downloads\20190228_21119353 77_BU.pdf
2019-06-23 21:20 - 2019-06-23 21:22 - 627688916 _____ C:\Users\Administrátor\Downloads\12-opic.avi
2019-06-23 18:08 - 2019-06-23 18:14 - 1992179280 _____ C:\Users\Administrátor\Downloads\Kráľ rybár CZ.avi
2019-06-23 15:08 - 2019-06-23 15:11 - 1027718630 _____ C:\Users\Administrátor\Downloads\Krajina Přílivu (2005) CZ Dabing.avi
2019-06-19 15:14 - 2019-06-19 15:14 - 000000000 ____D C:\Program Files\UNP
2019-06-19 14:54 - 2019-06-19 14:55 - 000004069 _____ C:\Users\Administrátor\Desktop\program.txt
2019-06-19 14:38 - 2019-06-19 16:34 - 2132492090 _____ C:\Users\Administrátor\Downloads\Muž, který zabil Dona Quijota ( 2018 ) CZ titulkyBRDrip.avi
2019-06-19 13:50 - 2019-06-19 13:50 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\OpenOffice
2019-06-18 18:40 - 2019-06-18 18:56 - 000000297 _____ C:\Users\Administrátor\Desktop\bazar.txt
2019-06-17 23:56 - 2019-06-17 23:56 - 000417183 _____ C:\Users\Administrátor\Downloads\openpuff-3-3-0-en-win.zip
2019-06-16 21:12 - 2019-06-16 21:17 - 1622584194 _____ C:\Users\Administrátor\Downloads\Nit z přízraků 2017, CZ Dabing.mkv
2019-06-15 14:22 - 2019-06-15 14:23 - 131527697 _____ C:\Users\Administrátor\Downloads\Security Online.mp4
2019-06-12 19:29 - 2019-06-07 13:04 - 021388752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-12 19:29 - 2019-06-07 13:04 - 001633136 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-06-12 19:29 - 2019-06-07 12:48 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-06-12 19:29 - 2019-06-07 12:47 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-12 19:29 - 2019-06-07 12:45 - 012756480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-12 19:29 - 2019-06-07 12:42 - 003613696 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-06-12 19:29 - 2019-06-07 12:41 - 004055552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-12 19:29 - 2019-06-07 12:40 - 001663488 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-06-12 19:29 - 2019-06-07 12:40 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-06-12 19:29 - 2019-06-07 12:23 - 001453920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-06-12 19:29 - 2019-06-07 12:19 - 020383832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-12 19:29 - 2019-06-07 12:10 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-12 19:29 - 2019-06-07 12:07 - 011942400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-12 19:29 - 2019-06-07 12:04 - 004056064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-12 19:29 - 2019-06-07 12:04 - 002881536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-06-12 19:29 - 2019-06-07 12:04 - 001471488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-06-12 19:29 - 2019-06-07 08:07 - 000707384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-06-12 19:29 - 2019-06-07 08:01 - 001035040 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 001220112 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 001027384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 000422416 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2019-06-12 19:29 - 2019-06-07 07:58 - 000135176 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-06-12 19:29 - 2019-06-07 07:58 - 000076304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 007519896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayR eady.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 007436536 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 002811192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 002719032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 001934808 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 001209696 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000792888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000594024 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-12 19:29 - 2019-06-07 07:57 - 000494304 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000435000 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000413720 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000412984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000383504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000170296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000148280 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000137448 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-06-12 19:29 - 2019-06-07 07:56 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-12 19:29 - 2019-06-07 07:56 - 000713272 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-06-12 19:29 - 2019-06-07 07:47 - 000380432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-12 19:29 - 2019-06-07 07:47 - 000097272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 006569344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 001805656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 001011872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 000581048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 000357072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 000128792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-12 19:29 - 2019-06-07 07:38 - 025857536 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-06-12 19:29 - 2019-06-07 07:37 - 022019584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-06-12 19:29 - 2019-06-07 07:31 - 019372544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-12 19:29 - 2019-06-07 07:27 - 022718976 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-12 19:29 - 2019-06-07 07:24 - 005784064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-06-12 19:29 - 2019-06-07 07:24 - 003400704 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-06-12 19:29 - 2019-06-07 07:24 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-06-12 19:29 - 2019-06-07 07:23 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-06-12 19:29 - 2019-06-07 07:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-06-12 19:29 - 2019-06-07 07:23 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 003710976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 000233984 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 007588864 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 004866048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 001778688 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 002610688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 003212288 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 002175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.oneco re.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 001560576 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.deskt op.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 000369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-12 19:29 - 2019-06-07 07:18 - 002166784 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-06-12 19:29 - 2019-06-07 07:18 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-06-12 19:29 - 2019-06-07 07:18 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-12 19:29 - 2019-06-07 07:17 - 001920000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-12 19:29 - 2019-06-07 07:17 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-06-12 19:29 - 2019-06-07 07:17 - 000889344 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-12 19:29 - 2019-06-07 07:16 - 000900096 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-12 19:29 - 2019-06-07 07:16 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-12 19:29 - 2019-06-07 07:16 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-12 19:29 - 2019-06-07 06:00 - 000001308 _____ C:\Windows\system32\tcbres.wim
2019-06-12 19:29 - 2019-05-19 00:12 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-12 19:29 - 2019-05-19 00:12 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-12 19:29 - 2019-05-19 00:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-12 19:29 - 2019-05-19 00:12 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-12 19:29 - 2019-05-17 14:44 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2019-06-12 19:29 - 2019-05-17 14:40 - 002394960 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2019-06-12 19:29 - 2019-05-17 14:40 - 000280888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2019-06-12 19:29 - 2019-05-17 14:27 - 006586880 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-06-12 19:29 - 2019-05-17 14:26 - 004393984 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-06-12 19:29 - 2019-05-17 14:25 - 004718080 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-06-12 19:29 - 2019-05-17 14:25 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\WindowsUpdateElevatedInstaller .exe
2019-06-12 19:29 - 2019-05-17 14:24 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2019-06-12 19:29 - 2019-05-17 14:23 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2019-06-12 19:29 - 2019-05-17 14:22 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-06-12 19:29 - 2019-05-17 14:22 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dl l
2019-06-12 19:29 - 2019-05-17 14:21 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 001121792 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpui.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-06-12 19:29 - 2019-05-17 14:20 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-06-12 19:29 - 2019-05-17 14:19 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-06-12 19:29 - 2019-05-17 14:07 - 002206424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2019-06-12 19:29 - 2019-05-17 14:00 - 005658112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-06-12 19:29 - 2019-05-17 13:56 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-06-12 19:29 - 2019-05-17 13:56 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3gpui.dll
2019-06-12 19:29 - 2019-05-17 13:55 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-06-12 19:29 - 2019-05-17 13:55 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-06-12 19:29 - 2019-05-17 13:55 - 000470528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2019-06-12 19:29 - 2019-05-17 13:54 - 002016768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-06-12 19:29 - 2019-05-17 13:54 - 000908288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2019-06-12 19:29 - 2019-05-17 11:33 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapt ure.dll
2019-06-12 19:29 - 2019-05-17 10:52 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapt ure.dll
2019-06-12 19:29 - 2019-05-17 09:07 - 000105272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2019-06-12 19:29 - 2019-05-17 08:44 - 000829960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2019-06-12 19:29 - 2019-05-17 08:44 - 000550520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-06-12 19:29 - 2019-05-17 08:43 - 000297688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 005625160 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 004789944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 002256560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001989552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001980256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001620264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001380096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001130568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 000125504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2019-06-12 19:29 - 2019-05-17 08:30 - 013878784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 19:29 - 2019-05-17 08:26 - 002969600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-06-12 19:29 - 2019-05-17 08:23 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-06-12 19:29 - 2019-05-17 08:23 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2019-06-12 19:29 - 2019-05-17 08:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-06-12 19:29 - 2019-05-17 08:22 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-06-12 19:29 - 2019-05-17 08:22 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-06-12 19:29 - 2019-05-17 08:21 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-06-12 19:29 - 2019-05-17 08:21 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esentutl.exe
2019-06-12 19:29 - 2019-05-17 08:21 - 000224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2019-06-12 19:29 - 2019-05-17 08:20 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2019-06-12 19:29 - 2019-05-17 08:20 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 004515840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 001630720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 001073664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 000835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-06-12 19:29 - 2019-05-17 08:18 - 002796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2019-06-12 19:29 - 2019-05-17 08:18 - 001006592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-06-12 19:29 - 2019-05-17 08:18 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-06-12 19:29 - 2019-05-17 08:08 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-06-12 19:29 - 2019-05-17 08:08 - 000723432 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-06-12 19:29 - 2019-05-17 08:08 - 000491200 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-12 19:29 - 2019-05-17 08:08 - 000401328 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 002768960 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 002571640 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 002467320 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 001459120 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-06-12 19:29 - 2019-05-17 08:07 - 001288712 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 001260272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-06-12 19:29 - 2019-05-17 08:07 - 000930616 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2019-06-12 19:29 - 2019-05-17 08:07 - 000275768 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001943136 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001784696 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001140992 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-06-12 19:29 - 2019-05-17 08:06 - 001098056 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 000983424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-06-12 19:29 - 2019-05-17 08:06 - 000151888 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2019-06-12 19:29 - 2019-05-17 08:04 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-06-12 19:29 - 2019-05-17 08:00 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2019-06-12 19:29 - 2019-05-17 07:44 - 016597504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-06-12 19:29 - 2019-05-17 07:38 - 004709376 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-06-12 19:29 - 2019-05-17 07:37 - 004385280 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-06-12 19:29 - 2019-05-17 07:37 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-06-12 19:29 - 2019-05-17 07:37 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\DuCsps.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-06-12 19:29 - 2019-05-17 07:36 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2019-06-12 19:29 - 2019-05-17 07:36 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-06-12 19:29 - 2019-05-17 07:35 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-06-12 19:29 - 2019-05-17 07:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe
2019-06-12 19:29 - 2019-05-17 07:35 - 000322560 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-06-12 19:29 - 2019-05-17 07:34 - 001804288 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000671744 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2019-06-12 19:29 - 2019-05-17 07:34 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 003091456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 002912256 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 002370560 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 001214464 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 000787968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-06-12 19:29 - 2019-05-17 07:33 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2019-06-12 19:29 - 2019-05-17 07:32 - 001070080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2019-06-12 19:29 - 2019-05-17 07:32 - 000815104 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 004937216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 003376640 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 003293184 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001854976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001383424 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001215488 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001027584 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2019-06-12 19:29 - 2019-05-17 07:30 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-06-12 19:29 - 2019-05-17 07:30 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-06-12 19:29 - 2019-05-17 07:30 - 000276992 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-09 00:58 - 2018-09-11 22:44 - 000000000 ____D C:\Program Files\Exterminate It!
2019-07-09 00:56 - 2018-09-11 22:27 - 000000000 ____D C:\Users\Administrátor\Desktop\utils
2019-07-09 00:39 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-09 00:37 - 2018-08-17 21:53 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-07-08 23:17 - 2018-08-17 21:46 - 000000000 ___HD C:\Users\Administrátor\MicrosoftEdgeBackups
2019-07-08 22:14 - 2018-08-17 21:44 - 001689050 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-08 22:14 - 2018-04-12 17:50 - 000715034 _____ C:\Windows\system32\perfh005.dat
2019-07-08 22:14 - 2018-04-12 17:50 - 000144328 _____ C:\Windows\system32\perfc005.dat
2019-07-08 22:14 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-07-08 22:09 - 2018-11-11 15:40 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-08 22:09 - 2018-08-17 21:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-08 22:08 - 2018-04-11 23:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-07-08 22:06 - 2018-09-08 11:31 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\vlc
2019-07-08 21:58 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2019-07-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-07-08 20:50 - 2018-08-17 21:36 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-08 13:26 - 2018-04-12 01:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-07-06 23:50 - 2018-11-20 22:32 - 000000000 ____D C:\Users\Administrátor\Documents\VirtualDJ
2019-07-06 22:25 - 2018-09-12 12:44 - 000000000 ____D C:\Users\Administrátor\AppData\Local\CrashDumps
2019-07-06 17:07 - 2019-05-15 23:17 - 000006635 _____ C:\Users\Administrátor\Desktop\yt.txt
2019-07-05 22:59 - 2018-04-11 23:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-06-30 11:58 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-29 09:18 - 2019-03-03 23:33 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-29 09:14 - 2018-09-11 23:04 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2019-06-28 18:09 - 2019-04-19 19:23 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\Notepad++
2019-06-28 17:57 - 2018-08-17 21:43 - 000000000 ____D C:\Users\Administrátor
2019-06-28 17:56 - 2018-10-03 14:53 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-06-28 16:18 - 2018-09-30 12:57 - 000000000 ____D C:\Users\Administrátor\AppData\Local\ElevatedDiagn ostics
2019-06-28 16:16 - 2018-10-01 02:11 - 000002355 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2019-06-28 00:31 - 2018-12-19 02:32 - 016551279 _____ C:\Users\Administrátor\Downloads\Wireless_XP_07101 1 (2).zip
2019-06-24 22:34 - 2018-08-17 21:46 - 000000000 ____D C:\Users\Administrátor\AppData\Local\VirtualStore
2019-06-22 03:02 - 2018-11-16 20:05 - 000000000 ____D C:\Program Files\rempl
2019-06-21 02:59 - 2019-04-20 17:56 - 000091892 _____ C:\Users\Administrátor\Downloads\Interop Unlock.zip
2019-06-18 18:25 - 2018-10-03 21:10 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-18 18:25 - 2018-08-18 01:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-16 17:15 - 2018-08-17 21:48 - 000003396 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-1001
2019-06-16 17:15 - 2018-08-17 21:48 - 000000000 ___RD C:\Users\Administrátor\OneDrive
2019-06-16 17:15 - 2018-08-17 21:43 - 000002391 _____ C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\OneDrive.lnk
2019-06-15 21:23 - 2019-05-28 17:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-12 21:44 - 2018-08-17 21:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 21:44 - 2018-08-17 21:46 - 000000000 ___RD C:\Users\Administrátor\3D Objects
2019-06-12 21:44 - 2018-08-17 21:35 - 000265064 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\TextInput
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\ShellExperiences
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\Provisioning
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\bcastdvr
2019-06-12 19:51 - 2018-11-30 15:08 - 000000079 _____ C:\Users\Administrátor\Desktop\soundcloud.txt
2019-06-12 19:50 - 2019-02-22 21:26 - 000000289 _____ C:\Users\Administrátor\Desktop\prispevek.txt
2019-06-12 19:29 - 2018-08-18 00:37 - 000000000 ____D C:\Windows\system32\MRT
2019-06-12 19:26 - 2018-08-19 19:52 - 000004682 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-06-12 19:26 - 2018-08-18 00:37 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-12 19:26 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-06-12 19:26 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ================

2019-06-06 01:54 - 2019-06-06 01:54 - 000003584 _____ () C:\Users\Administrátor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-03-04 01:52 - 2019-03-04 01:52 - 000000218 _____ () C:\Users\Administrátor\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Administrátor (09-07-2019 01:09:02)
Running from C:\Users\Administrátor\Desktop
Windows 10 Home Version 1803 17134.829 (X64) (2018-08-17 19:38:09)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3472240800-3569865723-1055443696-500 - Administrator - Disabled) => C:\Users\Administrator
Administrátor (S-1-5-21-3472240800-3569865723-1055443696-1001 - Administrator - Enabled) => C:\Users\Administrátor
DefaultAccount (S-1-5-21-3472240800-3569865723-1055443696-503 - Limited - Disabled)
Guest (S-1-5-21-3472240800-3569865723-1055443696-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3472240800-3569865723-1055443696-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Ashampoo Burning Studio FREE (HKLM-x32...{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.20.2 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
Bandicam (HKLM-x32...\Bandicam) (Version: 4.1.7.1424 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32...\BandiMPEG1) (Version: - Bandicam.com)
Camel Audio CamelCrusher (HKLM-x32...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
Camel Audio CamelCrusher64 (HKLM-x32...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
CCleaner (HKLM...\CCleaner) (Version: 5.53 - Piriform)
Chromodo (HKLM-x32...\Chromodo) (Version: 49.13.20.402 - Comodo)
DAEMON Tools Lite (HKLM...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DisplayDriverAnalyzer (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Driver Booster 5 (HKLM-x32...\Driver Booster_is1) (Version: 5.1.0 - IObit)
Dynasone VST 2.02 (HKLM-x32...\Dynasone_VST_2.02) (Version: - )
Emergency Download Driver (HKLM-x32...{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
Eraser 6.2.0.2970 (HKLM...{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
Exterminate It! (HKLM-x32...\Exterminate It!) (Version: 2.21.0.24 - Curio Systems GmbH)
FFU Loader Driver 1.0.0 (HKLM-x32...{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32...{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
FL Studio 12 (HKLM-x32...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HWiNFO64 Version 5.86 (HKLM...\HWiNFO64_is1) (Version: 5.86 - Martin Malík - REALiX)
HxD Hex Editor 2.2.1 (HKLM...\HxD_is1) (Version: 2.2.1 - Maël Hörz)
IL Download Manager (HKLM-x32...\IL Download Manager) (Version: - Image-Line)
ImgBurn (HKLM-x32...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.92.3 (HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\Inkscape) (Version: 0.92.3 - Inkscape Project)
IObit Uninstaller 8 (HKLM-x32...\IObitUninstall) (Version: 8.0.2.19 - IObit)
IrfanView 4.51 (64-bit) (HKLM...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
IsoBuster 4.2 (HKLM-x32...\IsoBuster_is1) (Version: 4.2 - Smart Projects)
Java 8 Update 191 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32...{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32...\InstallWIX{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
KMPlayer 64X (HKLM...\KMPlayer 64X) (Version: 1.0.0.2 - PandoraTV)
Lumia UEFI Blue Driver (HKLM-x32...{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Malwarebytes verze 3.8.3.2965 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32...{58AF62C8-1D15-46D7-9B7F-243B93C5589E}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32...{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32...{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32...{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32...{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM...{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.1.3129.607 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MTG Arena (HKLM-x32...{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}) (Version: 0.1.1391.0 - Wizards of the Coast) Hidden
MTG Arena (HKLM-x32...\MTG Arena 0.1.1391.0) (Version: 0.1.1391.0 - Wizards of the Coast)
Native Instruments FM8 (HKLM-x32...\Native Instruments FM8) (Version: - )
Native Instruments Massive (HKLM-x32...\Native Instruments Massive) (Version: - )
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
NVIDIA Ovladač 3D Vision 391.35 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
OrangeVocoder VST 2.02 (HKLM-x32...\OrangeVocoder_VST_2.02) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PiWarp VST 2.02 (HKLM-x32...\PiWarp_VST_2.02) (Version: - )
Planet Coaster version 1.3.6.45104 (HKLM...\Planet Coaster_is1) (Version: 1.3.6.45104 - STEAMPUNKS)
Platform (HKLM-x32...{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32...\PowerISO) (Version: 7.3 - Power Software Ltd)
Rain World (HKLM-x32...\1541665964_is1) (Version: 1.015 - GOG.com)
Recuva (HKLM...\Recuva) (Version: 1.53 - Piriform)
Roomulator VST 2.02 (HKLM-x32...\Roomulator_VST_2.02) (Version: - )
Shotcut (HKLM-x32...\Shotcut) (Version: 18.09.15 - Meltytech, LLC)
Total Commander 64-bit (Remove or Repair) (HKLM...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
u-he Zebra2 (HKLM-x32...\u-he Zebra2) (Version: 2.7.2.3898 - u-he)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM...{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VIA Platforma Ovladače zařízení (HKLM-x32...\InstallShield{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualDJ PRO Full (HKLM-x32...{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Visual Studio Community 2019 (HKLM-x32...\dd689672) (Version: 16.1.29020.237 - Microsoft Corporation)
VLC media player (HKLM...\VLC media player) (Version: 3.0.4 - VideoLAN)
VoxCiter VST 2.02 (HKLM-x32...\VoxCiter_VST_2.02) (Version: - )
Voxengo SPAN (HKLM...\Voxengo SPAN_is1) (Version: 2.10 - Voxengo)
vs_filehandler_amd64 (HKLM-x32...{EF43D2AE-EE51-41C3-BCA0-C5E79023B217}) (Version: 16.1.28811 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32...{5AABBDCD-ED5D-4AFD-8432-847DD87F8E4C}) (Version: 16.1.28811 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32...{F08DA172-0777-40C6-A8BA-D0F314560BEE}) (Version: 16.0.28518 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32...{762B3E50-3B79-4D88-B115-97513CCE8CDB}) (Version: 16.1.28811 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32...{DA2B1838-3B2E-4220-8B2E-796F4624D463}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32...{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32...{a8ef6d85-8556-4ab8-9e84-f935f5582d43}) (Version: 3.14.7501 - Microsoft)
Windows IP Over USB (HKLM-x32...{FF0EA481-42DB-A8AE-8356-48C09F7D953D}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Phone 8.0 Emulation Images (HKLM-x32...{7515082B-0B97-331C-9725-9D42EF0DE501}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone 8.0 Managed SDK Profiler (ARM) (HKLM-x32...{D6DEA3AD-637E-368A-BD00-501D443F5E86}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone 8.0 Managed SDK Profiler (X86) (HKLM-x32...{D21B5F75-8042-3B39-80A1-F1D56D6DB4AB}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone IP Over USB (HKLM-x32...{E7C8E5D3-9EDC-4430-8AEF-FD590937F55F}) (Version: 10.0.10240.0 - Microsoft Corporation)
Windows Phone SDK 8.0 Assemblies (HKLM-x32...{C7EE26EC-477D-37D0-87B4-ED146C5A9CD2}) (Version: 11.0.50727 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32...{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32...{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32...{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
[HEADING=1]Packages:[/HEADING]
Adblock Plus → C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_ne utral__d55gg7py3s0m0 [2019-05-02] (eyeo GmbH)
Dolby Access → C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2. 4.520.0_x64__rz1tebttyb220 [2019-03-15] (Dolby Laboratories)
Mail and Calendar → C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Trello → C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2 .10.14.0_x64__7pb5ddty8z1pa [2019-06-25] (Trello, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3472240800-3569865723-1055443696-1001_Classes\CLSID{C6900730-7919-4222-A0A1-1C469462F10B} → [MEGA] => C:\Users\Administrátor\Documents\MEGA [2018-12-30 03:32]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] → {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] → {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] → {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] → {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] → {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] → {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] → {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ → )
ContextMenuHandlers1: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ContextMenuHandlers1: [Eraser] → {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd → The Eraser Project)
ContextMenuHandlers1: [IObitUnstaler] → {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology → IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] → {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited → Power Software Ltd)
ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers2: [Eraser] → {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd → The Eraser Project)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] → {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers3: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] → {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd → The Eraser Project)
ContextMenuHandlers4: [IObitUnstaler] → {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology → IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] → {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers4: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited → Power Software Ltd)
ContextMenuHandlers5: [Eraser] → {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd → The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ContextMenuHandlers6: [Eraser] → {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd → The Eraser Project)
ContextMenuHandlers6: [IObitUnstaler] → {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology → IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] → {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab → AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers6: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited → Power Software Ltd)
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\VirtualDJ\Online Help.lnk → hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\VirtualDJ[www.virtualdj.com.lnk](http://www.virtualdj.com.lnk) → hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2018-09-07 09:16 - 2018-09-07 09:16 - 006881792 _____ () [File not signed] C:\Program Files\KMPlayer 64X\UpLib.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 000598528 _____ () [File not signed] C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll
2019-06-28 17:33 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-07-07 00:11 - 2019-07-08 23:57 - 000170496 _____ (KMPlayer Team) [File not signed] C:\Users\Administrátor\AppData\Local\Temp\1029.tmp
2015-11-19 21:03 - 2015-11-19 21:03 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbPc.DLL
2018-11-11 15:40 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-11-11 15:40 - 2018-03-24 01:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSyste m\NvStereo_nvstapisvr64.dll
2019-04-09 22:38 - 2019-04-09 22:38 - 000662016 _____ (SQLite Development Team) [File not signed] C:\Program Files\Exterminate It!\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Classes\regfile: regedit.exe “%1” <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-06-29 09:50 - 000000768 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → c:\program files (x86)\common files\oracle\java\javapath;c:\windows\system32;c:\ windows;c:\windows\system32\wbem;c:\windows\system 32\windowspowershell\v1.0;c:\windows\system32\open ssh;C:\Program Files (x86)\Smart Projects\IsoBuster
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Control Panel\Desktop\Wallpaper → C:\Users\Administrátor\Downloads\orange-cubes-43825-1920x1200.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM...\StartupApproved\Run: => “SecurityHealth”
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\StartupApproved\Run: => “OneDrive”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9C18D8F9-D5A9-4C72-9829-F42A1650D2B9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe (IObit Information Technology → IObit)
FirewallRules: [{996EE3CA-2ACD-4C01-BD87-98A05E5FFC04}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe (IObit Information Technology → IObit)
FirewallRules: [{EAB1722A-31CB-4226-95BD-CAC79A22B840}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology → IObit)
FirewallRules: [{CCE7BCCA-83ED-43A0-A116-E60A758289B0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology → IObit)
FirewallRules: [{AD255F48-7E9E-4D5C-AEFB-E5B81DA9F955}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe (IObit Information Technology → IObit)
FirewallRules: [{662FF1DF-B272-41A4-8604-DCC80C9AF020}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe (IObit Information Technology → IObit)
FirewallRules: [TCP Query User{5A1A73A9-618E-494F-9BB5-317F78EDD4DF}C:\users\administrátor\desktop\dst\bi n\dontstarve_steam.exe] => (Block) C:\users\administrátor\desktop\dst\bin\dontstarve_ steam.exe No File
FirewallRules: [UDP Query User{A02A1629-2A09-4311-9DE3-D3B3987E2791}C:\users\administrátor\desktop\dst\bi n\dontstarve_steam.exe] => (Block) C:\users\administrátor\desktop\dst\bin\dontstarve_ steam.exe No File
FirewallRules: [TCP Query User{DB50EB91-D20D-42B8-B858-44C5BA5BD1DF}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC → )
FirewallRules: [UDP Query User{56F0B7D2-F691-4DEA-B0FA-8A276CD6004A}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC → )
FirewallRules: [{6B665249-BDFA-4116-9AEB-5C017D236C0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:446.59 GB) (Free:155.22 GB) (35%)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/08/2019 11:54:38 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-V6VDE39)
Description: httphttp-2147467263

Error: (07/08/2019 10:59:10 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-V6VDE39)
Description: httphttp-2147467263

Error: (07/06/2019 10:25:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.799, time stamp: 0x5cde47ca
Faulting module name: EdgeContent.dll, version: 11.0.17134.799, time stamp: 0x38675003
Exception code: 0xc0000409
Fault offset: 0x00000000000afe6a
Faulting process ID: 0x40d4
Faulting application start time: 0x01d53415bcb94ab2
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\SYSTEM32\EdgeContent.dll
Report ID: af9068e0-5cb1-49e4-8fdc-09a86b8dc7d8
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (07/06/2019 06:13:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.799, time stamp: 0x5cde47ca
Faulting module name: EdgeContent.dll, version: 11.0.17134.799, time stamp: 0x38675003
Exception code: 0xc0000409
Fault offset: 0x00000000000afe6a
Faulting process ID: 0x3fbc
Faulting application start time: 0x01d5340f14ae0c7e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\SYSTEM32\EdgeContent.dll
Report ID: 75f96bd3-41e2-4d4a-8b3a-d5104dd4c6e8
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (07/06/2019 02:12:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chromodo.exe verze 49.13.20.402 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 32c4

Čas spuštění: 01d531d6be259fd0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe

ID hlášení: 4f28b51d-3a20-40dc-bb2b-29ccebac963c

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (07/06/2019 12:47:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MicrosoftEdgeCP.exe verze 11.0.17134.799 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 7910

Čas spuštění: 01d533e6eb50c0ff

Čas ukončení: 22

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

ID hlášení: 6e4e0b28-4972-4cab-940e-afac035d61c4

Úplný název balíčku s chybou: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe

ID aplikace související s balíčkem s chybou: ContentProcess

Error: (07/06/2019 12:34:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MicrosoftEdgeCP.exe verze 11.0.17134.799 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 4b98

Čas spuštění: 01d531d7fe3a0b16

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

ID hlášení: 88becf91-1494-4f6c-8c8c-de9bceaeba8f

Úplný název balíčku s chybou: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe

ID aplikace související s balíčkem s chybou: ContentProcess

Error: (07/06/2019 12:29:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.799, time stamp: 0x5cde47ca
Faulting module name: edgehtml.dll, version: 11.0.17134.829, time stamp: 0x07ad0877
Exception code: 0xc0000005
Fault offset: 0x0000000000111055
Faulting process ID: 0x3ca0
Faulting application start time: 0x01d533e58232d669
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\SYSTEM32\edgehtml.dll
Report ID: 3109b732-cb50-4ccd-bf16-96289622ee35
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe
Faulting package-relative application ID: ContentProcess
[HEADING=1]System errors:[/HEADING]
Error: (07/09/2019 12:55:43 AM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:16:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V6VDE39)
Description: Server Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe!ContentProcess#{00031404-0001-0000-F1E4-000000000000} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/08/2019 10:09:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NGIService service failed to start due to the following error:
Systém nemůže nalézt uvedený soubor.

Error: (07/08/2019 10:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
Systém nemůže nalézt uvedený soubor.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.
[HEADING=1]Windows Defender:[/HEADING]
Date: 2019-06-29 09:59:40.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-06-29 09:59:40.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-06-29 09:59:40.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-06-29 09:59:40.434
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-05-05 23:25:45.666
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2018-12-27 16:30:23.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-27 16:27:43.233
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 17:35:08.422
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 17:35:04.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 15:33:04.427
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 15:33:00.773
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 13:31:15.577
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 13:31:11.612
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kd l that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.70 09/07/2010
Motherboard: ASRock M3A770DE
Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 54%
Total physical RAM: 12287.3 MB
Available physical RAM: 5559.58 MB
Total Virtual: 32767.3 MB
Available Virtual: 25687.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.59 GB) (Free:155.22 GB) NTFS
Drive e: (Místní disk) (Fixed) (Total:1863.02 GB) (Free:1253.03 GB) NTFS
Drive f: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS

\?\Volume{041feeed-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 041FEEED)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (Size: 1863 GB) (Disk ID: 70AAB22D)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Looking the logs over now, should be about an hour to go over them.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

================================================== ================================================== ============================

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
[ul]
[li]Close all open programs and internet browsers.[/li][li]Right Click on adwcleaner.exe and run as admin to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

A[COLOR=rgb(255, 255, 255)] problem has disappeared in Microsoft edge , but it came back when i start browsing with chromodo browser, it also came back in [COLOR=rgb(255, 255, 255)]
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Administrátor (09-07-2019 12:55:57) Run:1
Running from C:\Users\Administrátor\Desktop
Loaded Profiles: Administrátor & Administrator (Available Profiles: Administrátor & Administrator)
Boot Mode: Normal[/HEADING]
fixlist content:

---

Start
Closeprocesses:
CreateRestorePoint:
Emptytemp:
VirusTotal: C:\Windows\system32\drivers\vasdDev.sys
HKLM...\Run: [AvastUI.exe] => “C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. → Oracle Corporation)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001...\MountPoints2: {aa2e3823-ad33-11e8-9346-00252281e08d} - “G:\setup.exe”
GroupPolicy: Restriction ? <==== ATTENTION
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\Administr�tor\AppData\Local\Google\Chrome \User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-08-18]
Task: {05F42D32-9EC0-4F0E-B32E-66114E0F58D9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. → AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip..\Interfaces{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}: [DhcpNameServer] 192.168.0.1 192.168.0.1
CHR Extension: (Chrome Media Router) - C:\Users\Administr�tor\AppData\Local\Google\Chrome \User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2019-06-19]
S2 avast! Antivirus; “C:\Program Files\AVAST Software\Avast\AvastSvc.exe”
S2 NGIService; “C:\Program Files (x86)\Common Files\McAfee\NGI\Service\NGIService.exe” StartAsNGIService
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-12-28] (Microsoft Windows Early Launch Anti-malware Publisher → AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-12-28] (AVAST Software s.r.o. → AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2019-06-29] (Adlice → )
U3 aswbdisk; no ImagePath
2019-06-06 01:54 - 2019-06-06 01:54 - 000003584 _____ () C:\Users\Administr�tor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-03-04 01:52 - 2019-03-04 01:52 - 000000218 _____ () C:\Users\Administr�tor\AppData\Local\recently-used.xbel
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ContextMenuHandlers1: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ContextMenuHandlers3: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
ContextMenuHandlers6: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll → No File
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Classes\regfile: regedit.exe “%1” <==== ATTENTION
Shortcut: C:\Users\Administr�tor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\VirtualDJ\Online Help.lnk → hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Administr�tor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\VirtualDJ[www.virtualdj.com.lnk](http://www.virtualdj.com.lnk) → hxxp://www.virtualdj.com
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admi nistr�tor
C:\Windows\Tasks\Uninstaller_SkipUac_Administr�tor .job
C:\Windows\System32\drivers\aswVmm.sys
C:\Windows\System32\drivers\aswStm.sys
C:\Windows\System32\drivers\aswSP.sys
C:\Windows\System32\drivers\aswSnx.sys
C:\Windows\System32\drivers\aswRvrt.sys
C:\Windows\System32\drivers\aswRdr2.sys
C:\Windows\System32\drivers\aswMonFlt.sys
C:\Windows\System32\drivers\aswKbd.sys
C:\Windows\System32\drivers\aswHwid.sys
C:\Windows\System32\drivers\aswHdsKe.sys
C:\Windows\System32\drivers\aswElam.sys
C:\Windows\System32\drivers\aswbloga.sys
C:\Windows\System32\drivers\aswbidsha.sys
C:\Windows\System32\drivers\aswbidsdrivera.sys
C:\Program Files\AVAST Software
C:\Program Files\Common Files\AVAST Software
C:\Program Files (x86)\Common Files\McAfee
Folder: C:\Users\Administr�tor\source
VirusTotal: C:\Users\Administr�tor\Downloads\vs_community__142 9971524.1561737004.exe
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
end

---

Processes closed successfully.
Error: (0) Failed to create a restore point.
VirusTotal: C:\Windows\system32\drivers\vasdDev.sys => VirusTotal
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n\AvastUI.exe” => could not remove
“HKLM\Software\WOW6432Node\Microsoft\Windows\Curre ntVersion\Run\SunJavaUpdateSched” => removed successfully
“HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\NoLowDiskSpaceChecks” => removed successfully
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{aa2e3823-ad33-11e8-9346-00252281e08d} => removed successfully
HKLM\Software\Classes\CLSID{aa2e3823-ad33-11e8-9346-00252281e08d} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\Administr�tor\AppData\Local\Google\Chrome \User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-08-18] => Error: No automatic fix found for this entry.
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{05F42D32-9EC0-4F0E-B32E-66114E0F58D9}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{05F42D3 2-9EC0-4F0E-B32E-66114E0F58D9}” => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Para meters\DhcpNameServer” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Para meters\Interfaces{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}\DhcpNameServer” => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\Administr�tor\AppData\Local\Google\Chrome \User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2019-06-19] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\avast! Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\NGIService => removed successfully
NGIService => service removed successfully
HKLM\System\CurrentControlSet\Services\aswArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsdriv er => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswblog => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbuniv => could not remove, key could be protected
aswElam => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswElam => removed successfully
aswElam => service removed successfully
aswHdsKe => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswHdsKe => removed successfully
aswHdsKe => service removed successfully
HKLM\System\CurrentControlSet\Services\aswHwid => could not remove, key could be protected
aswKbd => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswKbd => could not remove, key could be protected
aswMonFlt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswRdr => could not remove, key could be protected
aswRvrt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswSnx => could not remove, key could be protected
aswSP => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswVmm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
“C:\Users\Administr�tor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini” => not found
“C:\Users\Administr�tor\AppData\Local\recently-used.xbel” => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \avast => removed successfully
HKLM\Software\Classes\CLSID{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx \ContextMenuHandlers\00asw => removed successfully
HKLM\Software\Classes\CLSID{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\avast => removed successfully
HKLM\Software\Classes\CLSID{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Classes\regfile => removed successfully
“C:\Users\Administr�tor\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk” => not found
“C:\Users\Administr�tor\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\VirtualDJ[www.virtualdj.com.lnk](http://www.virtualdj.com.lnk)” => not found
“C:\Windows\System32\Tasks\Uninstaller_SkipUac_Adm inistr�tor” => not found
“C:\Windows\Tasks\Uninstaller_SkipUac_Administr�to r.job” => not found
Could not move “C:\Windows\System32\drivers\aswVmm.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswStm.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswSP.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswSnx.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswRvrt.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswRdr2.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswMonFlt.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswKbd.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswHwid.sys” => Scheduled to move on reboot.
C:\Windows\System32\drivers\aswHdsKe.sys => moved successfully
C:\Windows\System32\drivers\aswElam.sys => moved successfully
Could not move “C:\Windows\System32\drivers\aswbloga.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswbidsha.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\drivers\aswbidsdrivera.sys” => Scheduled to move on reboot.
“C:\Program Files\AVAST Software” folder move:
Could not move “C:\Program Files\AVAST Software” => Scheduled to move on reboot.
C:\Program Files\Common Files\AVAST Software => moved successfully
“C:\Program Files (x86)\Common Files\McAfee” => not found
========================= Folder: C:\Users\Administr�tor\source ========================
not found.
====== End of Folder: ======
“VirusTotal: C:\Users\Administr�tor\Downloads\vs_community__142 9971524.1561737004.exe” => not found
C:\WINDOWS\system32\drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
[HEADING=1]=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 390494910 B
Java, Flash, Steam htmlcache => 1110 B
Windows/system/drivers => 69582864 B
Edge => 37394426 B
Chrome => 23147028 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 79836 B
LocalService => 0 B
NetworkService => 68526 B
NetworkService => 0 B
Administrátor => 174779419 B
Administrator => 49477304 B
RecycleBin => 0 B
EmptyTemp: => 720.5 MB temporary data Removed.[/HEADING]
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-07-2019 12:58:15)
C:\Windows\System32\drivers\aswVmm.sys => Could not move
C:\Windows\System32\drivers\aswStm.sys => Could not move
C:\Windows\System32\drivers\aswSP.sys => Could not move
C:\Windows\System32\drivers\aswSnx.sys => Could not move
C:\Windows\System32\drivers\aswRvrt.sys => Could not move
C:\Windows\System32\drivers\aswRdr2.sys => Could not move
C:\Windows\System32\drivers\aswMonFlt.sys => Could not move
C:\Windows\System32\drivers\aswKbd.sys => Could not move
C:\Windows\System32\drivers\aswHwid.sys => Could not move
C:\Windows\System32\drivers\aswbloga.sys => Could not move
C:\Windows\System32\drivers\aswbidsha.sys => Could not move
C:\Windows\System32\drivers\aswbidsdrivera.sys => Could not move
C:\Program Files\AVAST Software => Is moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\avast! Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsdriv er => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswblog => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbuniv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswHwid => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswKbd => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswRdr => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswSnx => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswVmm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
==== End of Fixlog 12:58:16 ====[/color][/color]

After 2nd restart Microsoft Edge was already infected.
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 7.3.0.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 04-04-2019[/HEADING]
[HEADING=1]Database: 2019-06-28.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 07-09-2019[/HEADING]
[HEADING=1]Duration: 00:00:01[/HEADING]
[HEADING=1]OS: Windows 10 Home[/HEADING]
[HEADING=1]Cleaned: 5[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\IOBIT\Driver Booster
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\Users\Administrátor\AppData\Roaming\IOBIT\Drive r Booster
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Driver Booster_is1
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.

---

[+] Delete Tracing Keys
[+] Reset Winsock

---

AdwCleaner[S00].txt - [1549 octets] - [11/09/2018 22:25:05]
AdwCleaner[C00].txt - [1677 octets] - [11/09/2018 22:25:48]
AdwCleaner[S01].txt - [1796 octets] - [03/10/2018 21:03:33]
AdwCleaner[C01].txt - [1886 octets] - [03/10/2018 21:04:00]
AdwCleaner[S02].txt - [1686 octets] - [29/06/2019 09:56:31]
AdwCleaner[C02].txt - [1814 octets] - [29/06/2019 09:56:45]
AdwCleaner[S03].txt - [1990 octets] - [08/07/2019 22:07:30]
AdwCleaner[S04].txt - [2051 octets] - [09/07/2019 13:56:59]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

Finally I’ve figured out how it approximately works.
I found that it works on Czech sites(www.seznam.cz,www.recepty.cz,www.csfd.cz,www .novinky.cz) and i must visit them through chromodo browser to activate the popup. After that it starts poping in Microsoft Edge too.

You can block these types of intrusions with the most effective ad/tracker blocker out there.

Ublock Origin for Edge.

https://www.microsoft.com/en-us/p/ub...%3Aoverviewtab

Ublock Origin for Chrome



================================================== ===============================================

Ok, seems that Avast is being stubborn and will not remove, you should not have two antivirus applications on one machine.
[HEADING=1][ol]
[li]Download avastclear.exe on your desktop[/li][li]Start Windows in Safe Mode[/li][li]Open (execute) the uninstall utility[/li][li]If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)[/li][li]Click REMOVE[/li][li]Restart your computer[/li][/ol][/HEADING]
Once you have done that please run this so I can make sure that nothing is lurking on your machine.

Quick Diag Scan.

Download Quick Diag to your desktop.
Very Important!! – Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

https://pchelpforum.net/attachments/upload_2017-2-23_9-27-51-png.1654/

Post the log that is generated in your next post.

You should attach this file as it is rather large, you can click on attach files when you reply.

You can also block this through a DNS server.

Using Adguards DNS server as mentioned at this site.



You can quickly change your DNS server with DNS Jumper.
Download DNS jumper by clicking here.
Unzip it to your desktop.
Double click the folder containing DNS Jumper
Right Click the program and run as Administrator.
Click and place a check in the Custom DNS box.
Copy these DNS servers ==== 176.103.130.130 ====== 176.103.130.131 and paste them into the highlighted boxes.
Click on Apply DNS

[ATTACH type=“full” alt=“Capture.PNG”]4957[/ATTACH]

I did avastclear in safe mode, but AvastUI.exe probably still in my pc… This path “C:\Program Files\AVAST Software\Avast\AvLaunch.exe” doesnt exist or isnt visible for me, anyway i see AVLaunch startup in my Task manager.

[ATTACH type=“full” alt=“4958”]4958[/ATTACH]

Ok, we will remove any traces of it with this tool. It needs to be removed because it will use a lot of system resources when two antivirus applications are installed.

Download Quick Diag to your desktop.
Very Important!! – Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_9-27-51-png.1654/

PCHF Forums

Post the log that is generated in your next post.

--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 09/07/2019 18:30:33

Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
[Administrátor (Administrator)] - [DESKTOP-V6VDE39] (S-1-5-21-3472240800-3569865723-1055443696-1001)

System: Microsoft Windows 10 Home - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1029 (0405) → (1803)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Home|C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: To Be Filled By O.E.M. - To Be Filled By O.E.M. - IdNumber: To Be Filled By O.E.M. - UUID: 03000200-0400-0500-0006-000700080009
Processor : X64 - 3393 Mhz - AMD Phenom™ II X4 965 Processor
Default System BIOS - - American Megatrends Inc. - S/N: To Be Filled By O.E.M. - P1.70 - 090710 - 20100907
CoreTemp : ? Celsius

----------| Quick

---------- | SoundDevice

Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101& REV_1001\5&1827189B&0&0001
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101& REV_1001\5&1827189B&0&0101
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101& REV_1001\5&1827189B&0&0201
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101& REV_1001\5&1827189B&0&0301
USB Audio Class 1.0 and 2.0 Device Driver With MS Effect - Status: OK - Manufacturer: C-MEDIA Inc. - PNPDeviceID: USB\VID_0D8C&PID_0319&MI_00\6&37873258&0&0000
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_18490397& REV_1000\4&61D13CD&0&0001

---------- | Video

NVIDIA GeForce GTX 460 - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 75 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll,C:\W indows\System32\DriverStore\FileRepository\nv_disp i.inf_amd64_c1a085cc86772d3f\nvldumdx.dll,C:\Windo ws\System32\DriverStore\FileRepository\nv_dispi.in f_amd64_c1a085cc86772d3f\nvldumdx.dll,C:\Windows\S ystem32\DriverStore\FileRepository\nv_dispi.inf_am d64_c1a085cc86772d3f\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_0E22&SUBSYS_34FC1458&REV_A1\4&1C1 F7BC1&0&0010 - AdapterCompatibility: NVIDIA - RAM: 1073741824
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 460 - DriverVersion: 23.21.13.9135 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\bdmpegv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 75272 - Manufacturer: - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\vorbis.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 1470976 - Manufacturer: HMS http://hp.vector.co.jp/authors/VA012897/ - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\bdmpega64.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 75784 - Manufacturer: - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\bdmjpeg64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 75248 - Manufacturer: - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:3 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GbE Family Controller - Síť Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_03\4&E05 7C7F&0&0050
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Síť Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Síť Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Síť Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 12582 | Free (MB) : 10699
Pagefile = Total (MB) : 33554 | Free (MB) : 31574
Virtual = Total (MB) : 4194 | Free (MB) : 3866

Physical Memory 0 : Capacity: 2147483648 - DIMM0 - Posit.: 0 - Manufacturer: Manufacturer0 - PartNumber: PartNum0 - S/N: SerNum0
Physical Memory 1 : Capacity: 2147483648 - DIMM1 - Posit.: 0 - Manufacturer: Manufacturer1 - PartNumber: PartNum1 - S/N: SerNum1
Physical Memory 2 : Capacity: 4294967296 - DIMM2 - Posit.: 0 - Manufacturer: Manufacturer2 - PartNumber: PartNum2 - S/N: SerNum2
Physical Memory 3 : Capacity: 4294967296 - DIMM3 - Posit.: 0 - Manufacturer: Manufacturer3 - PartNumber: PartNum3 - S/N: SerNum3

---------- | SID Users

Administrator : [S-1-5-21-3472240800-3569865723-1055443696-500]
Administrátor : [S-1-5-21-3472240800-3569865723-1055443696-1001]
DefaultAccount : [S-1-5-21-3472240800-3569865723-1055443696-503]
Guest : [S-1-5-21-3472240800-3569865723-1055443696-501]
WDAGUtilityAccount : [S-1-5-21-3472240800-3569865723-1055443696-504]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
Vlastníci zařízení : [S-1-5-32-583]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | | Total : 446.59 Go | Free : 156.23 Go → NTFS (SSD) [ATA]
E:\ → [Fixed] | [Místní disk] | Total : 1863.02 Go | Free : 1253.03 Go → NTFS [ATA]
F:\ → [CDROM] | [KRD10] | Total : 0.26 Go | Free : 0 Go → CDFS [ATAPI]

Disk Usage Information [2 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:3,899,173 bytes/sec Max Read:0 bytes/sec, Max Write:3,899,173 bytes/sec
Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:3,899,173 bytes/sec

DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKKINGSTON_SA400S37480G___________________SB FK71E0\5&11EE6D0C&0&0.0.0
DeviceID: \.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : IDE\DISKWDC_WD20EARS-00S8B1_____________________80.00A80\5&3ACF866E&0&1 .1.0

---------- | Windows updates - Activation - License

W.A.T :

Test 1 : Windows Is Activated

Volume License

---------- | Browsers

IE : 11.0.17134.1 (© Microsoft Corporation.)
GC : 75.0.3770.100 (Copyright 2019 Google LLC.)

Default : “C:\Program Files\Internet Explorer\iexplore.exe”

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.207

---------- | Security

AS : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

528 | [Owner : SYSTEM | Parent : 4(System) | ???] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [12/02/2019 22:04:33] CPU Usage:0 %
708 | [Owner : SYSTEM | Parent : 688() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
808 | [Owner : SYSTEM | Parent : 688() | ???] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 %
816 | [Owner : SYSTEM | Parent : 788() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
880 | [Owner : SYSTEM | Parent : 808(wininit.exe) | ???] - (.Microsoft Corporation - Services and Controller app.) - (10.0.17134.191) = C:\Windows\System32\services.exe [18/08/2018 00:30:31] CPU Usage:0 %
892 | [Owner : SYSTEM | Parent : 808(wininit.exe) | 17.47 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [07/11/2018 19:26:18] CPU Usage:0 %
968 | [Owner : SYSTEM | Parent : 788() | 11.64 Mo] - (.Microsoft Corporation - Windows Log-on Application.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [01/10/2018 12:43:49] CPU Usage:0 %
540 | [Owner : SYSTEM | Parent : 880(services.exe) | 3.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
696 | [Owner : UMFD-0 | Parent : 808(wininit.exe) | 3.93 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 23:19:36] CPU Usage:0 %
700 | [Owner : UMFD-1 | Parent : 968(winlogon.exe) | 16.6 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 23:19:36] CPU Usage:0 %
944 | [Owner : SYSTEM | Parent : 880(services.exe) | 26.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1064 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 14.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1108 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1168 | [Owner : DWM-1 | Parent : 968(winlogon.exe) | 58.86 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 %
1272 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1328 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1420 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 11.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1452 | [Owner : SYSTEM | Parent : 880(services.exe) | 10.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1508 | [Owner : SYSTEM | Parent : 880(services.exe) | 15.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1560 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 19.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1620 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.19 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1656 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.72 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [11/11/2018 15:40:18] CPU Usage:0 %
1680 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1708 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1788 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1796 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1872 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1912 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 18.15 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1940 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1984 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1992 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1408 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.73 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2192 | [Owner : SYSTEM | Parent : 1656(NVDisplay.Container.exe) | 41.8 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [11/11/2018 15:40:18] CPU Usage:0 %
2268 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 16.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2404 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2460 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 8.19 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2468 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 6.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2476 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2536 | [Owner : SYSTEM | Parent : 880(services.exe) | 11.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2616 | [Owner : SYSTEM | Parent : 880(services.exe) | 14.66 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 %
2680 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2724 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2808 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 17.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2916 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 17.69 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2924 | [Owner : SYSTEM | Parent : 880(services.exe) | 7.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2932 | [Owner : SYSTEM | Parent : 880(services.exe) | 23.44 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2940 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 12.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2948 | [Owner : SYSTEM | Parent : 880(services.exe) | 17.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2956 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 6.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3028 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3044 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.85 Mo] - (.VIA Technologies, Inc. - Service binary.) - (0.1.0.0) = C:\Windows\System32\ViakaraokeSrv.exe [11/09/2015 05:06:52] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 880(services.exe) | 20.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3060 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2288 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.74 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [17/12/2018 04:29:48] CPU Usage:0 %
3096 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.61 Mo] - (.Microsoft Corporation - Windows IP Over USB PC Service.) - (10.0.10586.15) = C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [20/11/2015 04:47:22] CPU Usage:0 %
3132 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 12.37 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2354.7482) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [11/11/2018 15:40:49] CPU Usage:0 %
3140 | [Owner : SYSTEM | Parent : 880(services.exe) | ???] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [18/08/2018 00:30:41] CPU Usage:0 %
3200 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.64 Mo] - (.Comodo - Chromodo.) - (1.0.0.1) = C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [11/05/2016 13:39:58] CPU Usage:0 %
3272 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3308 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 5.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3448 | [Owner : SYSTEM | Parent : 880(services.exe) | 12.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3540 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3572 | [Owner : SYSTEM | Parent : 880(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3960 | [Owner : SYSTEM | Parent : 880(services.exe) | 22.73 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
4188 | [Owner : LOCAL SERVICE | Parent : 2268(svchost.exe) | 13.12 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [12/06/2019 19:29:29] CPU Usage:0 %
4432 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2912 | [Owner : SYSTEM | Parent : 880(services.exe) | 14.57 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
5768 | [Owner : SYSTEM | Parent : 944(svchost.exe) | 17.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 %
4976 | [Owner : Administrátor | Parent : 1620(svchost.exe) | 25.74 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 %
4876 | [Owner : Administrátor | Parent : 880(services.exe) | 19.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
828 | [Owner : Administrátor | Parent : 880(services.exe) | 29.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
4596 | [Owner : Administrátor | Parent : 1508(svchost.exe) | 6.81 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [15/03/2019 17:04:46] CPU Usage:0 %
1440 | [Owner : SYSTEM | Parent : 880(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1632 | [Owner : Administrátor | Parent : 1440(svchost.exe) | 14.94 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 %
3040 | [Owner : Administrátor | Parent : 3244() | 118.78 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.17134.677) = C:\Windows\explorer.exe [09/04/2019 19:41:05] CPU Usage:0 %
3120 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 17.22 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1280 | [Owner : Administrátor | Parent : 944(svchost.exe) | 22.62 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 %
6568 | [Owner : Administrátor | Parent : 944(svchost.exe) | 81.62 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe [14/05/2019 23:19:45] CPU Usage:0 %
6784 | [Owner : Administrátor | Parent : 944(svchost.exe) | 162.11 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.829) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe [12/06/2019 19:29:49] CPU Usage:0 %
6840 | [Owner : Administrátor | Parent : 944(svchost.exe) | 22.29 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7144 | [Owner : Administrátor | Parent : 944(svchost.exe) | 20.37 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
6044 | [Owner : Administrátor | Parent : 944(svchost.exe) | 124.26 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe [28/06/2019 16:07:44] CPU Usage:0 %
6520 | [Owner : Administrátor | Parent : 944(svchost.exe) | 11.99 Mo] - (.-.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe [28/06/2019 16:07:44] CPU Usage:0 %
6564 | [Owner : Administrátor | Parent : 944(svchost.exe) | 20.59 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7192 | [Owner : Administrátor | Parent : 944(svchost.exe) | 12.97 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.753) = C:\Windows\System32\SettingSyncHost.exe [14/05/2019 23:19:39] CPU Usage:0 %
7744 | [Owner : Administrátor | Parent : 944(svchost.exe) | 26.21 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7928 | [Owner : Administrátor | Parent : 944(svchost.exe) | 13.57 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 %
1308 | [Owner : SYSTEM | Parent : 880(services.exe) | 37.11 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [09/04/2019 19:41:04] CPU Usage:0 %
8124 | [Owner : SYSTEM | Parent : 880(services.exe) | 12.06 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8388 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.61 Mo] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (5.0.1.406) = C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [26/02/2015 11:15:54] CPU Usage:0 %
7524 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.31 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9384 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 10 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9924 | [Owner : Administrátor | Parent : 7744(RuntimeBroker.exe) | 48.81 Mo] - (.Microsoft Corporation - SkypeBridge.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe [28/06/2019 16:07:44] CPU Usage:0 %
9948 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9372 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 15.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9064 | [Owner : Administrátor | Parent : 3084() | 27.65 Mo] - (.IObit - UninstallerMonitor.) - (8.0.2.1608) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe [18/08/2018 18:30:55] CPU Usage:0 %
7360 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.71 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 %
6720 | [Owner : SYSTEM | Parent : 880(services.exe) | ???] - (.Microsoft Corporation - Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 %
8020 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1392 | [Owner : Administrátor | Parent : 880(services.exe) | 11.59 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
5840 | [Owner : Administrátor | Parent : 944(svchost.exe) | 23.62 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 %
7252 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.1 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
4532 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8532 | [Owner : Administrátor | Parent : 944(svchost.exe) | 33.67 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [09/04/2019 19:41:07] CPU Usage:0 %
9184 | [Owner : SYSTEM | Parent : 944(svchost.exe) | 9.34 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %
7028 | [Owner : NETWORK SERVICE | Parent : 944(svchost.exe) | 9.15 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %
8432 | [Owner : SYSTEM | Parent : 880(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1556 | [Owner : SYSTEM | Parent : 880(services.exe) | ???] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
7204 | [Owner : SYSTEM | Parent : 880(services.exe) | 15.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2200 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.55 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8040 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 6.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8572 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8304 | [Owner : Administrátor | Parent : 3040(explorer.exe) | 59.39 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\Administrátor\Desktop\quickdiag_V5_27.02. 19.1.exe [09/07/2019 17:51:39] CPU Usage:0 %
3252 | [Owner : NETWORK SERVICE | Parent : 944(svchost.exe) | 9.39 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %

---------- | Locked Applications

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) – C:\Windows\System32\InputHost.dll
(.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 391.35.) - (23.21.13.9135) – C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll
(..-..) - (0.0.0.0) – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll
(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 391.35.) - (23.21.13.9135) – C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_c1a085cc86772d3f\nvwgf2umx_cfg.dll
(..-..) - (0.0.0.0) – C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) – C:\Windows\ShellComponents\TaskFlowUI.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) – C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.70.0.0) – C:\Program Files\WinRAR57\rarext.dll
(.Power Software Ltd.-.PowerISOShell DLL.) - (7.3.0.0) – C:\Program Files\PowerISO\PWRISOSH.DLL
(.AO Kaspersky Lab.-.Shell Extension.) - (19.0.0.1310) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll
(.AO Kaspersky Lab.-.Helper Library.) - (20.0.543.426) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (20.0.543.426) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (19.0.0.1239) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (19.0.0.1377) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\product_metainfo.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\kl_service.dll
(.IObit.-.IUMenuRightExtension.) - (1.2.0.2) – C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
(.The Eraser Project.-.Eraser Shell Extension.) - (6.2.0.2970) – C:\Program Files\Eraser\Eraser.Shell.dll
(..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) – C:\Program Files (x86)\Notepad++\NppShell_06.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (19.0.0.0) – C:\Program Files\7-Zip\7-zip.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9135) – C:\Windows\system32\nv3dappshext.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 391.35.) - (23.21.13.9135) – C:\Windows\system32\nvapi64.dll

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)

---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) – C:\Windows\System32\InputHost.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) – c:\windows\system32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
OneDrive - (“C:\Users\Administrátor\AppData\Local\Microsoft\O neDrive\OneDrive.exe” /background [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE...\Run]) - User: DESKTOP-V6VDE39\Administrátor
DAEMON Tools Lite - (“C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE...\Run]) - User: DESKTOP-V6VDE39\Administrátor
CCleaner Smart Cleaning - (“C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE...\Run]) - User: DESKTOP-V6VDE39\Administrátor
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE...\Run]) - User: Public
HDAudDeck - (C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [HKLM\SOFTWARE...\Run]) - User: Public
AvastUI.exe - (“C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui [HKLM\SOFTWARE...\Run]) - User: Public
Eraser - (“C:\Program Files\Eraser\Eraser.exe” -atRestart [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Run]
“OneDrive”=“C:\Users\Administrátor\AppData\Local\M icrosoft\OneDrive\OneDrive.exe” /background
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
“CCleaner Smart Cleaning”=“C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“OneDrive”=0x03000000049808667536D401
“DAEMON Tools Lite”=0x020000000000000000000000
“CCleaner Smart Cleaning”=0x020000000000000000000000

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“Device”=Microsoft Print to PDF,winspool,Ne01:
“IsMRUEstablished”=0
“LegacyDefaultPrinterMode”=1

[HKLM\Software\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurityHealth”=%ProgramFiles%\Windows Defender\MSASCuiL.exe
“HDAudDeck”=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
“AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui
“Eraser”=“C:\Program Files\Eraser\Eraser.exe” -atRestart

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“SecurityHealth”=0x070000007BD989607536D401
“HDAudDeck”=0x020000000000000000000000
“AvastUI.exe”=0x020000000000000000000000
“Eraser”=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32]
“SunJavaUpdateSched”=0x020000000000000000000000
“PWRISOVM.EXE”=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“Win32kLastWriteTime”=1D3D1ED98C0F7D8

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run]
“PWRISOVM.EXE”=C:\Program Files\PowerISO\PWRISOVM.EXE -startup

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player PPAPI Notifier
Adobe Flash Player Updater
ASUS Patch for VIA Audio
CCleaner Update
CCleanerSkipUAC
CreateExplorerShellUnelevatedTask
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-1001
OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-500
Uninstaller_SkipUac_Administrátor

---------- | Startings up registry ¦ Folder

---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server

[HKLM\System\CurrentControlSet\Control]
“BootDriverFlags”=28
“CurrentUser”=USERNAME
“EarlyStartServices”=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
“PreshutdownOrder”=UsoSvc
DeviceInstall
gpsvc
trustedinstaller
“SvcHostSplitThresholdInKB”=3670016
“WaitToKillServiceTimeout”=2000
“SystemStartOptions”= NOEXECUTE=OPTIN
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(2)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(1)
“LastBootSucceeded”=1
“LastBootShutdown”=1
“DirtyShutdownCount”=11

[HKLM\System\CurrentControlSet\Control\lsa]
“auditbasedirectories”=0
“auditbaseobjects”=0
“Bounds”=0x0030000000200000
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Security Packages”=“” [17/08/2018 21:43:31]
“Notification Packages”=scecli
“Authentication Packages”=msv1_0
“LsaPid”=892
“SecureBoot”=1
“ProductType”=3
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“restrictanonymous”=0
“restrictanonymoussam”=1

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Session Manager]
“AutoChkTimeout”=8
“BootExecute”=autocheck autochk *
“BootShell”=%SystemRoot%\system32\bootim.exe
“CriticalSectionTimeout”=2592000
“ExcludeFromKnownDlls”=
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“InitConsoleFlags”=0
“NumberOfInitialSessions”=2
“ObjectDirectories”=\Windows
\RPC Control
“ProcessorControl”=2
“ProtectionMode”=1
“ResourceTimeoutCount”=150
“RunLevelExecute”=WinInit
ServiceControlManager
“RunLevelValidate”=ServiceControlManager
“SETUPEXECUTE”=
“AutoChkSkipSystemPartition”=0

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“DeleteTempDirsOnExit”=1
“fDenyTSConnections”=1
“fSingleSessionPerUser”=1
“NotificationTimeOut”=0
“PerSessionTempDir”=0
“ProductVersion”=5.1
“RCDependentServices”=CertPropSvc
SessionEnv
“SnapshotMonitors”=1
“StartRCM”=0
“TSUserEnabled”=0
“InstanceID”=3291b438-f50f-495d-8ca5-5458651
“GlassSessionId”=1

---------- | .LNK with Arguments

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Control Panel\Desktop]
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretTimeout”=5000
“CaretWidth”=1
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=1
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=0
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=400
“MouseWheelRouting”=2
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“ScreenSaveActive”=1
“SnapSizing”=1
“TileWallpaper”=0
“WallPaper”=C:\Users\Administrátor\Downloads\orang e-cubes-43825-1920x1200.jpg [03/09/2018 18:37:30]
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=10
“WheelScrollChars”=3
“WheelScrollLines”=3
“WindowArrangementActive”=0
“Win8DpiScaling”=0
“DpiScalingVer”=4096
“UserPreferencesMask”=0x9E1E078012000000
“MaxVirtualDesktopDimension”=3200
“MaxMonitorDimension”=1920
“TranscodedImageCount”=2
“LastUpdated”=4294967295
“TranscodedImageCache”=0x7AC30100D9260B0080070000B 00400006A72D968A443D40143003A005C00550073006500720 073005C00410064006D0069006E006900730074007200E1007 4006F0072005C0044006F0077006E006C006F0061006400730 05C006F00720061006E00670065002D0063007500620065007 3002D00340033003800320035002D003100390032003000780 031003200300030002E006A007000670000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“LockScreenAutoLockActive”=0
“AutoColorization”=0
“ImageColor”=2940843252
“PreferredUILanguages”=en-GB
“WaitToKillAppTimeout”=2000
“HungAppTimeout”=2000

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{C6900730-7919-4222-A0A1-1C469462F10B}”=1
“{018D5C66-4533-4307-9B53-224DE2ED1FE6}”=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ExplorerStartupTraceRecorded”=1
“ShellState”=0x24000000342800000000000000000000000 0000001000000130000000000000062000000
“UserSignedIn”=1
“SlowContextMenuEntries”=0x5D54A9A2C2A0B4429708A0B 2BADD77C8A42B00001A58CE57B60C66429CA019364C90A0B38 00A00004E3AAA90BA1C3342B8BB535773D48449F1190000011 4020000000000C000000000000046A42B000060B81DB4E464D 2119906E49FADC173CAC1140000
“SIDUpdatedOnLibraries”=1
“LocalKnownFoldersMigrated”=1
“TelemetrySalt”=5
“GlobalAssocChangedCounter”=1503
“FirstRunTelemetryComplete”=1
“EdgeDesktopShortcutCreated”=1
“AppReadinessLogonComplete”=1
“PostAppInstallTasksCompleted”=1
“link”=0x1A000000
“ShowRecent”=1
“ShowFrequent”=0
“Browse For Folder Width”=318
“Browse For Folder Height”=328

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“ServerAdminUI”=0
“Hidden”=1
“ShowCompColor”=1
“HideFileExt”=0
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“ShowSuperHidden”=1
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ShowStatusBar”=1
“StoreAppsOnTaskbar”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=13
“TaskbarStateLastRun”=0x6E2C1D5D00000000
“ReindexedProfile”=1
“Start_TrackDocs”=0
“TaskbarSmallIcons”=0
“DisablePreviewDesktop”=1
“DontUsePowerShellOnWinX”=0
“TaskbarGlomLevel”=1
“MMTaskbarEnabled”=0
“MMTaskbarMode”=0
“LaunchTo”=1
“TaskbarSizeMove”=1
“Start_TrackProgs”=1
“TaskbarAutoHideInTabletMode”=0
“TypeAhead”=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\WordWheelQuery]
“MRUListEx”=0x47000000460000002F000000450000004400 0000430000004000000041000000420000003F0000003E0000 00390000003D0000003C0000003B000000130000003A000000 38000000370000003600000035000000340000003300000032 00000031000000300000002E000000120000002D0000002C00 00002B0000002A000000280000002900000025000000270000 00260000002400000023000000220000002100000020000000 0D0000001F0000001E0000001C0000001D000000100000001B 0000001A000000190000001700000018000000160000001500 000014000000110000000F0000000E00000003000000090000 000700000008000000040000000A0000000C0000000B000000 0600000005000000020000000000000001000000FFFFFFFF
“1”=0x6500660066006500630074000000
“0”=0x76006F0063000000
“2”=0x640072006900760065007200200062006F006F000000
“5”=0x2A002E00620069006E000000
“6”=0x64006F0073006E0065000000
“11”=0x75007300620065000000
“12”=0x2A002E006500780065000000
“10”=0x5500530042002E0049004E005F000000
“4”=0x74007800740073006500740075000000
“8”=0x540058005400530045005400550050002E0053004900 46000000
“7”=0x5500530042000000
“9”=0x44004F0053004E00450054002E0049004E0046000000
“3”=0x6D0061006C000000
“14”=0x6D0061006C0077006100720065000000
“15”=0x64000000
“17”=0x730065000000
“20”=0x7100360061000000
“21”=0x720039000000
“22”=0x730037000000
“24”=0x6300740066000000
“23”=0x7400720064000000
“25”=0x75006C0078000000
“26”=0x7A00670072000000
“27”=0x70006F006B000000
“16”=0x74000000
“29”=0x2D000000
“28”=0x76006C0063000000
“30”=0x770069006E0072000000
“31”=0x69006F0062000000
“13”=0x69006F000000
“32”=0x7200650063007500760061000000
“33”=0x650072000000
“34”=0x63006D0064000000
“35”=0x72006500670065000000
“36”=0x7300790074007200750073002A002E0070006400660 00000
“38”=0x61006300650072000000
“39”=0x61006300650072002E000000
“37”=0x61006300650072002E0073006500720076006900630 065002E006100630065007200730079007300740065006D007 3006500720076006900630065002E00730070006B006700000 0
“41”=0x6400650041007000700073000000
“40”=0x570065006200430061006300680065002A002E00640 0610074000000
“42”=0x680074007400700073003A002F002F0062006F006F0 06B0073002E0067006F006F0067006C0065002E0063000000
“43”=0x6D006F00620069006C000000
“44”=0x7400680065006C000000
“45”=0x6400650073006B0079002E007400780074000000
“18”=0x67000000
“46”=0x69006E000000
“48”=0x31003900390031000000
“49”=0x73006B0072000000
“50”=0x62006C0069000000
“51”=0x74007200650078000000
“52”=0x7700610072006E0069006E000000
“53”=0x610074000000
“54”=0x770061000000
“55”=0x67006F000000
“56”=0x73006300610072000000
“58”=0x73006F006C0069000000
“19”=0x61006B000000
“59”=0x7300740065000000
“60”=0x74006F000000
“61”=0x7300690072000000
“57”=0x73006900720065000000
“62”=0x76006F0069000000
“63”=0x6D006900740065000000
“66”=0x730075006D006D00650072000000
“65”=0x6C006F00760065000000
“64”=0x740061006C006B000000
“67”=0x73007400610079000000
“68”=0x6F006E006C0079000000
“69”=0x640066000000
“47”=0x670065000000
“70”=0x65007800740065000000
“71”=0x610076006100730074000000

[HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers]
“authenticodeenabled”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableFullTrustStartupTasks”=2
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableUwpStartupTasks”=2
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“SupportFullTrustStartupTasks”=1
“SupportUwpStartupTasks”=1
“ValidateAdminCodeSignatures”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0
“NoDriveTypeAutoRun”=28

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“GlobalAssocChangedCounter”=25

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windo ws\Safer\CodeIdentifiers]
“authenticodeenabled”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableFullTrustStartupTasks”=2
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableUwpStartupTasks”=2
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“SupportFullTrustStartupTasks”=1
“SupportUwpStartupTasks”=1
“ValidateAdminCodeSignatures”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0
“NoDriveTypeAutoRun”=28

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“GlobalAssocChangedCounter”=57

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“BuildNumber”=17134
“FirstLogon”=0
“PUUActive”=0x0EFB17D001000A001601D30677F34100921B 6200921B6200D20000000200DC009CB9C49ECB296F01D96045 01DACB1F0010661C009FB6090000000000513582000F4B0300 0B1E0000F9AE60297136D50177F34100000000000100000077 F34100EE4200006214000013F1360100000000
“ParseAutoexec”=1
“DP”=0xD200E800D4020A00160100000EFB17D013F13601000 00000F9AE60297136D50109603AB74136D5019F06E10000000 000FD53410099BE04000000000000000000000000000000000 000000000000000000000000000000000000000000000F03F8 0510100D1C70080300089047880891EAD5C008045080410452 864143D0F0080001287080112872A6C4B01803523260C3D2B2 60C51460080A0620823A27248237EC70080090808640B28096 4E1E0000040C8200040D865011209018008C0A01028C1B032C F3C01400134AA134535AA33EE1B00800412104004161040AD3 000C02202014026030140

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“DisableBackButton”=1
“EnableSIHostIntegration”=1
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“ReportBootOk”=1
“Shell”=explorer.exe
“ShellCritical”=0
“ShellInfrastructure”=sihost.exe
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“Userinit”=C:\Windows\system32\userinit.exe,
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“WinStationsDisabled”=0
“scremoveoption”=0
“DisableCAD”=1
“LastLogOffEndTimePerfCounter”=762818419
“ShutdownFlags”=2147483687
“DisableLockWorkstation”=0
“EnableFirstLogonAnimation”=1
“AutoLogonSID”=S-1-5-21-3472240800-3569865723-1055443696-1001
“LastUsedUsername”=Administrátor

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DefaultDomainName”=
“DefaultUserName”=
“EnableSIHostIntegration”=1
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Shell”=explorer.exe
“ShellCritical”=0
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“Userinit”=C:\Windows\system32\userinit.exe,

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\Windows\System32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\Classes\Application.Reference]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”

[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S

[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut

[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile

[HKLM\Software\WOW6432Node\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\Windows\System32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment

[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\WOW6432Node\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\Clients\StartMenuInternet\Chromodo\S hell\open\Command]
“”=“C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe”
[HKLM\Software\Clients\StartMenuInternet\Chromodo\I nstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:50:42]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Chromodo\Shell\open\Command]
“”=“C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Chromodo\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:50:42]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

---------- | AppcompatFlags

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“C:\Users\ADMINI~1\AppData\Local\Temp\pftA4D3~tmp\ Setup.exe”=1
“C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa10760 .20857\VIA_XP64_XP(v660e)\SETUP.EXE”=1
“C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.EXE”=33
“C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa10216 .18888\SETUP.EXE”=1
“C:\Users\ADMINI~1\AppData\Local\Temp\pftD71D~tmp\ Setup.exe”=1
“C:\Program Files (x86)\InstallShield Installation Information{20D4A895-748C-4D88-871C-FDB1695B0169}\SETUP.EXE”=1
“C:\Users\Administrátor\Desktop\driver\SETUP.EXE”= 1
“C:\Users\ADMINI~1\AppData\Local\Temp\pft2621~tmp\ Setup.exe”=1
“C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e _01282016\SETUP.EXE”=1
“C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa7904. 20218\v10_1200a\SETUP.EXE”=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\17.3.6816.0313\FileSyncConfig.exe”=0x534143 5001000000000000000700000028000000787C030037650400 01000000000000000000000A00210000BFA2139DEDD1D30100 00000100000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\Update\OneDriveSetup.exe”=0x534143500100000 0000000000700000028000000A0B09301B75E9401010000000 00000000000000A00210000BFA2139DEDD1D30100000001000 00000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.131.0701.0007\FileSyncConfig.exe”=0x5341 435001000000000000000700000028000000A80204003EA404 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\kts19.0.0.1088cs_14103 (1).exe”=0x534143500100000000000000070000002800000 0385A2700B77E270001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000ACD5A F00000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\chromodosetup (1).exe”=0x534143500100000000000000070000002800000 020D117034AA4180301000000000000000000000A00210000B FA2139DEDD1D3010000000000000000
“C:\Windows\Temp\chromodo_setup.exe”=0x53414350010 00000000000000700000028000000A09F3703B2E4370301000 000000000000000000A00210000BFA2139DEDD1D3010000000 00000000002000000280000000000000000000040000000000 00000000000000000000000B3B701000000000002000000020 00000
“C:\Users\Administrátor\AppData\Local\Temp\Temp1_D RIVER BOOSTER 5.1 PRO KEY Full Version (Serial Key License) 2018 CZ.zip\DRIVER BOOSTER 5.1 PRO KEY Full Version (Serial Key License) 2018 CZ\driver-booster-5-1-0-488.exe”=0x534143500100000000000000070000002800000 0580B250165A2250101000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000000000000000000000000000000000000009CD30 000000000000100000001000000
“C:\Program Files\windows nt\accessories\wordpad.exe”=0x53414350010000000000 00000700000028000000008E4400221F450001000000010000 000000000A73220000BFA2139DEDD1D3010000000000000000
“C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe”=0x534143500100000 000000000070000002800000020AB590043FE5900010000000 00000000000000A00210000BFA2139DEDD1D30100000000000 00000020000002800000000000000000000000000000000000 00000000000000000005906000000000000050000000500000 0
“C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Backup.exe”=0x5341435001000000000000 00070000002800000020151100122A11000100000000000000 0000000A00210000BFA2139DEDD1D301000000000000000002 00000028000000000000000000000000000000000000000000 00000000000024C50000000000000700000007000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe”=0x534143500100000000000000070000 002800000030290500D490050001000000000000000000000A 00210000BFA2139DEDD1D3010000000000000000
“C:\Program Files (x86)\Image-Line\FL Studio 12\FL64.exe”=0x53414350010000000000000007000000280 00000402F06002459060001000000000000000000030600010 000BFA2139DEDD1D3010000000000000000020000005000000 00000000000000000000000000000000000000000000000000 88B0101000000001B000000170000000000000000000040000 00000000000000000000000000000F1DE01000000000001000 00000000000
“C:\Program Files\WinRAR\WinRAR.exe”=0x53414350010000000000000 00700000028000000D8942200C4A3220001000000000000000 000000A00210000BFA2139DEDD1D3010000000000000000020 00000280000000000000000000000000000000000000000000 00000000000AAD2F404000000004601000046010000
“C:\Users\Administrátor\Desktop\prosoniq\Orange Vocoder\Setup.exe”=0x53414350010000000000000007000 000280000009D0D21000000000001000000000000000000010 571200000BFA2139DEDD1D3010000000000000000020000002 80000000000000000080040000000000000000000000000000 00000A53D0000000000000100000001000000
“C:\Users\Administrátor\Desktop\prosoniq\Prosoniq. Ambisone.VST.v2.02-0xdBass\Setup.exe”=0x53414350010000000000000007000 000280000001B360E000000000001000000000000000000010 571200000BFA2139DEDD1D3010000000000000000020000002 80000000000000000080040000000000000000000000000000 0000006190000000000000100000001000000
“C:\Users\Administrátor\Desktop\prosoniq\Prosoniq. Dynasone.VST.v2.02-0xdBass\Setup.exe”=0x53414350010000000000000007000 00028000000F76711000000000001000000000000000000010 571200000BFA2139DEDD1D3010000000000000000020000002 80000000000000000080040000000000000000000000000000 000008E120000000000000100000001000000
“C:\Users\Administrátor\Desktop\prosoniq\Prosoniq. PiWarp.VST.v2.02-0xdBass\Setup.exe”=0x53414350010000000000000007000 000280000003A9209000000000001000000000000000000010 571200000BFA2139DEDD1D3010000000000000000020000002 80000000000000000080040000000000000000000000000000 0000040120000000000000100000001000000
“C:\Users\Administrátor\Desktop\prosoniq\Prosoniq. Roomulator.VST.v2.02-0xdBass\Setup.exe”=0x53414350010000000000000007000 00028000000EFAC15000000000001000000000000000000010 571200000BFA2139DEDD1D3010000000000000000020000002 80000000000000000080040000000000000000000000000000 0000094110000000000000100000001000000
“C:\Users\Administrátor\Desktop\prosoniq\Prosoniq. VoxCiter.VST.v2.02-0xdBass\Setup.exe”=0x53414350010000000000000007000 00028000000B1A80F000000000001000000000000000000010 571200000BFA2139DEDD1D3010000000000000000020000002 80000000000000000080040000000000000000000000000000 000005B100000000000000100000001000000
“C:\Users\Administrátor\Desktop\iZotope Ozone 5 Advanced VST VST3 RTAS v5.01 x86 x64-ASSiGN\setup.exe”=0x534143500100000000000000070000 0028000000ACB5C90700000000010000000000000000000106 00210000BFA2139DEDD1D30100000000000000000200000028 00000000000000000000400000000000000000000000000000 000072710100000000000100000001000000
“C:\Users\Administrátor\Desktop\CamelPhat v3.30\Setup.exe”=0x5341435001000000000000000700000 028000000E30F0F00000000000100000000000000000001057 1200000BFA2139DEDD1D301000000000000000002000000280 00000000000000008004000000000000000000000000000000 000801C0000000000000100000001000000
“C:\Program Files (x86)\Native Instruments\FM8\FM8.exe”=0x53414350010000000000000 0070000002800000000701F020000000001000000000000000 000000671200000BFA2139DEDD1D3010000000000000000020 00000280000000000000000000000000000000000000000000 0000000000014370200000000000100000001000000
“C:\Program Files (x86)\Native Instruments\Massive\UNWISE.EXE”=0x5341435001000000 00000000070000002800000000B20300000000000100000000 0000000000010571200000BFA2139DEDD1D301000000000000 00000200000028000000000000000008004000000000000000 00000000000000000039B14300000000000900000009000000
“C:\Program Files (x86)\Image-Line\FL Studio 12\FL.exe”=0x5341435001000000000000000700000028000 00040DD05000AC006000100000000000000000003060001000 0BFA2139DEDD1D301000000000000000002000000500000000 000000000000000000000000000000000000000000000000B9 74012000000002100000009000000000000000000004000000 00000000000000000000000000019CFD601000000000100000 000000000
“C:\Users\Administrátor\Desktop\VST\CamelPhat v3.30\Setup.exe”=0x5341435001000000000000000700000 028000000E30F0F00000000000100000000000000000001057 1200000BFA2139DEDD1D301000000000000000002000000280 00000000000000008004000000000000000000000000000000 00028811000000000000100000001000000
“C:\Program Files (x86)\Native Instruments\FM8\UNWISE.EXE”=0x53414350010000000000 00000700000028000000008602000000000001000000000000 000000010571200000BFA2139DEDD1D3010000000000000000 02000000280000000000000000080040000000000000000000 000000000000001DF10200000000000100000001000000
“C:\UNWISE.EXE”=0x53414350010000000000000007000000 2800000000B203000000000001000000000000000000010571 200000BFA2139DEDD1D3010000000000000000020000002800 00000000000000080040000000000000000000000000000000 00E4230000000000000300000003000000
“C:\Program Files (x86)\Native Instruments\Massive\UNWISE_IObitDel.EXE”=0x5341435 00100000000000000070000002800000000B20300000000000 1000000000000000000010571200000BFA2139DEDD1D301000 00000000000000200000028000000000000000008004000000 0000000000000000000000000003F0D0000000000000100000 001000000
“C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe”=0x534143500100000 0000000000700000028000000109D4C002A964D00010000000 00000000000000A00210000BFA2139DEDD1D30100000000000 00000020000002800000000000000000000000000000000000 00000000000000000004F55010000000000280000002800000 0
“C:\Program Files (x86)\IObit\IObit Uninstaller\AUpdate.exe”=0x53414350010000000000000 00700000028000000107502005031030001000000000000000 000000A00210000BFA2139DEDD1D3010000000000000000020 00000280000000000000000000000000000000000000000000 000000000003C030000000000003C0000003C000000
“C:\Users\Administrátor\Desktop\Native Instruments Massive v1.0.1.008 VST uploaded By HHsamples.blogspot.com\setup.exe”=0x534143500100000000000000070000002800 0000E174980200000000010000000000000000000105712000 00BFA2139DEDD1D30100000000000000000200000050000000 000002060008006000000000000000000000000000000000F6 63040000000000010000000100000000000000000800400000 00000000000000000000000000004D26050000000000040000 0000000000
“C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe”=0x534143500100 0000000000000700000028000000B81E110091011200010000 00000000000000000A00210000BFA2139DEDD1D30100000000 00000000020000002800000000000000000000000000000000 0000000000000000000000AE053C0D00000000180000001800 0000
“C:\Users\Administrátor\Desktop\ATF-Cleaner.exe”=0x53414350010000000000000007000000280 0000000C600000000000001000000000000000000000671020 000BFA2139DEDD1D3010000000000000000050000001000000 00000000000000000000000000000000002000000280000000 00000000000004000000000000000000000000000000000C2D 70000000000002B0000002B000000
“C:\Program Files (x86)\Native Instruments\Massive\Massive.exe”=0x534143500100000 000000000070000002800000000400D0300000000010000000 00000000000000671200000BFA2139DEDD1D30100000000000 00000020000002800000000000000000000000000000000000 0000000000000000000C493000000000000010000000100000 0
“E:\Program Files\Image-Line\FL Studio 123\FL123.exe”=0x534143500100000000000000070000002 800000040DD05000AC00600010000000000000000000306000 10000BFA2139DEDD1D30100000000000000000200000028000 00000000000000000000000000000000000000000000000000 06EF20A00000000000200000002000000
“C:\Program Files\HWiNFO64\HWiNFO64.EXE”=0x5341435001000000000 00000070000002800000020F63F009B2940000100000000000 0000000000A00210000BFA2139DEDD1D301000000000000000 00200000028000000000000000000004000000000000000000 000000000000000B9D02F00000000000A0000000A000000
“E:\Program Files\HWiNFO32\HWiNFO32.EXE”=0x5341435001000000000 00000070000002800000070F23100F73932000100000000000 0000000000A00210000BFA2139DEDD1D301000000000000000 00500000010000000000000000000000000000000000000000 20000002800000000000000000000400000000000000000000 00000000000009F600D00000000000300000003000000
“C:\Users\Administrátor\Desktop\Hobo.Tough.Life.v0 .23.018\HoboRPG.exe”=0x534143500100000000000000070 0000028000000008A5C0100000000010000000000000000000 00A00210000BFA2139DEDD1D30100000000000000000200000 02800000000000000000000000000000000000000000000000 0000000D4D13703000000001200000012000000
“C:\Users\Administrátor\Downloads\daemon-tools-lite-5-0-1.exe”=0x53414350010000000000000007000000280000002 8C5C900E2FFC90001000000000000000000010600010000BFA 2139DEDD1D3010000000000000000020000002800000000000 00000000040000000000000000000000000000000007677D50 0000000000100000001000000
“SIGN.MEDIA=3E4F1F0 autorun.exe”=0x53414350010000000000000007000000280 0000088B20200B219030001000000000000000000000671220 000BFA2139DEDD1D3010000000000000000020000002800000 00000000080000000000000000000000000000000000000000 CF14E00000000000700000007000000
“C:\Program Files\DAEMON Tools Lite\DTLite.exe”=0x5341435001000000000000000700000 02800000010315500DE12560001000000000000000000000A7 3220000BFA2139DEDD1D301000000000000000002000000280 00000000000000000000000000000000000000000000000000 000462B0000000000000800000008000000
“C:\Users\Administrátor\Desktop\Planet Coaster-3DM\PlanetCoaster.exe”=0x5341435001000000000000000 70000002800000000062901000000000100000000000000000 0000A73200000BFA2139DEDD1D301000000000000000002000 00028000000000000000000000000000000000000000000000 000000000DAF44300000000000300000003000000
“C:\Users\Administrátor\Desktop\Planet Coaster\PlanetCoaster.exe”=0x534143500100000000000 0000700000028000000006A9D0400000000010000000000000 00000000A73200000BFA2139DEDD1D30100000000000000000 20000002800000000000000000000000000000000000000000 00000000000000F080000000000000200000002000000
“SIGN.MEDIA=6EBA95C8 stp-pc136.exe”=0x5341435001000000000000000700000028000 000E531C300000000000100000000000000000001060001000 0BFA2139DEDD1D301000000000000000002000000280000000 00000000000004000000000000000000000000000000000A97 00400000000000200000002000000
“C:\Program Files\Planet Coaster\PlanetCoaster.exe”=0x534143500100000000000 000070000002800000000EC050900000000010000000000000 00000000A73200000BFA2139DEDD1D30100000000000000000 20000002800000000000000000000000000000000000000000 0000000000000D459DF03000000000F0000000F000000
“C:\Program Files\Planet Coaster\unins000.exe”=0x53414350010000000000000007 00000028000000A14917000000000001000000000000000000 010600010000BFA2139DEDD1D3010000000000000000020000 00280000000000000000000040000000000000000000000000 00000000DD240000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\iview451_x64_setup (1).exe”=0x534143500100000000000000070000002800000 088E2350048BD360001000000000000000000000A73220000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000040000000000000000000000000000000008CAC0 000000000000100000001000000
“C:\Program Files\IrfanView\i_view64.exe”=0x534143500100000000 000000070000002800000088642200AB242300010000000000 00000000000A73200000BFA2139DEDD1D30100000000000000 00020000002800000000000000000000000000000000000000 00000000000000002BDD240300000000B00A0000B00A0000
“C:\Users\Administrátor\Downloads\vlc-3.0.4-win64.exe”=0x5341435001000000000000000700000028000 000400879026D56790201000000000000000000000A0021000 0BFA2139DEDD1D301000000000000000002000000280000000 00000000000004000000000000000000000000000000000AD9 C0000000000000100000001000000
“C:\Program Files\VideoLAN\VLC\vlc.exe”=0x53414350010000000000 00000700000028000000C80A0F00A7180F0001000000000000 000000000600010000BFA2139DEDD1D3010000000000000000 02000000280000000000000000000000000000000000000000 000000000000007F2DC51E000000008E0100008E010000
“C:\Users\Administrátor\Desktop\adwcleaner_7.2.3.1 .exe”=0x5341435001000000000000000700000028000000D0 867300E857740001000000000000000000000A00210000BFA2 139DEDD1D3010000000000000000
“C:\Users\Administrátor\Downloads\ex\ExterminateIt Setup.exe”=0x5341435001000000000000000700000028000 00038CA550152F6550101000000000000000000000A0021000 0BFA2139DEDD1D301000000000000000002000000280000000 0000000000000400000000000000000000000000000000085B 00D00000000000100000001000000
“C:\Users\Administrátor\Desktop\utils\ATF-Cleaner.exe”=0x53414350010000000000000007000000280 0000000C600000000000001000000000000000000000671020 000BFA2139DEDD1D3010000000000000000050000001000000 00000000000000000000000000000000002000000280000000 00000000000004000000000000000000000000000000000F25 F0000000000000100000001000000
“C:\Users\Administrátor\Desktop\utils\adwcleaner_7 .2.3.1.exe”=0x534143500100000000000000070000002800 0000D0867300E857740001000000000000000000000A002100 00BFA2139DEDD1D30100000000000000000500000010000000 00000000000000000000000000000000020000002800000000 0000000000004000000000000000000000000000000000EA70 0000000000000100000001000000
“C:\Users\Administrátor\Desktop\RogueKiller_portab le64.exe”=0x53414350010000000000000007000000280000 0038F89D011C2E9E0101000000000000000000000A00210000 BFA2139DEDD1D3010000000000000000020000002800000000 00000000000040000000000000000000000000000000009B83 1300000000000100000001000000
“E:\Program Files\Exterminate It!\ExterminateIt.exe”=0x5341435001000000000000000 700000028000000C04B4000000000000100000000000000000 0020661220000BFA2139DEDD1D301000000000000000002000 00028000000000000000000004000000000000000000000000 0000000005D132000000000000100000001000000
“C:\Users\Administrátor\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6769.exe”=0x5341435001000000000000000700000028 00000060E2C804F022C90401000000000000000000000A0021 0000BFA2139DEDD1D301000000000000000002000000280000 00000000000000000000000000000000000000000000000000 DD5C0500000000000100000001000000
“C:\Windows\SysWOW64\Macromed\Temp{066508B3-B332-493A-B479-0C74C2978EC3}\InstallFlashPlayer.exe”=0x5341435001 00000000000000070000002800000000A60F000AF90F000100 0000000000000000000A00210000BFA2139DEDD1D301000000 00000000000500000010000000000000000000000000000000 00000000020000002800000000000000000000000000000000 0000000000000000000000A601000000000000010000000100 0000
“C:\Windows\SysWOW64\Macromed\Temp{BC8DB06E-702C-4F77-9BAB-C1CB4701B57D}\InstallFlashPlayer.exe”=0x5341435001 0000000000000007000000280000000090AE001290AE000100 0000000000000000000A00210000BFA2139DEDD1D301000000 00000000000200000028000000000000000000000000000000 00000000000000000000000062070000000000000100000001 000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.151.0729.0006\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000020F80300EE6C04 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\inkscape-0.92.3-x64 (1).exe”=0x534143500100000000000000070000002800000 07E5D05040000000001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000400000000000000000000000000000000016124 400000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\startup_14460 (1).exe”=0x534143500100000000000000070000002800000 080B326002800270001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000000000000000000000000000000000000005A20 500000000000100000001000000
“C:\totalcmd\TOTALCMD64.EXE”=0x5341435001000000000 00000070000002800000088608800E20C89000100000000000 0000000000A00210000BFA2139DEDD1D301000000000000000 00200000028000000000000000000000000000000000000000 0000000000000002A8B0300000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.151.0729.0012\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000020F30300A79504 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\DriverToolkitInstaller (1).exe”=0x534143500100000000000000070000002800000 0E05F25006CC2250001000000000000000000030600010000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000301F0 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\0009-64bit_Win7_Win8_Win81_Win10_R282 (1).exe”=0x534143500100000000000000070000002800000 04DCBC20F0000000001000000000000000000010571000000B FA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\0001-WDM_R274 (1).exe”=0x534143500100000000000000070000002800000 0FC07E8010000000001000000000000000000010571000000B FA2139DEDD1D30100000000000000000200000028000000000 0000000080040000000000000000000000000000000001F490 000000000000100000001000000
“C:\Users\Administrátor\Desktop\Nová složka\RtlUpd64.exe”=0x534143500100000000000000070 0000028000000506D250026382600010000000000000000000 00A00210000BFA2139DEDD1D30100000000000000000500000 01000000000000000000000000000000000000000020000002 80000000000000000000040000000000000000000000000000 000003F000000000000000200000002000000
“C:\Users\Administrátor\Desktop\Nová složka\RtkAudioService64.exe”=0x534143500100000000 0000000700000028000000C8170400A5250400010000000000 00000000000A73220000BFA2139DEDD1D30100000000000000 00020000002800000000000000000000000000000000000000 00000000000000007D000000000000000200000002000000
“C:\Users\Administrátor\Desktop\Nová složka\RtkNGUI64.exe”=0x53414350010000000000000007 00000028000000C8978D0050118E0001000000000000000000 030600010000BFA2139DEDD1D3010000000000000000020000 00280000000000000000000000040000000000000000000000 0000000020000000000000000300000003000000
“C:\Users\Administrátor\Desktop\Nová složka\RAVCpl64.exe”=0x534143500100000000000000070 0000028000000C89B1801B0F81801010000000000000000000 00A00210000BFA2139DEDD1D30100000000000000000200000 02800000000000000000000000000000000000000000000000 00000002F000000000000000200000002000000
“C:\Users\Administrátor\Desktop\Nová složka\RAVBg64.exe”=0x5341435001000000000000000700 000028000000C8F91600E20B17000100000000000000000000 0A73220000BFA2139DEDD1D301000000000000000002000000 28000000000000000000000000000000000000000000000000 0000001F000000000000000200000002000000
“C:\Users\Administrátor\Desktop\Nová složka\ICEsoundService64.exe”=0x534143500100000000 0000000700000028000000A8330C008E670C00010000000000 00000000000A73220000BFA2139DEDD1D30100000000000000 00020000002800000000000000000000000000000000000000 00000000000000005E000000000000000200000002000000
“C:\Users\Administrátor\Desktop\Nová složka\EP64.exe”=0x5341435001000000000000000700000 028000000C0573C0067913C0001000000000000000000000A0 0210000BFA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\Desktop\Nová složka\DTSAudioService64.exe”=0x534143500100000000 000000070000002800000030730300F2330400010000000000 00000000010673000000BFA2139DEDD1D30100000000000000 00020000002800000000000000000000000000000000000000 000000000000000010000000000000000100000001000000
“C:\Users\Administrátor\Desktop\Nová složka\CreateRtkToastLnk.exe”=0x534143500100000000 0000000700000028000000D8260100A4270100010000000000 00000000010671020000BFA2139DEDD1D30100000000000000 00020000002800000000000000000000001010000000000000 000000000000000008090000000000000100000001000000
“C:\Users\Administrátor\Desktop\Nová složka\ATKEX_cmd.exe”=0x53414350010000000000000007 00000028000000382311003E15120001000000000000000000 030671000000BFA2139DEDD1D3010000000000000000020000 00280000000000000000000000100000000000000000000000 00000000550C0000000000000200000002000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\32bit_Win7_Win8_Win81_Win10_R278 (1).exe”=0x534143500100000000000000070000002800000 0E239DC050000000001000000000000000000010571000000B FA2139DEDD1D30100000000000000000200000028000000000 0000000080040000000000000000000000000000000009F6D0 000000000000100000001000000
“C:\Users\Administrátor\Downloads\0009-64bit_Win7_Win8_Win81_Win10_R282.exe”=0x5341435001 0000000000000007000000280000004DCBC20F000000000100 0000000000000000010571000000BFA2139DEDD1D301000000 0000000000
“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe”=0x534143500 100000000000000070000002800000000D28C0092328D00010 00000000000000000030600010000BFA2139DEDD1D30100000 00000000000020000005000000000000000000000400400000 00000000000000000000000001F00000000000000010000000 10000000000000000000000040000000000000000000000000 000002E0000000000000001000000000000000600000008000 0000400000000000000
“C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe”=0x5341435001 00000000000000070000002800000000961B00126C1C000100 0000000000000000000A00210000BFA2139DEDD1D301000000 00000000000200000028000000000000000000004000000000 0000000000000000000000004C9A0000000000000300000003 000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\driver_booster_setup (1).exe”=0x534143500100000000000000070000002800000 028463B01FFB53B0101000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000140C1 100000000000100000001000000
“C:\Program Files (x86)\IObit\Driver Booster\6.0.2\unins000.exe”=0x53414350010000000000 0000070000002800000020831200E095120001000000000000 000000000A00210000BFA2139DEDD1D3010000000000000000 02000000280000000000000000000000000000000000000000 00000000000000EC390000000000000100000001000000
“C:\Users\Administrátor\Desktop\Win7_Win8_Win81_Wi n10_R282\Setup.exe”=0x5341435001000000000000000700 000028000000E03B12006E1513000100000000000000000003 0600010000BFA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\Desktop\64bit_Vista_Win7_W in8_R269.exe”=0x5341435001000000000000000700000028 0000008B40B203000000000100000000000000000001057100 0000BFA2139DEDD1D301000000000000000002000000280000 00000000000008004000000000000000000000000000000000 F8730000000000000100000001000000
“C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe”=0x53414350010000000000000007000000 28000000009009000000000001000000000000000000010571 200000BFA2139DEDD1D3010000000000000000010000000400 00000100000002000000280000000000000000080050000020 00000000000000200000000000634800000000000003000000 03000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\KMP64_1.0.0.2 (1).exe”=0x534143500100000000000000070000002800000 078EA1002BC03110201000000000000000000010600010000B FA2139DEDD1D3010000000000000000
“C:\Program Files\KMPlayer 64X\KMPlayer64.exe”=0x5341435001000000000000000700 000028000000D8760B01A6B70B010100000000000000000000 0A00210000BFA2139DEDD1D301000000000000000002000000 28000000000000000000000000000000000000000000000000 000000F89B6105000000005E0000005E000000
“C:\Users\Administrátor\Desktop\utils\adwcleaner_7 .2.4.0.exe”=0x534143500100000000000000070000002800 0000D0D87300EEAB740001000000000000000000000A002100 00BFA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\ChromeSetup (1).exe”=0x534143500100000000000000070000002800000 05841110043DD110001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000D96B0 000000000000100000001000000
“C:\ProgramData\Malwarebytes\MBAMService\instlrupd ate\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7123.exe”=0x5341435001000000000000000700000028 0000002086D0047C5FD10401000000000000000000000A0021 0000BFA2139DEDD1D301000000000000000002000000280000 00000000000000004000000000000000000000000000000000 39980000000000000100000001000000
“E:\Dst\bin\dontstarve_steam.exe”=0x53414350010000 0000000000070000002800000000F43500DA3A360001000000 000000000000030671020000BFA2139DEDD1D3010000000000 00000002000000280000000000000000000000000000000000 00000000000000000000EE1C00000000000002000000020000 00
“C:\Users\Administrátor\Desktop\dst\bin\dontstarve _steam.exe”=0x534143500100000000000000070000002800 000000F43500DA3A3600010000000000000000000306710200 00BFA2139DEDD1D30100000000000000000200000028000000 000000000000000000000000000000000000000000000000DD B4A101000000001800000018000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\driveridentifier_setup (1).exe”=0x534143500100000000000000070000002800000 0245E41000000000001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000000000000000000000000000000000000001C96A D00000000000100000001000000
“C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe”=0x534143500100000000000000070000 002800000030290500D490050001000000000000000000000A 00210000BFA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\Downloads\flashplayer31ppa u_ha_install.exe”=0x534143500100000000000000070000 0028000000F0691200D220130001000000000000000000000A 00210000BFA2139DEDD1D30100000000000000000200000028 00000000000000000000400000000000000000000000000000 000080BB0000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.172.0826.0010\FileSyncConfig.exe”=0x5341 4350010000000000000007000000280000006010040082C704 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe”=0x534143500100000 000000000070000002800000000400E00B8ED0E00010000000 00000000000000A71200000BFA2139DEDD1D30100000000000 00000
“C:\Users\Administrátor\Desktop\dont_starve\bin\do ntstarve_steam.exe”=0x5341435001000000000000000700 00002800000000BE2D00887D2E000100000000000000000000 0A71220000BFA2139DEDD1D301000000000000000002000000 28000000000000000000000000000000000000000000000000 000000FB860602000000001600000016000000
“C:\Users\Administrátor\AppData\Local\Temp\jre-8u191-windows-au.exe”=0x5341435001000000000000000700000028000000 78E11C006A471D0001000000000000000000000A71220000BF A2139DEDD1D301000000000000000002000000280000000000 000000000040000000000000000000000000000000003D7201 00000000000100000001000000
“C:\Users\Administrátor\Desktop\driver\Setup.exe”= 0x5341435001000000000000000700000028000000808A0300 D850040001000000000000000000010671220000BFA2139DED D1D30100000000000000000200000028000000000000000000 0040000000000000000000000000000000005E000000000000 000100000001000000
“C:\Users\Administrátor\Desktop\driver\VIAHDAud\HD UpDrv64.exe”=0x53414350010000000000000007000000280 00000780E0200E002030001000000000000000000010673000 000BFA2139DEDD1D3010000000000000000020000002800000 00000000000000000000200000000000000000000000000006 6090000000000000100000001000000
“C:\Users\Administrátor\Desktop\driver\VIAHDAud\HD UpDrVista64.exe”=0x5341435001000000000000000700000 028000000780A0200113802000100000000000000000001067 3000000BFA2139DEDD1D301000000000000000002000000280 00000000000000000000000020000000000000000000000000 000730C0000000000000100000001000000
“C:\Users\Administrátor\Downloads\realtek%20audio% 20Vista_R175.exe”=0x534143500100000000000000070000 0028000000C61D190100000000010000000000000000000105 71000000BFA2139DEDD1D30100000000000000000200000028 00000000000000000800400000000000000000000000000000 000033360000000000000100000001000000
“C:\Users\Administrátor\Downloads\realtek_32bit_Wi n7_Win8_Win81_R275.exe”=0x534143500100000000000000 07000000280000003D5CA00600000000010000000000000000 00010571000000BFA2139DEDD1D30100000000000000000200 00002800000000000000000800400000000000000000000000 00000000004C440000000000000100000001000000
“C:\Users\Administrátor\Downloads\0009-64bit_Win7_Win8_Win81_Win10_R282 (1).exe”=0x534143500100000000000000070000002800000 04DCBC20F0000000001000000000000000000010571000000B FA2139DEDD1D30100000000000000000200000028000000000 0000000080040000000000000000000000000000000001D310 100000000000200000002000000
“C:\Program Files (x86)\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe”=0x53414350010000000000000 00700000028000000E03B12006E15130001000000000000000 000030600010000BFA2139DEDD1D3010000000000000000020 00000280000000000000000000040000000000000000000000 00000000000D6B70000000000000100000001000000
“C:\Users\Administrátor\Downloads\64bit_Win7_Win8_ Win81_Win10_R282.exe”=0x53414350010000000000000007 000000280000004DCBC20F0000000001000000000000000000 010571000000BFA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\Downloads\398.82-desktop-win10-64bit-international-whql.exe”=0x53414350010000000000000007000000280000 0048CF9F1EA96CA01E01000000000000000000020600010000 BFA2139DEDD1D3010000000000000000020000002800000000 00000000000040000000000000000000000000000000005997 0100000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\DriverEasy_Setup (1).exe”=0x534143500100000000000000070000002800000 0D0CB3E000DAD3F0001000000000000000000000A00210000B FA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe”=0x5341435001 000000000000000700000028000000D771D607000000000100 0000000000000000010571000000BFA2139DEDD1D301000000 00000000000200000028000000000000000008004000000000 000000000000000000000000E3DC0000000000000100000001 000000
“C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e _01282016\SETUP.EXE”=0x534143500100000000000000070 0000028000000B06E03004AB90300010000000000000000000 10571000000BFA2139DEDD1D30100000000000000000200000 02800000000000000000800D00000000000000000000000000 0000000FF910000000000000100000001000000
“C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e _01282016\ViaKaraokeSrv.exe”=0x5341435001000000000 00000070000002800000090B60000987A01000100000000000 0000000010673000000BFA2139DEDD1D301000000000000000 00200000028000000000000000000000000000000000000000 0000000000000005E000000000000000100000001000000
“C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e _01282016\viaaud.exe”=0x53414350010000000000000007 00000028000000D0B42C002D042D0001000000000000000000 030673020000BFA2139DEDD1D3010000000000000000020000 00280000000000000000000000000000000000000000000000 000000002F000000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\Stereo_Mix_Plus_Setup (1).exe”=0x534143500100000000000000070000002800000 0F0B53A00C7A53B0001000000000000000000000A00210000B FA2139DEDD1D3010000000000000000
“C:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\SoundRe corderMP3.exe”=0x534143500100000000000000070000002 8000000609D4D007E6F4E00010000000000000000000106710 20000BFA2139DEDD1D30100000000000000000200000028000 00000000000000000000000000000000000000000000000000 0ECD00000000000000100000001000000
“C:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\unins00 0.exe”=0x53414350010000000000000007000000280000000 35912000000000001000000000000000000000A00210000BFA 2139DEDD1D3010000000000000000020000002800000000000 0000000004000000000000000000000000000000000BA08000 0000000000100000001000000
“C:\Users\Administrátor\Desktop\VST\U-He Zebra v2.5 b7 VSTi VST (Portable).exe”=0x53414350010000000000000007000000 2800000052EEF9000000000001000000000000000000000671 000000BFA2139DEDD1D3010000000000000000020000002800 00000000000000000000400000000000000000000000000000 0085F60000000000000100000001000000
“C:\Program Files\VSTPlugins\U-He Zebra.exe”=0x5341435001000000000000000700000028000 00025B6AA00371302000100000000000000000001060021000 0BFA2139DEDD1D301000000000000000005000000100000000 00000000000000000000000800000000200000028000000000 00000800000000000000000000000000000000000000067570 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\dpclat (1).exe”=0x534143500100000000000000070000002800000 0F0AE04005583050001000000000000000000030600010000B FA2139DEDD1D30100000000000000000200000028000000000 000000000004000000000000000000000000000000000C9C61 400000000000100000001000000
“C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe”=0x534143500100 000000000000070000002800000078BA3D00ECC73D00010000 00000000000000010671020000BFA2139DEDD1D30100000000 00000000010000000400000001000000020000005000000000 00010600000020008200000000000000800000000000006906 00000000000001000000010000000000000000000000008200 00000000000080000000000000ED2400000000000001000000 0000000006000000080000000082000000000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.192.0920.0015\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000060340400A60705 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“E:\Program Files\Bandicam\bdcam.exe”=0x5341435001000000000000 000700000028000000086E18009AA618000100000000000000 0000000A00210000BFA2139DEDD1D301000000000000000005 00000010000000000000000000000000000000000000000200 00002800000000000000000000400000000000000000000000 000000000030120000000000000100000001000000
“C:\Users\Administrátor\Downloads\bdcamsetup.exe”= 0x534143500100000000000000070000002800000048080C01 AAD20C0101000000000000000000000A00210000BFA2139DED D1D3010000000000000000
“E:\Program Files\VirtualDJ_2\virtualdj_pro.exe”=0x53414350010 0000000000000070000002800000000B848002526E20001000 000000000000000010671220000BFA2139DEDD1D3010000000 00000000002000000280000000000000000000000000203000 00000000000000000000000F30900000000000001000000010 00000
“E:\Program Files\VirtualDJ\virtualdj_pro.exe”=0x5341435001000 00000000000070000002800000000B848002526E2000100000 0000000000000010671220000BFA2139DEDD1D301000000000 00000000200000028000000000000000000000000020300000 00000000000000000000066090000000000000100000001000 000
“C:\Program Files (x86)\VirtualDJ\virtualdj_pro.exe”=0x5341435001000 00000000000070000002800000000044D00D4524D000100000 0000000000000020671220000BFA2139DEDD1D301000000000 00000000200000028000000000000000000000000000000000 0000000000000000000008286E101000000000800000008000 000
“C:\Program Files (x86)\Bandicam\bdcam.exe”=0x5341435001000000000000 000700000028000000A0035D00E27E5D000100000000000000 0000000A00210000BFA2139DEDD1D301000000000000000002 00000028000000000000000000004000000000000000000000 000000000000F95F4700000000000600000006000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.212.1021.0008\FileSyncConfig.exe”=0x5341 4350010000000000000007000000280000002031040026BC04 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\Downloads\flashplayer32ppa u_ha_install.exe”=0x534143500100000000000000070000 0028000000F06912004FC7120001000000000000000000000A 00210000BFA2139DEDD1D30100000000000000000200000028 00000000000000000000400000000000000000000000000000 0000C25B0200000000000100000001000000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x53 41435001000000000000000700000028000000005008000000 000001000000000000000000000A73200000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000010 00000000000000000000000000000000802F0A2F0000000018 00000018000000
“C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2 .10.8.0_x64__7pb5ddty8z1pa\app\Trello.exe”=0x53414 35001000000000000000700000028000000007406040000000 001000000000000000000000A00210000BFA2139DEDD1D3010 00000000000000002000000280000000000000000000000000 00000000000000000000000000000AFD0E32E0000000005000 00005000000
“E:\Program Files\CPUID\HWMonitor\HWMonitor.exe”=0x53414350010 00000000000000700000028000000D86C1A00A0981A0001000 000000000000000000A00210000BFA2139DEDD1D3010000000 00000000002000000280000000000000000000040000000000 00000000000000000000000155119000000000004000000040 00000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\WindowsDeviceRecoveryToolInstaller (1).exe”=0x534143500100000000000000070000002800000 0F0102500256C250001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000AC064 400000000000100000001000000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x53 41435001000000000000000700000028000000006208000000 000001000000000000000000000A73200000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000010 0000000000000000000000000000000038B740790000000041 00000041000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\rufus-3.4 (1).exe”=0x534143500100000000000000070000002800000 038C00F001043100001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000500000010000000000 00000000000000000000000000000020000002800000000000 0000000004000000000000000000000000000000000B96D0B0 0000000000100000001000000
“C:\Users\Administrátor\Desktop\rufus-3.4.exe”=0x534143500100000000000000070000002800000 038C00F001043100001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000040000000000000000000000000000000009BBFB 400000000002E0000002E000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.222.1104.0007\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000020570400F14C05 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“SIGN.MEDIA=6D82058C windowsxp-kb936929-sp3-x86-csy_7af606916b887dba9dd38ae282505ce2c2b81b08.exe”= 0x534143500100000000000000070000002800000028503913 A44F3A1301000000000000000000010571000000BFA2139DED D1D30100000000000000000200000028000000000000008001 000000000200000000000000000000000000D1140000000000 000100000001000000
“C:\Program Files (x86)\ProjectMyScreenApp\ProjectMyScreenApp.exe”=0 x534143500100000000000000070000002800000000E007006 681080001000000000000000000010671000000BFA2139DEDD 1D301000000000000000002000000280000000000000000000 000000000000000000000000000000000000AC805000000000 00100000001000000
“C:\Users\Administrátor\Desktop\USBFormatToolSetup .exe”=0x534143500100000000000000070000002800000016 9908000000000001000000000000000000010600010000BFA2 139DEDD1D30100000000000000000200000028000000000000 00000000000000000000000000000000000000000003C20100 000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\USBFormatToolSetup (3).exe”=0x534143500100000000000000070000002800000 0169908000000000001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000000000000000000000000000000000000008B440 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\PowerISO7-x64 (1).exe”=0x534143500100000000000000070000002800000 0B0614F00E0BE4F0001000000000000000000010600010000B FA2139DEDD1D3010000000000000000
“C:\Program Files\PowerISO\PowerISO.exe”=0x5341435001000000000 000000700000028000000E0A74800F30049000100000000000 0000000000A73200000BFA2139DEDD1D301000000000000000 00200000028000000000000000000000000000010000000000 000000000000000B4397302000000000200000002000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\PowerISO7-x64 (3).exe”=0x534143500100000000000000070000002800000 0B0614F00E0BE4F0001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000040000000000000000000000000000000008C2F0 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\PowerISO7-x64 (5).exe”=0x534143500100000000000000070000002800000 0B0614F00E0BE4F0001000000000000000000010600010000B FA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\SetupImgBurn_2.5.8.0 (1).exe”=0x534143500100000000000000070000002800000 02FF234000000000001000000000000000000010600010000B FA2139DEDD1D3010000000000000000
“C:\Program Files (x86)\ImgBurn\ImgBurn.exe”=0x534143500100000000000 000070000002800000000EC290000000000010000000000000 00000020671220000BFA2139DEDD1D30100000000000000000 20000002800000000000000000000000000000800000000000 0000000000000581D3601000000000900000009000000
“SIGN.MEDIA=159EF29E AUTORUN.EXE”=0x53414350010000000000000007000000280 0000000580100F05F010001000000000000000000010571200 000BFA2139DEDD1D3010000000000000000020000002800000 00000000080000000000008000000000000000800000000002 30F00000000000001000000010000000100000004000000010 00000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\isobuster_install (1).exe”=0x534143500100000000000000070000002800000 0E05D50006EF2500001000000000000000000000A00210000B FA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\Desktop\home\temp\cabsdk.e xe”=0x5341435001000000000000000700000028000000509A 0800C543090001000000000000000000010571000000BFA213 9DEDD1D3010000000000000000020000002800000000000000 00000000000000000000000000000000000000004A3A000000 0000000100000001000000
“C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe”=0x53414350010000 0000000000070000002800000070F37A00B2067B0001000000 000000000000000A00210000BFA2139DEDD1D3010000000000 00000002000000280000000000000000000000000000000000 00000000000000000000910B05000000000006000000060000 00
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\MEGAsyncSetup (1).exe”=0x534143500100000000000000070000002800000 0F8F1BB0162B9BC0101000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000000000000000000000000000000000000004F002 400000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\OperaSetup (1).exe”=0x534143500100000000000000070000002800000 068481E0081EB1E0001000000000000000000000A00210000B FA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\AppData\Local\Programs\Ope ra\launcher.exe”=0x5341435001000000000000000700000 02800000058F815007065160001000000000000000000000A0 0210000BFA2139DEDD1D3010000000000000000
“C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17. 10314.31700.1000_x64__8wekyb3d8bbwe\Office16\Offic eHubWin32.exe”=0x534143500100000000000000070000002 8000000B0D41D0064EE1D0001000000000000000000000A002 10000BFA2139DEDD1D30100000000000000000200000028000 00000000000000000000000000000000000000000000000000 085380000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\USBFormatToolSetup (1).exe”=0x534143500100000000000000070000002800000 0169908000000000001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000A00F0 000000000000100000001000000
“C:\Users\Administrátor\Downloads\YUMI-2.0.6.1a.exe”=0x5341435001000000000000000700000028 00000072161C00000000000100000000000000000001060001 0000BFA2139DEDD1D301000000000000000002000000280000 00000000000000004000000000000000000000000000000000 18F70200000000000100000001000000
“C:\Users\Administrátor\Desktop\kavremvr.exe”=0x53 4143500100000000000000070000002800000050E1E4009026 E50001000000000000000000000A00210000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000040 000000000000000000000000000000007B8D00000000000001 00000001000000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x53 41435001000000000000000700000028000000008008000000 000001000000000000000000000A73200000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000010 000000000000000000000000000000008194DA190000000002 00000002000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\18.240.1202.0004\FileSyncConfig.exe”=0x5341 435001000000000000000700000028000000386B0400903D05 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“E:\Program Files\PokerStars.NET\PokerStars.exe”=0x53414350010 00000000000000700000028000000A80CFA00BB1BFA0001000 000000000000000000A00210000BFA2139DEDD1D3010000000 00000000002000000280000000000000000000000000000000 00000000000000000000000D38E88020000000005000000050 00000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x 64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x5 34143500100000000000000070000002800000000800800000 0000001000000000000000000000A73200000BFA2139DEDD1D 30100000000000000000200000028000000000000000000001 00000000000000000000000000000000058CCD52C000000000 C0000000C000000
“C:\Users\Administrátor\Desktop\Harry Potter TM\System\HP.exe”=0x534143500100000000000000070000 00280000000010040000000000010000000000000000000105 71200000BFA2139DEDD1D30100000000000000000200000028 00000000000000000000000004004000000000000000000000 0000024B2B00000000000100000001000000
“C:\Users\Administrátor\Desktop\Harry Potter a Tajemná komnata\system\Game.exe”=0x53414350010000000000000 00700000028000000006005000000000001000000000000000 000010571200000BFA2139DEDD1D3010000000000000000020 00000280000000000000000000000000400400000000000000 000000000007F050300000000000100000001000000
“C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe”=0x534143500100000000000000070000 0028000000D0327E002F427E0001000000000000000000000A 71220000BFA2139DEDD1D30100000000000000000200000028 00000000000000000000000000000000000000000000000000 000052F34000000000000100000001000000
“C:\ProgramData\Malwarebytes\MBAMService\instlrupd ate\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe”=0x5341435001000000000000000700000028 0000004047D5031683D50301000000000000000000000A0021 0000BFA2139DEDD1D301000000000000000002000000280000 00000000000000004000000000000000000000000000000000 45B00000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.002.0107.0008\FileSyncConfig.exe”=0x5341 435001000000000000000700000028000000308104006ACC04 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\Desktop\Rain World\setup_rain_world_1.015_(11365).exe”=0x534143 5001000000000000000700000028000000E0301400D3631400 01000000000000000000000A00210000BFA2139DEDD1D30100 00000000000000020000002800000000000000000000000000 0000000000000000000000000000D59A1F0100000000010000 0001000000
“C:\GOG Games\Rain World\RainWorld.exe”=0x534143500100000000000000070 0000028000000004CB10000000000010000000000000000000 00A71200000BFA2139DEDD1D30100000000000000000200000 02800000000000000108000200000000000000000000000000 000000010708802000000000800000008000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\kitd (1).exe”=0x534143500100000000000000070000002800000 080DB320062CB330001000000000000000000010571000000B FA2139DEDD1D30100000000000000000200000028000000000 00000000800400000000000000000000000000000000008300 000000000000100000001000000
“C:\Users\Administrátor\Desktop\Asus_XP\WINDOWS$Nt ServicePackUninstall$\cmd.exe”=0x53414350010000000 0000000070000002800000000EE05009424060001000000000 000000000010571000000BFA2139DEDD1D3010000000000000 00005000000100000000000000000000000000000000000000 00200000028000000000000000000004000000000000000000 000000000000000A4560500000000000100000001000000
“E:\Program Files\WinRAR\WinRAR.exe”=0x53414350010000000000000 0070000002800000090E316006B2B170001000000000000000 000000A00210000BFA2139DEDD1D3010000000000000000020 00000280000000000000000000000000000000000000000000 000000000008B530400000000000100000001000000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x 64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x5 34143500100000000000000070000002800000000800800000 0000001000000000000000000000A73200000BFA2139DEDD1D 30100000000000000000200000028000000000000000000001 000000000000000000000000000000000CB000000000000000 100000001000000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x53 41435001000000000000000700000028000000008008000000 000001000000000000000000000A73200000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000010 0000000000000000000000000000000094BFBB0F0000000005 00000005000000
“E:\Program Files\Advanced IP Scanner\advanced_ip_scanner.exe”=0x534143500100000 0000000000700000028000000A06D1300C30A1400010000000 00000000000030600010000BFA2139DEDD1D30100000000000 00000050000001000000000000000000000000000000000000 00002000000500000000000000000000000000000000000000 000000000000000005BB84B0D0000000003000000010000000 000000000000040000000000000000000000000000000005AB F9700000000000600000000000000
“E:\Documents and Settings\Adam2\Plocha\utils\ATF-Cleaner.exe”=0x53414350010000000000000007000000280 0000000C600000000000001000000000000000000000671020 000BFA2139DEDD1D3010000000000000000050000001000000 00000000000000000000000000000000002000000280000000 00000000000004000000000000000000000000000000000FC0 A0000000000000100000001000000
“C:\Users\Administrátor\Desktop\UserAssist\UserAss ist\bin\x64\Release\UserAssist.exe”=0x534143500100 00000000000007000000280000003075020004150300010000 00000000000000010673220000BFA2139DEDD1D30100000000 00000000020000002800000000000000000000000000000000 000000000000000000000006B0000000000000010000000100 0000
“C:\Users\Administrátor\Desktop\UserAssist\LastAct ivityView.exe”=0x534143500100000000000000070000002 8000000D0E8010091FF0100010000000000000000000306000 10000BFA2139DEDD1D30100000000000000000200000028000 00000000000000000400000000000000000000000000000000 0E8AB5700000000000D0000000D000000
“C:\Users\Administrátor\Desktop\os\SD OS\originaal\I386\REGEDIT.EXE”=0x53414350010000000 00000000700000028000000003C02006FBA020001000000000 000000000010571200000BFA2139DEDD1D3010000000000000 00002000000280000000000000000000000000000080000000 00000000000000000F6180000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Temp\Rar$EXa 9280.42583\RegCmd.exe”=0x5341435001000000000000000 70000002800000000FA0800000000000100000000000000000 0000A41220000BFA2139DEDD1D301000000000000000005000 00010000000000000000000000000000000000000000200000 02800000000000000000000400000000000000000000000000 0000000469F4000000000000100000001000000
“C:\Users\Administrátor\Desktop\regcmd\RegCmd.exe” =0x534143500100000000000000070000002800000000FA080 00000000001000000000000000000000A41220000BFA2139DE DD1D3010000000000000000050000001000000000000000000 00000000000000000000002000000280000000000000000000 04000000000000000000000000000000000A52300000000000 00100000001000000
“C:\Program Files\Inkscape\inkscape.exe”=0x5341435001000000000 000000700000028000000000C06005F6706000100000000000 0000000000A63200000BFA2139DEDD1D301000000000000000 00200000028000000000000000000000000000000000000000 00000000000000099A20000000000000100000001000000
“C:\Users\Administrátor\Desktop\UserAssist\regcmd\ RegCmd.exe”=0x534143500100000000000000070000002800 000000FA08000000000001000000000000000000000A412200 00BFA2139DEDD1D30100000000000000000500000010000000 00000000000000000000000000000000020000002800000000 0000000000004000000000000000000000000000000000BFD0 0300000000000100000001000000
“C:\Users\Administrátor\Downloads\rcsetup153.exe”= 0x534143500100000000000000070000002800000060E25400 9B9B550001000000000000000000010600010000BFA2139DED D1D30100000000000000000200000028000000000000000000 0040000000000000000000000000000000001035DC07000000 000100000001000000
“C:\Program Files\CCleaner\CCleaner64.exe”=0x53414350010000000 0000000070000002800000068C72B014BC92B0101000000000 000000000000A00210000BFA2139DEDD1D3010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000EA000000000000000100000001000000
“C:\Program Files\Recuva\recuva64.exe”=0x534143500100000000000 0000700000028000000D8A24B00213C4C00010000000000000 00000000A73220000BFA2139DEDD1D30100000000000000000 20000002800000000000000000000400000000000000000000 00000000000000682E104000000000800000008000000
“C:\Users\Administrátor\Downloads\Eraser_6.2.0.297 0.exe”=0x5341435001000000000000000700000028000000D 03B7F00955B7F0001000000000000000000000A71220000BFA 2139DEDD1D3010000000000000000020000002800000000000 000000000400000000000000000000000000000000011C3000 0000000000100000001000000
“C:\Program Files\Eraser\Eraser.exe”=0x53414350010000000000000 00700000028000000A8631000845E110001000000000000000 000000A75220000BFA2139DEDD1D3010000000000000000050 00000100000000000000000000000000000002000000002000 00028000000000000002000006002000000000000000000000 000000000C3C21807000000000100000001000000
“E:\Games\World_of_Tanks\WoTLauncher.exe”=0x534143 500100000000000000070000002800000008557400A4727400 01000000000000000000000A71220000BFA2139DEDD1D30100 00000000000000020000002800000000000000800000000000 0000000000000000000000000000FC2C000000000000010000 0001000000
“C:\Users\Administrátor\Downloads\winrar-x64-570.exe”=0x534143500100000000000000070000002800000 080F22F00EB88300001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000004000000000000000000000000000000000F9150 000000000000200000002000000
“C:\Program Files\WinRAR57\Rar.exe”=0x534143500100000000000000 0700000028000000D8360900A9470900010000000000000000 00000A00210000BFA2139DEDD1D30100000000000000000200 00002800000000000000000000000000000000000000000000 0000000000BB000000000000000100000001000000
“C:\Program Files\WinRAR57\WinRAR.exe”=0x534143500100000000000 0000700000028000000D8BC2200844A2300010000000000000 00000000A00210000BFA2139DEDD1D30100000000000000000 20000002800000000000000000000000000000000000000000 00000000000002D403D00000000000900000009000000
“E:\UserAssist soft\LastActivityView.exe”=0x534143500100000000000 0000700000028000000D0E8010091FF0100010000000000000 00000030600010000BFA2139DEDD1D30100000000000000000 50000001000000000000000000000000000000000000000020 00000280000000000000000000040000000000000000000000 0000000000035CD1904000000000F0000000F000000
“E:\UserAssist soft\recent files view\RecentFilesView.exe”=0x5341435001000000000000 000700000028000000D0B800001C6D01000100000000000000 0000000A71200000BFA2139DEDD1D301000000000000000005 00000010000000000000000000000000000000000000000200 00005000000000000000000000000000000000000000000000 0000000000FA91010000000000030000000300000000000000 0000004000000000000000000000000000000000B562060000 0000000100000000000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.012.0121.0011\FileSyncConfig.exe”=0x5341 435001000000000000000700000028000000308D04008E9704 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“E:\UserAssist soft\usbdeview-x64\USBDeview.exe”=0x53414350010000000000000007000 00028000000D0CE0200E807030001000000000000000000000 A00210000BFA2139DEDD1D3010000000000000000050000001 00000000000000000000000000000000000000002000000500 00000000000000000004000000000000000000000000000000 000CF380E00000000000100000001000000000000000000000 000000000000000000000000000000000A3960000000000000 100000000000000
“E:\UserAssist soft\usblogview\USBLogView.exe”=0x5341435001000000 000000000700000028000000D05A080055C708000100000000 0000000000000A00210000BFA2139DEDD1D301000000000000 00000200000028000000000000000000000000000000000000 000000000000000000B06A0000000000000100000001000000
“E:\UserAssist soft\cleanafterme.exe”=0x5341435001000000000000000 70000002800000000960000000000000100000000000000000 0010671020000BFA2139DEDD1D301000000000000000005000 00010000000000000000000000000000000000000000200000 02800000000000000000000400000000000000000000000000 0000000D7DE0000000000000100000001000000
“E:\UserAssist soft\fileactivitywatch-x64\FileActivityWatch.exe”=0x534143500100000000000 0000700000028000000D0FA01006B020200010000000000000 00000000A00210000BFA2139DEDD1D30100000000000000000 50000001000000000000000000000000000000000000000020 00000280000000000000000000040000000000000000000000 00000000000BB430100000000000200000002000000
“E:\UserAssist soft\insideclipboard\InsideClipboard.exe”=0x534143 5001000000000000000700000028000000D0B60000FC370100 01000000000000000000000A71200000BFA2139DEDD1D30100 00000000000000020000002800000000000000000000000000 00000000000000000000000000003D99010000000000010000 0001000000
“E:\UserAssist soft\keyboardstateview\KeyboardStateView.exe”=0x53 41435001000000000000000700000028000000D06601001C5F 020001000000000000000000000A00210000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000000 0000000000000000000000000000000009A102000000000002 00000002000000
“E:\UserAssist soft\muicacheview\MUICacheView.exe”=0x534143500100 00000000000007000000280000000076000000000000010000 00000000000000010671200000BFA2139DEDD1D30100000000 00000000050000001000000000000000000000000000000000 00000002000000500000000000000000000040000000000000 00000000000000000000164000000000000001000000010000 00000000000000000000000000000000000000000000000000 2F350200000000000100000000000000
“E:\UserAssist soft\passwordscan\PasswordScan.exe”=0x534143500100 0000000000000700000028000000D02A030045480300010000 00000000000000000A00210000BFA2139DEDD1D30100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 00000000000000000000DB6300000000000001000000010000 00
“E:\UserAssist soft\New folder\usbdeview-x64\USBDeview.exe”=0x53414350010000000000000007000 00028000000D0CE0200E807030001000000000000000000000 A00210000BFA2139DEDD1D3010000000000000000050000001 00000000000000000000000000000000000000002000000500 00000000000000000004000000000000000000000000000000 000CCDF0100000000000100000001000000000000000000000 0000000000000000000000000000000009D050000000000000 100000000000000
“E:\UserAssist soft\shellbagsview\ShellBagsView.exe”=0x5341435001 000000000000000700000028000000D0BA0000940401000100 0000000000000000030600010000BFA2139DEDD1D301000000 00000000000500000010000000000000000000000000000000 00000000020000005000000000000000000000000000000000 00000000000000000000005F19010000000000020000000200 00000000000000000040000000000000000000000000000000 006FB61700000000000400000000000000
“E:\UserAssist soft\uninstallview-x64\UninstallView.exe”=0x5341435001000000000000000 700000028000000D0B60200693903000100000000000000000 0000A00210000BFA2139DEDD1D301000000000000000005000 00010000000000000000000000000000000000000000200000 02800000000000000000000400000000000000000000000000 000000082220200000000000100000001000000
“E:\UserAssist soft\whatinstartup-x64\WhatInStartup.exe”=0x5341435001000000000000000 70000002800000060000200E4E502000100000000000000000 0020673220000BFA2139DEDD1D301000000000000000005000 00010000000000000000000000000000000000000000200000 02800000000000000000000400000000000000000000000000 0000000B5660400000000000100000001000000
“E:\UserAssist soft\injecteddll\InjectedDLL.exe”=0x53414350010000 00000000000700000028000000008200000000000001000000 000000000000010571200000BFA2139DEDD1D3010000000000 00000002000000280000000000000000000000000000000000 00000000000000000000604501000000000001000000010000 00
“SIGN.MEDIA=64EE0 UserAssist soft\usbdeview\USBDeview.exe”=0x534143500100000000 0000000700000028000000D000020012510200010000000000 00000000000A00210000BFA2139DEDD1D30100000000000000 00050000001000000000000000000000000000000000000000 02000000280000000000000000000040000000000000000000 0000000000000025EC0000000000000100000001000000
“E:\UserAssist soft\usbdeview\USBDeview.exe”=0x534143500100000000 0000000700000028000000D000020012510200010000000000 00000000000A00210000BFA2139DEDD1D30100000000000000 00050000001000000000000000000000000000000000000000 02000000500000000000000000000000000000000000000000 00000000000000197E00000000000007000000070000000000 000000000040000000000000000000000000000000000FB900 00000000000400000000000000
“C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18. 1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe”=0x 534143500100000000000000070000002800000048B6000063 17010001000000000000000000000A73220000BFA2139DEDD1 D3010000000000000000020000002800000000000000000000 0000000000000000000000000000000000E535000000000000 0200000002000000
“C:\Program Files (x86)\Stellar Phoenix Photo Recovery\StellarPhoenixPhotoRecovery.exe”=0x534143 50010000000000000007000000280000006866E300A4A3E300 01000000000000000000000A71220000BFA2139DEDD1D30100 00000000000000020000002800000000000000200000600000 0000000000000000000000000000FB6F010000000000010000 0001000000
“C:\Program Files (x86)\Asoftech\Data Recovery\adr.exe”=0x534143500100000000000000070000 0028000000F0142A00B10E2B0001000000000000000000000A 71220000BFA2139DEDD1D30100000000000000000500000010 00000000000000000000000000000000000000020000005000 00000000000000000040000000000000000000000000000000 00D65C00000000000002000000020000000000000000000000 00000000000000000000000000000000D81000000000000001 00000000000000
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x53 41435001000000000000000700000028000000007E08000000 000001000000000000000000000A73200000BFA2139DEDD1D3 01000000000000000002000000280000000000000000000010 00000000000000000000000000000000A9DA43160000000004 00000004000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.033.0218.0011\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000060AA0400777F05 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2 .10.12.0_x64__7pb5ddty8z1pa\app\Trello.exe”=0x5341 43500100000000000000070000002800000000929605000000 0001000000000000000000000A00210000BFA2139DEDD1D301 00000000000000000200000028000000000000000000000000 000000000000000000000000000000FDB10600000000000400 000004000000
“C:\Users\Administrátor\Downloads\ExterminateItSet up (1).exe”=0x534143500100000000000000070000002800000 048664901355B4A0101000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000004000000000000000000000000000000000DFBAD A00000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.043.0304.0007\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000030AF0400A4BA04 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\npp.7.6.6.Installer (1).exe”=0x534143500100000000000000070000002800000 06B7B36000000000001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000400000000000000000000000000000000078470 000000000000200000002000000
“C:\Program Files (x86)\Notepad++\notepad++.exe”=0x53414350010000000 00000000700000028000000006C2B000000000001000000000 000000000000A00210000BFA2139DEDD1D3010000000000000 00002000000280000000000000000000010000000000000000 00000000000000000D89A5900000000000B0000000B000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\winsdksetup (1).exe”=0x534143500100000000000000070000002800000 0509E14009ADE140001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000000000000000000000000000000000000004AFB0 600000000000100000001000000
“C:\Users\Administrátor\Desktop\XAP Deployment\XapDeploy.exe”=0x5341435001000000000000 00070000002800000050F400002E6E01000100000000000000 0000020671220000BFA2139DEDD1D301000000000000000002 00000028000000000000000000000000020000000000000000 00000000000049350000000000000300000003000000
“C:\Users\Administrátor\Desktop\XAP Deployment\XapDeployCmd.exe”=0x5341435001000000000 000000700000028000000607E00001CA600000100000000000 0000000020671220000BFA2139DEDD1D301000000000000000 00200000028000000000000000000000000000000000000000 0000000000000009C000000000000000100000001000000
“C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\Phone Registration\PhoneReg.exe”=0x534143500100000000000 0000700000028000000E0C3010088C80100010000000000000 00000010671020000BFA2139DEDD1D30100000000000000000 20000002800000000000000000000000000000000000000000 00000000000008B910800000000000100000001000000
“C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\XAP Deployment\XapDeploy.exe”=0x5341435001000000000000 000700000028000000F88B0100246202000100000000000000 0000010671020000BFA2139DEDD1D301000000000000000002 00000028000000000000000000000000000000000000000000 0000000000009F794803000000000300000003000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\WPDeviceManager (1).exe”=0x534143500100000000000000070000002800000 0EBC59600576C120001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000D8AF0 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\ZunePackage (1).exe”=0x534143500100000000000000070000002800000 0F8FCE7104ADAE81001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 0000080010000000000000000000000000000000000006CCA0 500000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\WPDeviceManager (3).exe”=0x534143500100000000000000070000002800000 0EBC59600576C120001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000000000000000000000000000000000000040460 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\WPDeviceManager (5).exe”=0x534143500100000000000000070000002800000 0EBC59600576C120001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000B2D20 000000000000100000001000000
“C:\Windows\WPDeviceManager\WPDeviceManager.exe”=0 x5341435001000000000000000700000028000000006E21000 000000001000000000000000000010671200000BFA2139DEDD 1D301000000000000000002000000280000000000000000000 00000020200000000000000000000000000071100000000000 00100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\vm_web2 (1).exe”=0x534143500100000000000000070000002800000 0500936007B8A360001000000000000000000000671020000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000400000000000000000000000000000000073480 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\WPDeviceManager (7).exe”=0x534143500100000000000000070000002800000 0EBC59600576C120001000000000000000000010600010000B FA2139DEDD1D30100000000000000000200000028000000000 0000000000000000000000000000000000000000000009E390 000000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\MTGAInstaller (1).exe”=0x534143500100000000000000070000002800000 0C87C49003B90490001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000000000000000000000000000000000000054450 700000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\WindowsDeviceRecoveryToolInstaller (2).exe”=0x534143500100000000000000070000002800000 0F0102500256C250001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000000000000000000000000000000000000000D6340 B00000000000100000001000000
“C:\Users\Administrátor\Desktop\123\APKDeployment. exe”=0x5341435001000000000000000700000028000000007 000000000000001000000000000000000000A75220000BFA21 39DEDD1D301000000000000000002000000280000000000000 0000000000000000000000000000000000000000030767F000 00000000200000002000000
“C:\Users\Administrátor\Desktop\123\vcredist_x86.e xe”=0x5341435001000000000000000700000028000000303E 6300BEF9630001000000000000000000030600010000BFA213 9DEDD1D3010000000000000000020000002800000000000000 00000000000000000000000000000000000000004723000000 0000000100000001000000
“C:\Users\Administrátor\Downloads\APKToWin10M.exe” =0x5341435001000000000000000700000028000000A6D9450 13386140001000000000000000000010600010000BFA2139DE DD1D3010000000000000000020000002800000000000000000 0000000000000000000000000000000000000428C000000000 0000200000002000000
“C:\Users\Administrátor\AppData\Roaming\Antonio de la Iglesia\APKtoW10M\prerequisites\vcredist_x86.exe”= 0x5341435001000000000000000700000028000000303E6300 BEF9630001000000000000000000030600010000BFA2139DED D1D30100000000000000000500000010000000000000000000 00000000000000000000020000002800000000000000000000 0000000000000000000000000000000000D80B000000000000 0100000001000000
“C:\Users\Administrátor\AppData\Roaming\APKTOW10M\ app\AppsAndroidEnW10Mobile.exe”=0x5341435001000000 000000000700000028000000009A0000000000000100000000 0000000000000A75220000BFA2139DEDD1D301000000000000 00000200000028000000000000000000000000000000000000 000000000000000000E4CB1200000000000100000001000000
“C:\Program Files (x86)\Windows Media Player\wmplayer.exe”=0x534143500100000000000000070 0000028000000008C02004C220300010000000100000000000 00A61220000BFA2139DEDD1D3010000000000000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.062.0331.0006\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000060BC0400AE3305 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.070.0410.0005\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000060BC04002A6905 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Program Files (x86)\Wizards of the Coast\MTGA\MtgaLauncher.exe”=0x5341435001000000000 00000070000002800000048380100091C02000100000000000 0000000000A75220000BFA2139DEDD1D301000000000000000 00200000028000000000000000000000000000000000000000 0000000000000004586B002000000001600000016000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\readerdc_uk_fb_crd_install (1).exe”=0x534143500100000000000000070000002800000 0305A1200678C120001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000000000000000000000000000000000000010521 200000000000100000001000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.070.0410.0007\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000060BC0400100C05 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\StandaloneUpdater\OneDriveSetup.exe”=0x5341 43500100000000000000070000002800000038C7F901DA35FA 0101000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“C:\Users\Administrátor\AppData\Local\Microsoft\On eDrive\19.086.0502.0006\FileSyncConfig.exe”=0x5341 43500100000000000000070000002800000038C90400218805 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000100000000
“E:\Program Files\OpenOffice 4\program\scalc.exe”=0x534143500100000000000000070 000002800000000960100CBD60100010000000000000000000 00A71220000BFA2139DEDD1D30100000000000000000200000 02800000000000000000000000000000000000000000000000 000000095C70000000000000100000001000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 435001000000000000000700000028000000F0BD1700B2B118 0001000000000000000000000A00210000BFA2139DEDD1D301 00000000000000000200000028000000000000000000000000 000000000000000000000000000000FA0D0000000000000100 000001000000
“C:\Users\Administrátor\Desktop\Asus_XP\WINDOWS\sy stem32\sndrec32.exe”=0x534143500100000000000000070 000002800000000020200A6C70200010000000000000000000 00671200000BFA2139DEDD1D30100000000000000000200000 02800000000000000000000000000020000000000000000000 0000000C5570000000000000100000001000000
“C:\Users\Administrátor\Desktop\KVRT.exe”=0x534143 50010000000000000007000000280000002809CD09C4D4CD09 01000000000000000000000A00210000BFA2139DEDD1D30100 00000000000000050000001000000000000000000000000000 00000000000002000000280000000000000000000040000000 000000000000000000000000002D7D68030000000001000000 01000000
“C:\Users\Administrátor\Downloads\ashampoo_burning _studio_free_24045.exe”=0x534143500100000000000000 0700000028000000E8007F02F0797F02010000000000000000 00000A00210000BFA2139DEDD1D30100000000000000000200 00002800000000000000000000400000000000000000000000 0000000000AC010200000000000100000001000000
“C:\Program Files\HxD\HxD.exe”=0x53414350010000000000000007000 0002800000000FA68002405690001000000000000000000000 A73220000BFA2139DEDD1D3010000000000000000020000002 80000000000000000000000000000000000000000000000000 00000ACED0000000000000200000002000000
“C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe”=0x53 4143500100000000000000070000002800000090740B004814 0C0001000000000000000000000A00210000BFA2139DEDD1D3 01000000C00000000002000000280000000000000000000000 00000000000000000000000000000000402D02000000000001 00000001000000
“C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\VSLauncher.exe”=0x5341435001000000000 000000700000028000000B0700400D91905000100000000000 0000000030600010000BFA2139DEDD1D301000000000000000 00200000028000000000000008000000000000000000000000 000000000000000E5CC0000000000000200000002000000
“E:\Program Files\RogueKiller\RogueKiller.exe”=0x5341435001000 00000000000070000002800000048F84F01351750010100000 0000000000000000A00210000BFA2139DEDD1D301000000000 00000000200000028000000000000000000004000000000000 0000000000000000000004A9D0000000000000100000001000 000
“E:\Documents and Settings\Adam2\Plocha\RogueKiller_old32.exe”=0x534 1435001000000000000000700000028000000486AB500B4A1B 50001000000000000000000000A00210000BFA2139DEDD1D30 10000000000000000020000002800000000000000000000400 000000000000000000000000000000005D2210000000000010 0000001000000
“E:\Documents and Settings\Adam2\Plocha\utils\JRT.exe”=0x53414350010 0000000000000070000002800000048501B0027F11B0001000 000000000000000010671020000BFA2139DEDD1D3010000000 00000000002000000280000000000000000000040000000000 00000000000000000000000677903000000000001000000010 00000
“C:\ProgramData\Malwarebytes\MBAMService\instlrupd ate\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11270.exe”=0x534143500100000000000000070000002 8000000E8A7D5039381D60301000000000000000000000A002 10000BFA2139DEDD1D30100000000000000000200000028000 00000000000000000400000000000000000000000000000000 003BB0000000000000100000001000000
“C:\Users\Administrátor\Desktop\adwcleaner_7.3.exe ”=0x5341435001000000000000000700000028000000D0326B 00387A6B0001000000000000000000000A00210000BFA2139D EDD1D301000000000000000005000000100000000000000000 00000000000000000000000200000028000000000000000000 00400000000000000000000000000000000051740100000000 000100000001000000
“C:\Users\Administrátor\AppData\Local\Packages\Mic rosoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downl oads\ExterminateItSetup (1).exe”=0x534143500100000000000000070000002800000 048664901355B4A0101000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 000000000004000000000000000000000000000000000224B0 000000000000100000001000000
“C:\Program Files\Exterminate It!\ExterminateIt.exe”=0x5341435001000000000000000 700000028000000D8E53700650E38000100000000000000000 0000A00210000BFA2139DEDD1D301000000000000000002000 00028000000000000000000004000000000000000000000000 0000000001A991900000000000100000001000000
“C:\Users\Administrátor\Desktop\FRST64(1).exe”=0x5 34143500100000000000000070000002800000000EE2400BE6 D250001000000000000000000000A00210000BFA2139DEDD1D 3010000000000000000
“C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe”=0x534143500100 000000000000070000002800000010390F0002F20F00010000 00000000000000000A71220000BFA2139DEDD1D30100000000 00000000050000001000000000000000000000000000000000 00000002000000280000000000000000000040000000000000 000000000000000000007A0300000000000002000000020000 00
“C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe”=0x53 4143500100000000000000070000002800000000EA08000000 000001000000000000000000000A73200000BFA2139DEDD1D3 010000000000000000
“C:\Users\Administrátor\Desktop\quickdiag_V5_27.02 .19.1.exe”=0x5341435001000000000000000700000028000 00098F74E00B9194F0001000000000000000000000A0021000 0BFA2139DEDD1D3010000000000000000

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=131790084045873249

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“ProductAppDataPath”=C:\ProgramData\Microsoft\Wind ows Defender
“ProductIcon”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
“ProductLocalizedName”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
“RemediationExe”=%ProgramFiles%\Windows Defender\MSASCui.exe
“ProductType”=2
“InstallTime”=0xC93DAF8C6136D401
“InstallLocation”=C:\Program Files\Windows Defender
“OOBEInstallTime”=0x558E24256336D401
“DisableAntiSpyware”=1
“DisableAntiVirus”=1
“ProductStatus”=0
“LastEnabledTime”=0x4DE20397502ED501
“ManagedDefenderProductType”=0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts

127.0.0.1 localhost

---------- | Ping

Pinging google.com [172.217.23.238] with 32 bytes of data:
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54

Ping statistics for 172.217.23.238:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 8ms, Average = 8ms

---------- | @

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Internet Explorer\Main]
“Anchor Underline”=yes
“Cache_Update_Frequency”=yes
“Disable Script Debugger”=yes
“DisableScriptDebuggerIE”=yes
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Local Page”=%11%\blank.htm
“Save_Session_History_On_Exit”=no
“Search Page”= Search - Microsoft Bing
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“UseClearType”=no
“XMLHTTP”=1
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page”= MSN
“ImageStoreRandomFolder”=nyt6un6
“OperationalData”=12
“CompatibilityFlags”=0
“SearchBandMigrationVersion”=1
“FullScreen”=no
“Window_Placement”=0x2C0000000000000001000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFF24000000240000004403000 0A4020000

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“DisableCachingOfSSLPages”=0
“IE5_UA_Backup_Flag”=5.0
“PrivacyAdvanced”=1
“SecureProtocols”=2688
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“CertificateRevocation”=1
“ZonesSecurityUpgrade”=0x3E8077B36136D401
“WarnonZoneCrossing”=0
“EnableNegotiate”=1
“MigrateProxy”=1
“ProxyEnable”=0
“LockDatabase”=132000651263381263

[HKLM\Software\Microsoft\Internet Explorer\Main]
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Start Page”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\System32\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Start Page”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

---------- | Proxy

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [18/10/2017 23:51:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [18/10/2017 23:51:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX64.dll [18/10/2017 23:51:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX32.dll [18/10/2017 23:58:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX32.dll [18/10/2017 23:58:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} – C:\Users\Administrátor\AppData\Local\MEGAsync\Shel lExtX32.dll [18/10/2017 23:58:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} –

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=

---------- | Toolbar

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“ITBar7Layout”=0x130000000000000000000000200000001 0000100330000000100000000070000AC01000006000000410 10000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000067C200C5BF631F4587974D720C9A2ED 90000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000
“ITBar7Layout64”=0x1300000000000000000000000400000 0100001000000000001000000000000005E010000060000004 10100000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000067C200C5BF631F4587974D720C9A2 ED900000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000
“ITBar7Height”=28

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{C500C267-63BF-451F-8797-4D720C9A2ED9}”=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{10921475-03CE-4E04-90CE-E2E7EF20C814}] → () :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] → (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [17/09/2018 23:59:09]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] → (Java™ Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [07/11/2018 15:04:50]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}] → (Java™ Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [07/11/2018 15:04:50]

---------- | Chrome

C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\extensions\amkpcclbbgegoafihnpgomddad jhcadd = : MSG_ExtensionDescription - MSG_ExtensionName - permissions:[nativeMessagingmanagementcookieswebRequest\u003Cal l_urls>webRequestBlockingstorage] - https://clients2.google.com/service/update2/crx
C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjb keiagm = : MSG_extShortDesc - name: uBlock Origin - short_name: uBlock₀ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebN avigationwebRequestwebRequestBlocking\u003Call_url s>] - https://clients2.google.com/service/update2/crx
C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Administrátor\AppData\Local\Google\Chrome \User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\amkpcclbbge goafihnpgomddadjhcadd]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions \amkpcclbbgegoafihnpgomddadjhcadd]

---------- | Opera

---------- | Firefox

[HKLM\Software\mozilla\Firefox\Extensions]
“light_plugin_F88CEF8523DE460F9FA1D6E...asp ersky.com”=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensio ns]
“light_plugin_F88CEF8523DE460F9FA1D6E...asp ersky.com”=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@java.com/DTPlugin,version=11.191.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1 .dll
[HKLM\Software\WOW6432Node\MozillaPlugins@java.com/JavaPlugin,version=11.191.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=192.168.0.1 192.168.0.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}]
“DhcpNameServer”=192.168.0.1 192.168.0.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}]
“DhcpNameServer”=192.168.0.1 192.168.0.1

---------- | Applications

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Classes\Applications\ImgBurn.exe] : “C:\Program Files (x86)\ImgBurn\ImgBurn.exe” /MODE WRITE /SOURCE “%1”
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Classes\Applications\notepad++.exe] : “C:\Program Files (x86)\Notepad++\notepad++.exe” “%1”
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Classes\Applications\WinRAR.exe] : “C:\Program Files\WinRAR\WinRAR.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\Classes\Applications\IsoBuster.exe] : “C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\i_view64.exe] : “C:\Program Files\IrfanView\i_view64.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1” /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file “%1”
[HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : “C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Iso Buster.exe] : “C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\i_v iew64.exe] : “C:\Program Files\IrfanView\i_view64.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pro vtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1” /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc .exe] : “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSL auncher.exe] : “C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
“rdxgroup”=RetailDemo
“wusvcs”=WaaSMedicSvc
“BthAppGroup”=BluetoothUserService
“BcastDVRUserService”=BcastDVRUserService
“Camera”=FrameS
“diagnostics”=DiagSvc
“PrintWorkflow”=PrintWorkflowUserSvc
“GraphicsPerfSvcGroup”=GraphicsPerfSvc
“DevicesFlow”=DevicesFlowUserSvc
DevicePickerUserSvc
“smbsvcs”=lanmanserver

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=PlugPlay
DcomLaunch
DeviceInstall
“PrintWorkflow”=PrintWorkflowUserSvc
“smbsvcs”=lanmanserver

---------- | SvcHost - Netsvcs (Whitelist)

---------- | Software

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\7-Zip]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Adobe]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Akeo Consulting]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\AppDataLow]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Ashampoo]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\ASIO4ALL v2 by Wuschel]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Aureal]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Authorsoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\BandiMPEG1]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\BANDISOFT]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Browser Cleanup]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Chromium]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Clients]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\CurioLab]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Cygwin]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Disc Soft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\DMGR2.0.0]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\DMGR2.0.6]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Eraser]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\famatech]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\FLT]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Freemake]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Ghisler]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\GOG.com]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Google]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\HWiNFO32]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\HWiNFO64]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Image-Line]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Imagination Technologies]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\ImgBurn]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\iZotope]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\JavaSoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\KasperskyLab]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\KMPlayer]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\MacheteSoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Macromedia]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Meltytech]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Native Instruments]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Netscape]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\NirSoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Opera Software]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Perun Creative]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Piriform]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Policies]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\PowerISO]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\QtProject]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\ShiningMorning]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Smart Projects]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\SoftVoice]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Stellar]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Sysinternals]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Tailored Noise]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Ubisoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\undefined]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Unity]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\VB and VBA Program Settings]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\VIA]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\VirtualDJ]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Wargaming.net]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\WinRAR]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Wizards Of The Coast]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\7-Zip]
[HKLM\Software\ASIO]
[HKLM\Software\AVAST Software]
[HKLM\Software\BandiMPEG1]
[HKLM\Software\BANDISOFT]
[HKLM\Software\Clients]
[HKLM\Software\Curiolab]
[HKLM\Software\Disc Soft]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Ghisler]
[HKLM\Software\Google]
[HKLM\Software\Image-Line]
[HKLM\Software\Intel]
[HKLM\Software\IPS]
[HKLM\Software\IrfanView]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\KMPlayer 64X]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PowerISO]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\ShiningMorning]
[HKLM\Software\SoftVoice]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\VideoLAN]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResource Manager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr ictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFir ewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\Applogon]
[HKLM\Software\WOW6432Node\Ashampoo]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASIO4ALL]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\BandiMPEG1]
[HKLM\Software\WOW6432Node\BANDISOFT]
[HKLM\Software\WOW6432Node\Camel Audio]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\Comodo]
[HKLM\Software\WOW6432Node\ComodoGroup]
[HKLM\Software\WOW6432Node\Conexant]
[HKLM\Software\WOW6432Node\Curiolab]
[HKLM\Software\WOW6432Node\Cygwin]
[HKLM\Software\WOW6432Node\famatech]
[HKLM\Software\WOW6432Node\Freemake]
[HKLM\Software\WOW6432Node\Ghisler]
[HKLM\Software\WOW6432Node\GOG.com]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Image-Line]
[HKLM\Software\WOW6432Node\ImgBurn]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\InterVideo]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\McAfee NGI]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Native Instruments]
[HKLM\Software\WOW6432Node\Notepad++]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenAL]
[HKLM\Software\WOW6432Node\Oracle]
[HKLM\Software\WOW6432Node\PowerISO]
[HKLM\Software\WOW6432Node\Propellerhead Software]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Smart Projects]
[HKLM\Software\WOW6432Node\SoftVoice]
[HKLM\Software\WOW6432Node\SRS Labs]
[HKLM\Software\WOW6432Node\Stellar Data Recovery]
[HKLM\Software\WOW6432Node\The Silicon Realms Toolworks]
[HKLM\Software\WOW6432Node\VIA Technologies, Inc]
[HKLM\Software\WOW6432Node\VirtualDJ]
[HKLM\Software\WOW6432Node\Waves Audio]
[HKLM\Software\WOW6432Node\Wise Solutions]
[HKLM\Software\WOW6432Node\Wizards of the Coast]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickN ote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Enterp riseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr ictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFir ewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives

E:

[07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - E:\install.res.1028.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - E:\install.res.1031.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - E:\install.res.1033.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - E:\install.res.1036.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell’interfaccia utente.) - [95248] - (9.0.21022.8) - E:\install.res.1040.dll
[07/11/2007 08:03:18] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - E:\install.res.1041.dll
[07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI 래퍼 리소스 DLL.) - [79888] - (9.0.21022.8) - E:\install.res.1042.dll
[07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation。保留所有权利。 - 用户界面包装资源 DLL.) - [75792] - (9.0.21022.8) - E:\install.res.2052.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - E:\install.res.3082.dll
[15/03/2019 16:57:31] - |A| - (.Copyright © 2008-2010 The Eraser Project - Eraser Setup Bootstrapper.) - [9097616] - (6.0.9.2343) - E:\Eraser 6.0.9.2343.exe
[05/03/2019 16:31:27] - |A| - (.Copyright © 2008-2015 The Eraser Project - Eraser Setup Bootstrapper.) - [8338384] - (6.2.0.2970) - E:\Eraser_6.2.0.2970.exe
[01/05/2018 00:50:53] - |AH| - (.Copyright © DreamWorks Interactive 1996 - The Neverhood.) - [202240] - (0.0.0.14) - E:\setup95.exe
[01/05/2015 00:12:26] - |SH| - (.-.) - [357] - (0.0.0.0) - E:\boot.ini
[23/12/2015 12:46:01] - |A| - (.-.) - [199] - (0.0.0.0) - E:\DARE.INI
[07/11/2007 08:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - E:\globdata.ini
[07/11/2007 08:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - E:\install.ini
[03/08/2004 22:38:34] - |RASH| - (.-.) - [47564] - (0.0.0.0) - E:\NTDETECT.COM

---------- | C:

[12/04/2018 01:38:20] - |SHD| - [3996] - C:$Recycle.Bin
[11/09/2018 22:23:37] - |D| - [121428474] - C:\AdwCleaner
[17/08/2018 21:58:52] - |RD| - [8184083228] - C:\Backup
[MD5.15A881C93E29481AEA94004DB6614D3B] - [21/03/2019 22:48:31] - |SH| - (.-.) - [80] - (0.0.0.0) - C:\bootTel.dat
[18/08/2018 18:12:25] - |D| - [15731777] - C:\Documentation
[17/08/2018 21:38:05] - |SHD| - [224384748933] - C:\Documents and Settings
[18/08/2018 18:12:26] - |D| - [50765824] - C:\DXi
[19/04/2019 21:08:32] - |D| - [0] - C:\EFSTMPWP
[09/07/2019 01:06:52] - |D| - [123239946] - C:\FRST
[14/02/2019 22:55:14] - |D| - [3302634453] - C:\GOG Games
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 21:37:57] - |ASH| - (.-.) - [5153665024] - (0.0.0.0) - C:\hiberfil.sys
[28/06/2019 20:18:37] - |AD| - [83993] - C:\KRD2018_Data
[12/09/2018 04:37:04] - |D| - [91611] - C:\KVRT_Data
[18/08/2018 18:12:25] - |D| - [291] - C:\mca
[18/08/2018 18:12:25] - |D| - [56524] - C:\motions
[MD5.B7BC766EA5C8B24A687F37951DA4F02F] - [18/08/2018 18:12:25] - |A| - (.-.) - [1546] - (0.0.0.0) - C:\Newsound.ksd
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 21:35:58] - |ASH| - (.-.) - [21474836480] - (0.0.0.0) - C:\pagefile.sys
[12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs
[12/04/2018 01:38:20] - |RD| - [12977097215] - C:\Program Files
[12/04/2018 01:38:20] - |RD| - [16984780673] - C:\Program Files (x86)
[12/04/2018 01:38:20] - |HD| - [4262543952] - C:\ProgramData
[MD5.ADB62F683FEE413129D649645E489212] - [18/08/2018 18:12:25] - |A| - (.-.) - [114] - (0.0.0.0) - C:\ProgramList.pls
[16/03/2019 12:31:23] - |D| - [6814437] - C:\psexec
[09/07/2019 18:30:25] - |D| - [68685] - C:\QuickDiag
[MD5.6D7E07E6F4183F2E5F856CB25CED71DD] - [09/07/2019 18:30:33] - |A| - (.-.) - [225378] - (0.0.0.0) - C:\QuickDiag.txt
[17/08/2018 21:38:07] - |SHD| - [0] - C:\Recovery
[07/09/2018 15:24:58] - |SHD| - [170] - C:\RECYCLER
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 21:35:58] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[17/08/2018 21:35:57] - |SHD| - [0] - C:\System Volume Information
[MD5.38FCF8ABAF0061B02450DB9E025C435D] - [18/08/2018 18:12:25] - |A| - (.-.) - [3411150] - (0.0.0.0) - C:\tables.dat
[28/06/2019 17:09:01] - |D| - [3628544] - C:\Temp
[23/09/2018 19:19:30] - |D| - [15655923] - C:\totalcmd
[11/04/2018 23:04:33] - |RD| - [224384748933] - C:\Users
[29/04/2019 19:57:33] - |D| - [103525237] - C:\Wconnect
[11/04/2018 23:04:33] - |D| - [25045789130] - C:\Windows

---------- | C:\Windows

[12/04/2018 01:38:20] - |D| - [802] - C:\Windows\addins
[12/04/2018 01:38:20] - |D| - [20358706] - C:\Windows\appcompat
[12/04/2018 01:38:20] - |D| - [8620256] - C:\Windows\apppatch
[12/04/2018 01:38:20] - |D| - [0] - C:\Windows\AppReadiness
[12/04/2018 01:38:20] - |RSD| - [987020615] - C:\Windows\assembly
[12/04/2018 01:38:20] - |D| - [720353] - C:\Windows\bcastdvr
[MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Všechna práva vyhrazena. - Boot File Servicing Utility.) - [67072] - (10.0.17134.1) - C:\Windows\bfsvc.exe
[12/04/2018 01:38:20] - |D| - [38330878] - C:\Windows\Boot
[MD5.BA67B447ACCADBAEC7238084732F78A4] - [17/08/2018 21:36:40] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[12/04/2018 01:38:21] - |D| - [2456152] - C:\Windows\Branding
[12/04/2018 01:30:02] - |D| - [0] - C:\Windows\CbsTemp
[MD5.6E42CF0D47AF25DEA4CECDBE093D521C] - [13/09/2018 12:04:51] - |N| - (.-.) - [10134] - (0.0.0.0) - C:\Windows\CmeauSPDIF2.ico
[MD5.62CAFCF34806F36D15D987D265062CF2] - [13/09/2018 12:04:47] - |N| - (.-.) - [1224] - (0.0.0.0) - C:\Windows\CMSPDIF2.ini.cfg
[MD5.5DEF8D933F313F348BC538D4A49D6394] - [13/09/2018 12:04:51] - |A| - (.-.) - [240] - (0.0.0.0) - C:\Windows\CMSPDIF2.ini.cfl
[MD5.D5BA1B1D168B1EE614EB456345D8D62C] - [13/09/2018 12:04:47] - |A| - (.-.) - [340] - (0.0.0.0) - C:\Windows\CMSPDIF2.ini.imi
[MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 17:52:34] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\Windows\Core.xml
[12/04/2018 17:50:08] - |D| - [100352] - C:\Windows\cs-CZ
[12/04/2018 01:38:21] - |D| - [11482410] - C:\Windows\Cursors
[12/04/2018 01:38:21] - |D| - [414999] - C:\Windows\debug
[12/04/2018 01:38:21] - |D| - [4851225] - C:\Windows\diagnostics
[MD5.9CADC91DF349C198FFB5477A5B23B6C2] - [13/09/2018 12:04:47] - |A| - (.© Microsoft Corporation. - Driver Install Frameworks for API library module.) - [524768] - (2.1.0.0) - C:\Windows\difxapi.dll
[12/04/2018 17:50:08] - |D| - [0] - C:\Windows\DigitalLocker
[12/04/2018 01:38:21] - |SD| - [715601] - C:\Windows\Downloaded Program Files
[12/04/2018 01:38:21] - |HD| - [110120] - C:\Windows\ELAMBKUP
[04/03/2019 00:03:31] - |D| - [47104] - C:\Windows\en-GB
[12/04/2018 17:50:08] - |D| - [49152] - C:\Windows\en-US
[MD5.C8FB56B60458B09C1CAEBD4DAF1AC8BB] - [09/04/2019 19:41:05] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [3933296] - (10.0.17134.677) - C:\Windows\explorer.exe
[12/04/2018 01:38:21] - |RSD| - [394030432] - C:\Windows\Fonts
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\GameBarPresenceWriter
[12/04/2018 01:38:21] - |D| - [57955547] - C:\Windows\Globalization
[12/04/2018 01:38:21] - |D| - [72448722] - C:\Windows\Help
[MD5.30D302335B017DC3B53519BD9E33D763] - [12/02/2019 22:04:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1054720] - (10.0.17134.556) - C:\Windows\HelpPane.exe
[MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [17920] - (10.0.17134.1) - C:\Windows\hh.exe
[12/04/2018 01:38:21] - |D| - [29869] - C:\Windows\IdentityCRL
[12/04/2018 01:38:21] - |D| - [28829078] - C:\Windows\IME
[12/04/2018 01:38:21] - |RD| - [8496097] - C:\Windows\ImmersiveControlPanel
[12/04/2018 01:36:48] - |D| - [83450904] - C:\Windows\INF
[12/04/2018 01:38:21] - |D| - [1345615377] - C:\Windows\InfusedApps
[12/04/2018 01:38:21] - |D| - [38137502] - C:\Windows\InputMethod
[MD5.84CE93815F9770CF85519294973060A2] - [13/09/2018 12:04:51] - |N| - (.-.) - [246896] - (0.0.0.0) - C:\Windows\Install-01.bmp
[MD5.93389DD11FDA10EEA7B43907D0E345D3] - [13/09/2018 12:04:51] - |N| - (.-.) - [98638] - (0.0.0.0) - C:\Windows\Install-02.bmp
[12/04/2018 01:38:21] - |SHD| - [650747105] - C:\Windows\Installer
[18/08/2018 01:37:27] - |D| - [0] - C:\Windows\IObit
[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - [27/05/2019 14:36:31] - |A| - (.Copyright InstallShield Corporation, Inc. 1990-1997 - InstallShield® unInstaller.) - [306688] - (5.51.138.0) - C:\Windows\IsUninst.exe
[MD5.65577EF62A45AA9A29639BEC2649FB72] - [18/08/2018 14:58:05] - |A| - (.Copyright © 2001 Indigo Rose Corporation. All Rights Reserved - SUF60Runtime.) - [720896] - (6.0.0.3) - C:\Windows\iun6002.exe
[12/04/2018 01:38:21] - |D| - [94163] - C:\Windows\L2Schemas
[12/04/2018 01:38:21] - |HD| - [0] - C:\Windows\LanguageOverlayCache
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\LiveKernelReports
[11/04/2018 23:04:39] - |D| - [17188004] - C:\Windows\Logs
[12/04/2018 01:38:21] - |RSD| - [20486563] - C:\Windows\media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[12/04/2018 01:38:20] - |RD| - [830556677] - C:\Windows\Microsoft.NET
[12/04/2018 01:38:21] - |D| - [3135] - C:\Windows\Migration
[23/10/2018 01:33:48] - |D| - [0] - C:\Windows\Minidump
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\ModemLogs
[MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. - Notepad.) - [245760] - (10.0.17134.1) - C:\Windows\notepad.exe
[MD5.8BED73DA42C6EDFC73203C69F81ECFB6] - [16/03/2019 12:35:53] - |A| - (.-.) - [683072] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [11/11/2018 15:40:18] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [11/11/2018 15:40:49] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat
[12/04/2018 17:51:21] - |D| - [577822] - C:\Windows\OCR
[12/04/2018 01:38:21] - |RD| - [65] - C:\Windows\Offline Web Pages
[17/08/2018 22:35:29] - |D| - [3851101] - C:\Windows\Panther
[20/04/2019 23:30:09] - |D| - [0] - C:\Windows\PCHEALTH
[12/04/2018 01:38:21] - |D| - [400813] - C:\Windows\Performance
[MD5.87B8BE85FDE907910C8BEA60A1E2965E] - [18/08/2018 01:05:13] - |A| - (.-.) - [414114] - (0.0.0.0) - C:\Windows\PFRO.log
[12/04/2018 01:38:21] - |D| - [1278315] - C:\Windows\PLA
[12/04/2018 01:38:21] - |D| - [3437843] - C:\Windows\PolicyDefinitions
[17/08/2018 21:36:09] - |D| - [0] - C:\Windows\Prefetch
[12/04/2018 01:38:21] - |RD| - [1965018] - C:\Windows\PrintDialog
[12/04/2018 01:38:21] - |D| - [5479518] - C:\Windows\Provisioning
[MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Všechna práva vyhrazena. - Editor registru.) - [336384] - (10.0.17134.1) - C:\Windows\regedit.exe
[12/04/2018 01:38:21] - |D| - [22588] - C:\Windows\Registration
[12/04/2018 01:38:21] - |D| - [18677600] - C:\Windows\rescache
[12/04/2018 01:38:21] - |D| - [3801477] - C:\Windows\Resources
[MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [07/11/2018 21:53:38] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\Windows\RtlExUpd.dll
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\SchCache
[12/04/2018 01:38:21] - |D| - [122082] - C:\Windows\schemas
[12/04/2018 01:38:21] - |D| - [1099140] - C:\Windows\security
[17/08/2018 21:36:00] - |D| - [190102014] - C:\Windows\ServiceProfiles
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\ServiceState
[11/04/2018 23:04:33] - |D| - [224134777] - C:\Windows\servicing
[12/04/2018 01:41:20] - |D| - [42] - C:\Windows\Setup
[MD5.447BE2C98A2274B6A699F180F1EDADC8] - [12/06/2019 21:44:31] - |A| - (.-.) - [93440] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/03/2019 00:04:41] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[MD5.13DE8A3E20CA586E76467B1AF4EADB5A] - [07/11/2018 21:06:56] - |A| - (.-.) - [24] - (0.0.0.0) - C:\Windows\SetupTemp.ini
[12/04/2018 01:38:21] - |D| - [6443008] - C:\Windows\ShellComponents
[12/04/2018 01:38:21] - |D| - [53634048] - C:\Windows\ShellExperiences
[12/04/2018 17:51:09] - |D| - [4491568] - C:\Windows\SKB
[17/08/2018 21:38:13] - |D| - [426404466] - C:\Windows\SoftwareDistribution
[12/04/2018 01:38:21] - |D| - [104135198] - C:\Windows\Speech
[12/04/2018 01:38:21] - |D| - [50768090] - C:\Windows\Speech_OneCore
[MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\Windows\splwow64.exe
[12/04/2018 01:38:21] - |D| - [31462] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [12/04/2018 01:38:24] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[11/04/2018 23:04:33] - |D| - [5538456967] - C:\Windows\System32
[12/04/2018 01:38:21] - |D| - [226393689] - C:\Windows\SystemApps
[12/04/2018 01:38:21] - |D| - [27067217] - C:\Windows\SystemResources
[11/04/2018 23:04:41] - |D| - [1568591337] - C:\Windows\SysWOW64
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\TAPI
[12/04/2018 01:38:21] - |D| - [546] - C:\Windows\Tasks
[12/04/2018 01:38:21] - |D| - [69631614] - C:\Windows\Temp
[12/04/2018 01:38:21] - |D| - [13610496] - C:\Windows\TextInput
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\tracing
[12/04/2018 01:38:21] - |D| - [7680] - C:\Windows\twain_32
[MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\Windows\twain_32.dll
[12/04/2018 01:38:21] - |D| - [12420] - C:\Windows\Vss
[11/04/2018 23:04:37] - |D| - [25818] - C:\Windows\WaaS
[12/04/2018 01:38:21] - |D| - [15729830] - C:\Windows\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [12/04/2018 01:38:24] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [03/03/2019 23:57:25] - |A| - (.-.) - [276] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [11776] - (10.0.17134.1) - C:\Windows\winhlp32.exe
[11/04/2018 23:04:33] - |D| - [11849773052] - C:\Windows\WinSxS
[MD5.BAF20BBC7F8347E7CB410B97CE58232B] - [20/04/2019 23:30:07] - |A| - (.-.) - [575] - (0.0.0.0) - C:\Windows\wmsetup.log
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy

[11/09/2018 23:26:49] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System

[13/09/2018 12:04:47] - |A| - [289] - C:\Windows\System\CMSPDIF2.ini () - ()
[13/09/2018 12:04:51] - |A| - [134] - C:\Windows\System\Dlap.pfx () - ()

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[10/05/2011 16:42:04] - C:\Windows\Installer\1135aa.msi : (VIA Universal Setup Program - VIA Technologies, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/09/2018 23:55:51] - C:\Windows\Installer\14c6c.msi : (Kaspersky Free - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/11/2012 13:34:36] - C:\Windows\Installer\1ac06c0d.msi : (VirtualDJ PRO Full Installer - Atomix Productions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/05/2019 19:42:27] - C:\Windows\Installer\32e3449c.msi : (MTG Arena - Wizards of the Coast) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:42:22] - C:\Windows\Installer\598e9a0.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/11/2018 15:04:34] - C:\Windows\Installer\5e0c6.msi : (Java SE Runtime Environment 8 Update 191 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/11/2018 15:04:32] - C:\Windows\Installer\5e0d1.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/05/2019 03:19:20] - C:\Windows\Installer\63082ca.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/03/2019 16:31:44] - C:\Windows\Installer\8a3f155.msi : (Eraser Installer - The Eraser Project) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/11/2018 17:24:32] - [17375232] - (.().-. - ()) - C:\Windows\Installer\103161ca.msp
[18/09/2018 13:11:42] - [17960960] - (.().-. - ()) - C:\Windows\Installer\114af5.msp
[03/06/2019 12:44:23] - [4653056] - (.().-. - ()) - C:\Windows\Installer\237b323b.msp
[15/04/2019 12:05:22] - [19210240] - (.().-. - ()) - C:\Windows\Installer\31ea16a.msp
[02/10/2018 00:37:25] - [18440192] - (.().-. - ()) - C:\Windows\Installer\7f9b7f.msp
[13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\Windows\Installer\97c5280.msp

---------- | %System%*.in*

[01/10/2018 00:37:01] - [216] - C:\Windows\System32\AsPatchViaAudio.ini
[12/04/2018 01:33:56] - [3329] - C:\Windows\System32\ieuinit.inf
[17/08/2018 21:44:46] - [1689050] - C:\Windows\System32\PerfStringBackup.INI
[12/04/2018 01:34:33] - [60124] - C:\Windows\System32\tcpmon.ini
[12/04/2018 01:34:20] - [2404] - C:\Windows\System32\WimBootCompress.ini
[12/04/2018 01:34:00] - [3329] - C:\Windows\Syswow64\ieuinit.inf
[12/04/2018 01:34:49] - [2404] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.62DBDBCE2328C36DE3E23BDB6902237C] - |A| - [09/07/2019 12:57:47] - (.-.) - [1.84 Ko] - (0.0.0.0) - C:\Windows\Temp\AsPatchViaAudio.log
[MD5.FB5A3B4D2AA3FFB566DD9E8ECD6BB0B4] - |A| - [09/07/2019 18:13:35] - (.Copyright (c) 2009-2017, Comodo Security Solutions, Inc. - Comodo Dragon.) - [67920.26 Ko] - (57.0.2987.93) - C:\Windows\Temp\chromodo_setup.exe
[MD5.7B0B9255A474A097BB804AED91E0687C] - |A| - [09/07/2019 18:13:35] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\Temp\chromodo_version.inf
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 12:57:53] - [5.72 Ko] - C:\Windows\Temp\Comodo LogsFolder
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_miniTrace
[MD5.344380795A92A09FECF25804D9B76C3E] - |A| - [09/07/2019 13:01:48] - (.-.) - [14.64 Ko] - (0.0.0.0) - C:\Windows\Temp\HighPerformancePlan.log
[MD5.5DFDCEC26AB9C57AA3A9FC98896BA150] - |A| - [09/07/2019 13:01:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\Temp\PowerPlan.log
[MD5.3893C9004C127FE8D9A1FFE39394BDC7] - |A| - [09/07/2019 17:41:08] - (.-.) - [46.06 Ko] - (0.0.0.0) - C:\Windows\Temp\sa.9NBLGGH444L4_0__.Public.Install Agent.dat
[MD5.00C32385E1226D6021A02D30CDC61053] - |A| - [09/07/2019 13:01:43] - (.-.) - [10.88 Ko] - (0.0.0.0) - C:\Windows\Temp\UsoStoreFile.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:09] - [0 Ko] - C:\Windows\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\System32@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\Windows\System32@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\System32@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\System32@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\System32@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\System32@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\Windows\System32@WiFiNotificationIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\Windows\System32@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\Windows\System32@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\Windows\System32\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\as-IN
[MD5.96CBFC8DB8026CB0092D3BDF09CD8079] - |A| - [01/10/2018 00:37:01] - (.©ASUSTek Computer INC. All right reserved. - ASUS Patch For VIA Audio.) - [156.69 Ko] - (1.0.0.1) - C:\Windows\System32\AsPatchViaAudio.exe
[MD5.E378A364E0B7D3792820F0757C45DB8F] - |A| - [01/10/2018 00:37:01] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\Windows\System32\AsPatchViaAudio.ini
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\Windows\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\az-Latn-AZ
[MD5.531F17189C60ED61BDE4DCC82CC66B59] - |A| - [26/01/2017 09:26:44] - (.-.) - [73.48 Ko] - (0.0.0.0) - C:\Windows\System32\bdmjpeg64.dll
[MD5.2F42956D6772A840D47C92C48004C946] - |A| - [26/01/2017 09:26:50] - (.-.) - [74.01 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpega64.acm
[MD5.12C2E65CA9CDFB4E77B65CC311FD97C3] - |A| - [26/01/2017 09:26:46] - (.-.) - [73.51 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpegv64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [256.5 Ko] - C:\Windows\System32\bg-BG
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIco n.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIco n.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIco n.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIco n.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.contr ast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4933.63 Ko] - C:\Windows\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\bs-Latn-BA
[MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [181 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\Windows\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\System32\ca-ES-valencia
[MD5.936CCC6EADD4831CDE23393AFCD850FB] - |A| - [07/11/2018 18:42:08] - (.(c) Conexant System, Inc. - CAFAPI.) - [112.42 Ko] - (3.0.0.1) - C:\Windows\System32\Caf64api.dll
[MD5.F0D9E4A750746EB291D15798AA925D9D] - |A| - [07/11/2018 18:42:08] - (.©Conexant Systems, Inc. - Conexant Audio Processing Objects, (x64).) - [595.11 Ko] - (2.51.0.0) - C:\Windows\System32\CAF64APO2.dll
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [99176.44 Ko] - C:\Windows\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52205.96 Ko] - C:\Windows\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [23 Ko] - C:\Windows\System32\chr-CHER-US
[MD5.46ABAEA703C320E10B1A22B334BB6152] - |N| - [13/09/2018 12:04:51] - (.Copyright (C) 2011 - Vista Driver Installer.) - [798.5 Ko] - (1.0.3.3) - C:\Windows\System32\CmeauSPDIF2.exe
[MD5.11BB3D5DC9336037C14A46873FA1FFDF] - |N| - [13/09/2018 12:04:47] - (.Copyright (C) 2006 - Vista Driver Installer.) - [351 Ko] - (1.0.1.0) - C:\Windows\System32\CmiInstallResAll64.dll
[MD5.D1DA268814909698D1D503D31E8781B2] - |N| - [13/09/2018 12:04:51] - (.© C-Media Inc. - C-Media ASIO DLL.) - [31 Ko] - (7.0.12.713) - C:\Windows\System32\CMUACWOASIO64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3135.77 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [373 Ko] - C:\Windows\System32\com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [273430.26 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [83.04 Ko] - C:\Windows\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:09] - [3374.5 Ko] - C:\Windows\System32\cs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [35459.74 Ko] - C:\Windows\System32\cs-CZ
[MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\Windows\System32\curl.exe
[MD5.707DBFA069D1A078D5FC6CB57A9BB707] - |A| - [07/11/2018 21:53:41] - (.©Conexant Systems Inc. - Conexant APO.) - [1578.79 Ko] - (1.74.0.0) - C:\Windows\System32\CX64APO.dll
[MD5.42403C608F1EB6A3A003ED8949C3CE04] - |A| - [07/11/2018 18:42:08] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\Windows\System32\CX64Proxy.dll
[MD5.2B4C3D9F114EE40FEAD6A86395F2FC89] - |A| - [07/11/2018 18:42:08] - (.-.) - [5.47 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.lncs
[MD5.7C5FD3EEC5147A5C2060B080AF7604D2] - |A| - [07/11/2018 18:42:08] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.prop
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\Windows\System32\da-DK
[MD5.48E51DAA9278C41213957795D439A274] - |A| - [07/11/2018 19:26:17] - (.-.) - [138 Ko] - (0.0.0.0) - C:\Windows\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2018 15:10:20] - [14215.07 Ko] - C:\Windows\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [30/09/2018 15:10:20] - [6813.54 Ko] - C:\Windows\System32\DAX3
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\Windows\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [355 Ko] - C:\Windows\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [13/11/2018 20:38:06] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\Windows\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\DetailedReading-Default.xml
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [949 Ko] - C:\Windows\System32\DiagSvcs
[MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9764.27 Ko] - C:\Windows\System32\Dism
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.contras t-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.png
[MD5.B692F28F37DEFAA40086C2F347207BEE] - |A| - [07/11/2018 21:53:42] - (.(c) DTS. - DTS GFX APO.) - [488.82 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll
[MD5.7505A31B570656C12AE138B3B015BF20] - |A| - [07/11/2018 21:53:42] - (.(c) DTS. - DTS LFX APO.) - [502.46 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll
[MD5.A0C71F41AF8714B176E1B671A0451EAE] - |A| - [07/11/2018 21:53:42] - (.(c) DTS. - DTS LFX APO.) - [418.19 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicShort.bin
[MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [12/02/2019 22:04:32] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [351 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:10] - [3118 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [17519.27 Ko] - C:\Windows\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25243.09 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [340.5 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [268 Ko] - C:\Windows\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [236.5 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17201.64 Ko] - C:\Windows\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\fa-IR
[MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [18/08/2018 00:30:58] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\Windows\System32\FaceProcessor.dll
[MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [18/08/2018 00:30:26] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\Windows\System32\FaceProcessorCore.dll
[MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\Windows\System32\FaceTrackerInternal.dll
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastBulldogImg.png
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316 Ko] - C:\Windows\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\fil-PH
[MD5.71111E80B40C7292CF95807307F65F49] - |A| - [17/08/2018 21:35:59] - (.-.) - [258.85 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [276 Ko] - C:\Windows\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [351.5 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\ga-IE
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [34 Ko] - C:\Windows\System32\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\System32\gl-ES
[MD5.00000000000000000000000000000000] - |HD| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\ha-Latn-NG
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.con trast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [254.5 Ko] - C:\Windows\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.contr ast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.contras t-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.png
[MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\Windows\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [248 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321.5 Ko] - C:\Windows\System32\hu-HU
[MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\Windows\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:52:15] - [160.64 Ko] - C:\Windows\System32\hydrogen
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\Windows\System32\icuin.dll
[MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\Windows\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\System32\ig-NG
[MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\Windows\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\Windows\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\Windows\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.png
[MD5.4B50A976673054965C8D75832DD01FB6] - |A| - [07/11/2018 21:53:44] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll
[MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.contra st-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\kk-KZ
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [17/09/2018 23:59:14] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll
[MD5.EC667C2F5D3DF14ADA6E18C3428E0EA5] - |A| - [17/09/2018 23:58:52] - (.© 2018 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [148.72 Ko] - (20.0.122.0) - C:\Windows\System32\klhkum.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [233.5 Ko] - C:\Windows\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\ky-KG
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [13/11/2018 20:38:16] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\Windows\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [33 Ko] - C:\Windows\System32\lb-LU
[MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 17:51:49] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\Windows\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9148.69 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [244 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [62392.23 Ko] - C:\Windows\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.68 Ko] - C:\Windows\System32\MailContactsCalendarSync
[MD5.6C3157FD2E850739EDEA659D40D0977D] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.8 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll
[MD5.84E57F29ADF92B001C5EB4DB2AB2F7B1] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.28 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll
[MD5.963A8F89B0CC40B14F27FCAD30BE8CA3] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1138.82 Ko] - (4.5.8.0) - C:\Windows\System32\MaxxAudioAPO4064.dll
[MD5.CD896175B887ACCD27F789A2998D0774] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.21 Ko] - (5.6.5.0) - C:\Windows\System32\MaxxAudioAPO5064.dll
[MD5.CBDFB5557D482AD114B501A3FE4541BF] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.57 Ko] - (6.1.17.0) - C:\Windows\System32\MaxxAudioAPO6064.dll
[MD5.B48DE64266518A9CD20B826F595ED469] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2237.6 Ko] - (7.0.24.0) - C:\Windows\System32\MaxxAudioAPO7064.dll
[MD5.8DD9C5774067C9BE2D3A0E935D135420] - |A| - [07/11/2018 21:53:44] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.78 Ko] - (4.10.8.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll
[MD5.811ADFEF0647CF13888082F76868C16D] - |A| - [07/11/2018 18:42:10] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [24031.52 Ko] - (4.5.4.0) - C:\Windows\System32\MaxxAudioCapture64.dll
[MD5.82244FEFCFEB8B4D7CBC8212A614AB5A] - |A| - [07/11/2018 21:53:44] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll
[MD5.1076EC14B45D3AC6E2A0194844C9EFDD] - |A| - [07/11/2018 21:53:44] - (.Copyright © 1996-2013 -.) - [13727.78 Ko] - (4.4.10.0) - C:\Windows\System32\MaxxAudioRealtek64.dll
[MD5.CBBF1E407F1157AFDDF90C48C19C4894] - |A| - [07/11/2018 18:42:11] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [23207.41 Ko] - (7.5.5.0) - C:\Windows\System32\MaxxAudioRender64.dll
[MD5.7347AD6DECABD5936EA7B65F9B3D8AAD] - |A| - [07/11/2018 18:42:11] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [23303.76 Ko] - (7.5.5.0) - C:\Windows\System32\MaxxAudioRenderAVX64.dll
[MD5.D5F1490A24F91E838C1ECBD601619D4F] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.1 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll
[MD5.CFE357DBB63E9B936E88253A2BA99326] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [976.41 Ko] - (2.6.2.0) - C:\Windows\System32\MaxxVoiceAPO2064.dll
[MD5.B820ED6498F8246F8BB1D4496A80EA8D] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12815.02 Ko] - (3.1.14.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll
[MD5.76E6BD12233C8CD59524A2B5685D46BD] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12683.92 Ko] - (4.0.19.0) - C:\Windows\System32\MaxxVoiceAPO4064.dll
[MD5.ADFBDA58D830421CBF456CAAED17BBAD] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.78 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll
[MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [15/03/2019 17:04:45] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\Windows\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\mi-NZ
[MD5.00000000000000000000000000000000] - |SD| - [17/08/2018 21:35:59] - [5.07 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5576.77 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47367.95 Ko] - C:\Windows\System32\migwiz
[MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\Windows\System32\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\mn-MN
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [18/08/2018 00:37:42] - [0 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [18.65 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\Windows\System32\my-mm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [304 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [640 Ko] - C:\Windows\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\ne-NP
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [329 Ko] - C:\Windows\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\Windows\System32\Nui
[MD5.BED94E70C10EFF09AEF94D18CA7FF7F7] - |A| - [11/11/2018 15:40:26] - (.-.) - [7924.04 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin
[MD5.D2715E724478FAE559968916BD7DCADA] - |A| - [11/11/2018 15:38:56] - (.-.) - [47.27 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb
[MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [14602.25 Ko] - C:\Windows\System32\oobe
[MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [18/08/2018 01:51:42] - (.Copyright (C) 2000-2006 - Standard OpenAL™ Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\Windows\System32\OpenAL32.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:50] - [3834.5 Ko] - C:\Windows\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\pa-IN
[MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\Windows\System32\PerceptionSimulationInput.exe
[MD5.934A0D307FD2284B29660C7BA69D04DB] - |A| - [12/04/2018 17:50:13] - (.-.) - [140.95 Ko] - (0.0.0.0) - C:\Windows\System32\perfc005.dat
[MD5.DFF4920A525DA46A65ECDE4E5F3FFD0F] - |A| - [12/04/2018 01:40:29] - (.-.) - [129.59 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.EB82767CF3CCF998165C5BE732693066] - |A| - [12/04/2018 17:50:13] - (.-.) - [37.87 Ko] - (0.0.0.0) - C:\Windows\System32\perfd005.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.57CF8B41D66D488CC969D522F28AFBED] - |A| - [12/04/2018 17:50:13] - (.-.) - [698.28 Ko] - (0.0.0.0) - C:\Windows\System32\perfh005.dat
[MD5.9A7A03BC554129AFC888963B8D537100] - |A| - [12/04/2018 01:40:29] - (.-.) - [683.36 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.C6A858536F7F69A285D3C5C24F7494DD] - |A| - [17/08/2018 21:44:46] - (.-.) - [1649.46 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [693 Ko] - C:\Windows\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:10] - [969.35 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.DE94C662452FA0EC42F68A2509C55F28] - |A| - [11/09/2015 05:06:36] - (.TODO: (c) . - TODO: .) - [74.13 Ko] - (1.0.0.1) - C:\Windows\System32\PropPageExt.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [329 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [325 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\RasToast
[MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [18/08/2018 00:31:06] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\Windows\System32\rdpnano.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.09 Ko] - C:\Windows\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.png
[MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList
[MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [252 Ko] - C:\Windows\System32\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.5 Ko] - C:\Windows\System32\ru-RU
[MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [01/10/2018 12:43:46] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\Windows\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\Windows\System32\ShellExperiences
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\Windows\System32\si-lk
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [252.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [249.5 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [17/08/2018 21:36:00] - [201501.36 Ko] - C:\Windows\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:10] - [97.16 Ko] - C:\Windows\System32\slmgr
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\Windows\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.png
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.contra st-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.png
[MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7607.4 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12221.57 Ko] - C:\Windows\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44669.65 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5952.06 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\Windows\System32\sr-Latn-RS
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [18/08/2018 00:30:20] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr.dat
[MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [18/08/2018 00:30:16] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [59160 Ko] - C:\Windows\System32\sru
[MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\Windows\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1410.25 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [930.28 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\Windows\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\Windows\System32\ta-lk
[MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\Windows\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [561.44 Ko] - C:\Windows\System32\Tasks
[MD5.A3C97023CE50955FC9E7081633368209] - |A| - [12/06/2019 19:29:26] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\Windows\System32\tcbres.wim
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\te-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\System32\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [230 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [22.5 Ko] - C:\Windows\System32\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\System32\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [306.5 Ko] - C:\Windows\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlanCredentials. xslt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [246.5 Ko] - C:\Windows\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\Windows\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\ur-PK
[MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\UsbPmApi.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\vi-VN
[MD5.62E5411B06A0D66DABF79362EDAF6C50] - |A| - [11/09/2015 05:07:32] - (.(c) VIA Technologies, Inc. - ViaKaraoke APO.) - [1174.5 Ko] - (0.1.0.0) - C:\Windows\System32\ViaKaraokeApo.dll
[MD5.EF5267308844090EA030A54DF3B6D78E] - |A| - [11/09/2015 05:06:50] - (.(c)VIA Technologies,Inc. - VIA APO for MicArray Applications..) - [139.14 Ko] - (0.2.0.0) - C:\Windows\System32\ViaKaraokePropPageExt.dll
[MD5.DEFB8C7128DD1D58FA80F94A5FC92AC0] - |A| - [11/09/2015 05:06:52] - (.(c) VIA Technologies, Inc. - Service binary.) - [45.64 Ko] - (0.1.0.0) - C:\Windows\System32\ViakaraokeSrv.exe
[MD5.715D9E782AED90EE80E8D575290EB05D] - |A| - [11/09/2015 05:07:36] - (.(c)Copyright Reserved. VIA Technologies,Inc. - ViaMicArray APO.) - [1992.67 Ko] - (0.5.0.0) - C:\Windows\System32\ViaMicArrayAPO.dll
[MD5.8C51F8CB757539B45D218CBC6B4401D3] - |A| - [11/09/2015 05:06:52] - (.VIA Technologies,Inc. - VIA APO for MicArray Applications..) - [111.65 Ko] - (0.5.0.0) - C:\Windows\System32\ViaMicArrayPropPageExt.dll
[MD5.4D9B71AD5E7BB4D0C85BDCB3D34DCCE2] - |A| - [11/09/2015 05:06:56] - (.VIA Technologies, Inc. - VIA LFX/GFX DSP UI component.) - [3241.7 Ko] - (11.5.0.20) - C:\Windows\System32\VIAPropPageExt.dll
[MD5.AF12D7394C5270648C9C903E6804274C] - |A| - [11/09/2015 05:07:38] - (.Copyright (c) VIA Technologies, Inc. All Rights Reserved - VIA LFX/GFX DSP Component.) - [583.73 Ko] - (1.0.0.0) - C:\Windows\System32\VIASysFx.dll
[MD5.3B4EDABBACD35E15F87B6FAAB6F54FD0] - |A| - [11/09/2015 05:07:46] - (.Copyright (c) 2006-2013 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [2007.07 Ko] - (1.2.16.73) - C:\Windows\System32\VMAPO264.DLL
[MD5.8B75139C6732CE2B1FCEDC589209479C] - |A| - [11/09/2015 05:07:52] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [893.18 Ko] - (1.0.54.0) - C:\Windows\System32\VMAPO64.DLL
[MD5.5F8F794F80E740ED30F275E2AE1F9C43] - |A| - [11/09/2015 05:07:52] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Creative Chaining Property Page Loader Module.) - [70.85 Ko] - (1.0.0.180) - C:\Windows\System32\VMPPCN64.DLL
[MD5.E7336DBE10CEEE637F16E382BC331790] - |A| - [11/09/2015 05:07:54] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Property Page Loader Module.) - [74.92 Ko] - (1.0.54.0) - C:\Windows\System32\VMPPLD64.DLL
[MD5.33CABC7CB4AEBEDBD8A9B149FBEEA3A5] - |A| - [11/09/2015 05:07:58] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [636.09 Ko] - (1.0.15.150) - C:\Windows\System32\VMTHX64.DLL
[MD5.59C917C53BB4058787D4A469C045DB76] - |A| - [11/09/2015 05:04:14] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [412.02 Ko] - (1.0.0.270) - C:\Windows\System32\VMWRP64.DLL
[MD5.5D892A0D1588C8DFC7E93D8C42B11CD8] - |A| - [11/03/2015 11:47:34] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1436.5 Ko] - (0.0.3.6) - C:\Windows\System32\vorbis.acm
[MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [09/12/2017 00:24:44] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1-1-0-65-1.dll
[MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [11/11/2018 15:40:31] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1.dll
[MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [09/12/2017 00:24:32] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-65-1.exe
[MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [11/11/2018 15:40:31] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe
[MD5.2A2446E35A9747E2CD9AF1552F876281] - |A| - [07/11/2018 21:53:48] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [98477.25 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [59646.94 Ko] - C:\Windows\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsDefaultHeatProcessor.dl l
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9809.51 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [204268 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [204.39 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png
[MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml
[MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [18/08/2018 01:51:42] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\Windows\System32\wrap_oal.dll
[MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\Windows\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [233.49 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [197.5 Ko] - C:\Windows\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\zu-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\SysWOW64@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\SysWOW64@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |SHD| - [29/04/2019 21:09:19] - [0 Ko] - C:\Windows\SysWOW64\AI_RecycleBin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [22 Ko] - C:\Windows\SysWOW64\am-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [250 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\as-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\az-Latn-AZ
[MD5.69BC2386DFA5E79BCDD1079B59CCA1C4] - |A| - [26/01/2017 09:26:38] - (.-.) - [69.48 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmjpeg.dll
[MD5.9B3C54A9C49CA00F5A9DA7C7F84A57F9] - |A| - [26/01/2017 09:26:48] - (.-.) - [69.51 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpega.acm
[MD5.90476773F98F4AE0A3CB013F4D21650B] - |A| - [26/01/2017 09:26:44] - (.-.) - [69.51 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpegv.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [235 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [23 Ko] - C:\Windows\SysWOW64\chr-CHER-US
[MD5.25778195E7E52EAC46AE711099A38FBE] - |N| - [13/09/2018 12:04:51] - (.© C-Media Inc. - C-Media ASIO DLL.) - [26 Ko] - (7.0.12.713) - C:\Windows\SysWOW64\CMUACWOASIO.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [325.5 Ko] - C:\Windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1334.56 Ko] - C:\Windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [83.04 Ko] - C:\Windows\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [3121.5 Ko] - C:\Windows\SysWOW64\cs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [28829.49 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.20037F9EABBE6CE83844EAFA1D5E6B12] - |A| - [01/10/2018 19:49:56] - (.©Conexant Systems Inc. - Conexant APO.) - [1493.45 Ko] - (1.74.0.0) - C:\Windows\SysWOW64\CX32APO.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [291.5 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [332.5 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\Windows\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7774.13 Ko] - C:\Windows\SysWOW64\Dism
[MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 17:50:48] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\Windows\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [236.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [227.5 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [300 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\Windows\SysWOW64\icuin.dll
[MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\Windows\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\SysWOW64\ig-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\Windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\inetsrv
[MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\Windows\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\is-IS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [223 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\ka-GE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\SysWOW64\km-KH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [220 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\ky-KG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [33 Ko] - C:\Windows\SysWOW64\lb-LU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\SysWOW64\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [224 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [225.5 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44485.05 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.68 Ko] - C:\Windows\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2990.92 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\SysWOW64\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [18.65 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [284.5 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [307 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\Windows\SysWOW64\Nui
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [688.69 Ko] - C:\Windows\SysWOW64\oobe
[MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [18/08/2018 01:51:42] - (.Copyright (C) 2000-2006 - Standard OpenAL™ Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\Windows\SysWOW64\OpenAL32.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\pa-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [305 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [969.53 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [307.5 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [303 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [231 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [298.5 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\rw-RW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\si-LK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [230 Ko] - C:\Windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [228.5 Ko] - C:\Windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [97.16 Ko] - C:\Windows\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4169.4 Ko] - C:\Windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8940.65 Ko] - C:\Windows\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1309.47 Ko] - C:\Windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\Windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [231 Ko] - C:\Windows\SysWOW64\sr-Latn-RS
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [18/08/2018 00:30:20] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\sru
[MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [291 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [34 Ko] - C:\Windows\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [211 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [22.5 Ko] - C:\Windows\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.5 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [226 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\SysWOW64\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\vi-VN
[MD5.9033DAF3277F0498BC86C8D4566C25CE] - |A| - [11/03/2015 11:47:34] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1518.5 Ko] - (0.0.3.6) - C:\Windows\SysWOW64\vorbis.acm
[MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [09/12/2017 00:25:12] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1-1-0-65-1.dll
[MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [11/11/2018 15:40:31] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1.dll
[MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [09/12/2017 00:25:00] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-65-1.exe
[MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [11/11/2018 15:40:31] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [18634.04 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [0 Ko] - C:\Windows\SysWOW64\WCN
[MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowsDefaultHeatProcessor.dl l
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8976.68 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\Windows\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [204.39 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\SysWOW64\wo-SN
[MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [18/08/2018 01:51:42] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\Windows\SysWOW64\wrap_oal.dll
[MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [03/10/2018 14:53:35] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [192 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [186.5 Ko] - C:\Windows\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\zu-ZA

---------- | [Administrator]

[16/03/2019 16:02:28] - |RD| - [298] - C:\Users\Administrator\3D Objects
[16/03/2019 16:02:25] - |HD| - [407409832] - C:\Users\Administrator\AppData
[16/03/2019 16:02:28] - |RD| - [412] - C:\Users\Administrator\Contacts
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Data aplikací
[16/03/2019 16:02:25] - |RD| - [1699] - C:\Users\Administrator\Desktop
[16/03/2019 16:02:25] - |RD| - [402] - C:\Users\Administrator\Documents
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Dokumenty
[16/03/2019 16:02:25] - |RD| - [282] - C:\Users\Administrator\Downloads
[16/03/2019 16:02:25] - |RD| - [482] - C:\Users\Administrator\Favorites
[16/03/2019 16:02:25] - |RD| - [2017] - C:\Users\Administrator\Links
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Local Settings
[16/03/2019 16:41:12] - |HD| - [0] - C:\Users\Administrator\MicrosoftEdgeBackups
[16/03/2019 16:02:25] - |RD| - [504] - C:\Users\Administrator\Music
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Nabídka Start
[16/03/2019 16:02:25] - |AH| - [1310720] - C:\Users\Administrator\NTUSER.DAT
[10/04/2019 19:03:36] - |AH| - [1024] - C:\Users\Administrator\NTUSER.DAT.LOG
[16/03/2019 16:02:25] - |ASH| - [0] - C:\Users\Administrator\ntuser.dat.LOG1
[16/03/2019 16:02:25] - |ASH| - [352256] - C:\Users\Administrator\ntuser.dat.LOG2
[16/03/2019 16:02:25] - |ASH| - [65536] - C:\Users\Administrator\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
[16/03/2019 16:02:25] - |ASH| - [524288] - C:\Users\Administrator\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regt rans-ms
[16/03/2019 16:02:25] - |ASH| - [524288] - C:\Users\Administrator\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regt rans-ms
[16/03/2019 16:02:25] - |SH| - [20] - C:\Users\Administrator\ntuser.ini
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Okolní síť
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Okolní tiskárny
[16/03/2019 16:03:30] - |RD| - [104] - C:\Users\Administrator\OneDrive
[16/03/2019 16:02:25] - |RD| - [884] - C:\Users\Administrator\Pictures
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Poslední
[16/03/2019 16:02:25] - |RD| - [282] - C:\Users\Administrator\Saved Games
[16/03/2019 16:02:28] - |RD| - [1875] - C:\Users\Administrator\Searches
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\SendTo
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Soubory cookie
[16/03/2019 16:02:25] - |RD| - [694] - C:\Users\Administrator\Videos
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Šablony
[16/03/2019 16:02:25] - |D| - [299285070] - C:\Users\Administrator\AppData\Local
[16/03/2019 16:02:25] - |D| - [107065193] - C:\Users\Administrator\AppData\LocalLow
[16/03/2019 16:02:25] - |D| - [1059569] - C:\Users\Administrator\AppData\Roaming
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Local\Data aplikací
[16/03/2019 16:33:14] - |D| - [55] - C:\Users\Administrator\AppData\Local\Eraser 6
[16/03/2019 16:02:29] - |D| - [0] - C:\Users\Administrator\AppData\Local\Google
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Local\History
[16/03/2019 21:42:29] - |AH| - [41499] - C:\Users\Administrator\AppData\Local\IconCache.db
[16/03/2019 16:02:29] - |D| - [235676] - C:\Users\Administrator\AppData\Local\mbamtray
[16/03/2019 16:02:25] - |D| - [202364693] - C:\Users\Administrator\AppData\Local\Microsoft
[16/03/2019 16:02:51] - |D| - [72267] - C:\Users\Administrator\AppData\Local\MicrosoftEdge
[16/03/2019 16:02:27] - |D| - [96570880] - C:\Users\Administrator\AppData\Local\Packages
[22/04/2019 22:29:02] - |D| - [0] - C:\Users\Administrator\AppData\Local\PlaceholderTi leLogoFolder
[16/03/2019 16:02:37] - |D| - [0] - C:\Users\Administrator\AppData\Local\Publishers
[16/03/2019 16:02:25] - |D| - [0] - C:\Users\Administrator\AppData\Local\Temp
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Local\Temporary Internet Files
[16/03/2019 16:03:03] - |SD| - [35614] - C:\Users\Administrator\AppData\LocalLow\Microsoft
[22/04/2019 22:33:18] - |D| - [15371] - C:\Users\Administrator\AppData\LocalLow\Sun
[23/04/2019 00:00:15] - |D| - [107014208] - C:\Users\Administrator\AppData\LocalLow\Wizards Of The Coast
[16/03/2019 16:02:27] - |D| - [0] - C:\Users\Administrator\AppData\Roaming\Adobe
[16/03/2019 16:03:17] - |D| - [172674] - C:\Users\Administrator\AppData\Roaming\IObit
[16/03/2019 16:02:25] - |SD| - [381050] - C:\Users\Administrator\AppData\Roaming\Microsoft
[22/04/2019 23:07:06] - |D| - [505845] - C:\Users\Administrator\AppData\Roaming\Notepad++
[22/04/2019 22:33:18] - |D| - [0] - C:\Users\Administrator\AppData\Roaming\Sun
[16/03/2019 16:02:28] - |SH| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\desktop.ini
[16/03/2019 16:02:25] - |RD| - [21230] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programy
[16/03/2019 16:02:25] - |RD| - [3888] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Accessibility
[16/03/2019 16:02:25] - |RD| - [2925] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Accessories
[16/03/2019 16:02:28] - |RD| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Administrative Tools
[16/03/2019 16:02:25] - |SH| - [264] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\desktop.ini
[16/03/2019 16:02:25] - |D| - [170] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Maintenance
[16/03/2019 16:02:25] - |A| - [2385] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\OneDrive.lnk
[16/03/2019 16:02:28] - |RD| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup
[16/03/2019 16:02:25] - |RD| - [3496] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\System Tools
[16/03/2019 16:02:25] - |RD| - [7754] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Windows PowerShell
[16/03/2019 16:02:28] - |SH| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup\desktop.ini

---------- | [Administrátor]

[29/04/2019 20:31:59] - |D| - [2420] - C:\Users\Administrátor.android
[17/08/2018 21:46:23] - |RD| - [298] - C:\Users\Administrátor\3D Objects
[17/08/2018 21:43:31] - |HD| - [2624093470] - C:\Users\Administrátor\AppData
[17/08/2018 21:46:23] - |RD| - [412] - C:\Users\Administrátor\Contacts
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Data aplikací
[17/08/2018 21:43:31] - |RD| - [40496131014] - C:\Users\Administrátor\Desktop
[17/08/2018 21:43:31] - |RD| - [788974130] - C:\Users\Administrátor\Documents
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Dokumenty
[17/08/2018 21:43:31] - |RD| - [173943391733] - C:\Users\Administrátor\Downloads
[17/08/2018 21:43:31] - |RD| - [690] - C:\Users\Administrátor\Favorites
[17/08/2018 21:43:31] - |RD| - [3490] - C:\Users\Administrátor\Links
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Local Settings
[17/08/2018 21:46:40] - |HD| - [0] - C:\Users\Administrátor\MicrosoftEdgeBackups
[17/08/2018 21:43:31] - |RD| - [504] - C:\Users\Administrátor\Music
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Nabídka Start
[17/08/2018 21:43:31] - |AH| - [3145728] - C:\Users\Administrátor\NTUSER.DAT
[10/04/2019 19:03:36] - |AH| - [1024] - C:\Users\Administrátor\NTUSER.DAT.LOG
[17/08/2018 21:43:31] - |ASH| - [888832] - C:\Users\Administrátor\ntuser.dat.LOG1
[17/08/2018 21:43:31] - |ASH| - [868352] - C:\Users\Administrátor\ntuser.dat.LOG2
[17/08/2018 21:43:31] - |ASH| - [65536] - C:\Users\Administrátor\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
[17/08/2018 21:43:31] - |ASH| - [524288] - C:\Users\Administrátor\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regt rans-ms
[17/08/2018 21:43:31] - |ASH| - [524288] - C:\Users\Administrátor\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regt rans-ms
[17/08/2018 21:43:31] - |SH| - [20] - C:\Users\Administrátor\ntuser.ini
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Okolní síť
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Okolní tiskárny
[17/08/2018 21:48:09] - |RD| - [104] - C:\Users\Administrátor\OneDrive
[17/08/2018 21:43:31] - |RD| - [12300551] - C:\Users\Administrátor\Pictures
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Poslední
[17/08/2018 21:43:31] - |RD| - [1831252570] - C:\Users\Administrátor\Saved Games
[17/08/2018 21:46:23] - |RD| - [1879] - C:\Users\Administrátor\Searches
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\SendTo
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Soubory cookie
[28/06/2019 17:57:47] - |D| - [0] - C:\Users\Administrátor\source
[17/08/2018 21:43:31] - |RD| - [694] - C:\Users\Administrátor\Videos
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Šablony
[17/08/2018 21:43:31] - |D| - [1782248825] - C:\Users\Administrátor\AppData\Local
[17/08/2018 21:43:31] - |D| - [425234440] - C:\Users\Administrátor\AppData\LocalLow
[17/08/2018 21:43:31] - |D| - [416610205] - C:\Users\Administrátor\AppData\Roaming
[29/04/2019 21:09:20] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Caphyon
[28/01/2019 00:23:46] - |D| - [0] - C:\Users\Administrátor\AppData\Local\CEF
[04/10/2018 21:37:41] - |D| - [22044672] - C:\Users\Administrátor\AppData\Local\Comms
[03/10/2018 21:02:10] - |D| - [81619833] - C:\Users\Administrátor\AppData\Local\Comodo
[17/08/2018 21:46:22] - |D| - [26701929] - C:\Users\Administrátor\AppData\Local\ConnectedDevi cesPlatform
[12/09/2018 12:44:52] - |D| - [182614552] - C:\Users\Administrátor\AppData\Local\CrashDumps
[18/08/2018 17:02:48] - |D| - [137032] - C:\Users\Administrátor\AppData\Local\D3DSCache
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Local\Data aplikací
[18/08/2018 00:37:41] - |D| - [0] - C:\Users\Administrátor\AppData\Local\DBG
[06/06/2019 01:54:12] - |A| - [3584] - C:\Users\Administrátor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[18/08/2018 19:27:00] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Diagnostics
[06/03/2019 00:12:49] - |D| - [10973] - C:\Users\Administrátor\AppData\Local\DOSBox
[20/04/2019 23:27:14] - |D| - [10125924] - C:\Users\Administrátor\AppData\Local\Downloaded Installations
[30/09/2018 12:57:29] - |D| - [75276] - C:\Users\Administrátor\AppData\Local\ElevatedDiagn ostics
[17/09/2018 22:47:37] - |D| - [0] - C:\Users\Administrátor\AppData\Local\enchant
[07/03/2019 01:37:02] - |D| - [48775497] - C:\Users\Administrátor\AppData\Local\Eraser 6
[17/09/2018 22:38:50] - |D| - [1178148] - C:\Users\Administrátor\AppData\Local\fontconfig
[31/08/2018 22:20:35] - |D| - [4788] - C:\Users\Administrátor\AppData\Local\Frontier Developments
[23/09/2018 19:19:58] - |D| - [0] - C:\Users\Administrátor\AppData\Local\GHISLER
[18/08/2018 01:12:24] - |D| - [153627142] - C:\Users\Administrátor\AppData\Local\Google
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Local\History
[03/03/2019 23:28:48] - |D| - [5786] - C:\Users\Administrátor\AppData\Local\IsolatedStora ge
[12/09/2018 05:33:20] - |D| - [776360] - C:\Users\Administrátor\AppData\Local\mbam
[08/10/2018 12:38:55] - |D| - [235676] - C:\Users\Administrátor\AppData\Local\mbamtray
[30/12/2018 03:21:57] - |D| - [398120] - C:\Users\Administrátor\AppData\Local\Mega Limited
[30/12/2018 03:21:47] - |D| - [67789080] - C:\Users\Administrátor\AppData\Local\MEGAsync
[03/10/2018 15:08:56] - |D| - [12818089] - C:\Users\Administrátor\AppData\Local\Meltytech
[17/08/2018 21:43:31] - |D| - [323249121] - C:\Users\Administrátor\AppData\Local\Microsoft
[17/08/2018 21:46:32] - |D| - [70882] - C:\Users\Administrátor\AppData\Local\MicrosoftEdge
[18/08/2018 17:03:21] - |D| - [2485248] - C:\Users\Administrátor\AppData\Local\Native Instruments
[28/01/2019 00:23:35] - |D| - [173708] - C:\Users\Administrátor\AppData\Local\NVIDIA
[30/12/2018 04:03:20] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Opera Software
[17/08/2018 21:46:22] - |D| - [647489585] - C:\Users\Administrátor\AppData\Local\Packages
[17/08/2018 21:47:48] - |D| - [3573] - C:\Users\Administrátor\AppData\Local\PlaceholderTi leLogoFolder
[28/01/2019 00:19:51] - |D| - [8398683] - C:\Users\Administrátor\AppData\Local\PokerStars.NE T
[18/08/2018 01:35:59] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Programs
[17/08/2018 21:46:28] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Publishers
[04/03/2019 01:52:34] - |A| - [218] - C:\Users\Administrátor\AppData\Local\recently-used.xbel
[28/06/2019 17:51:19] - |D| - [32] - C:\Users\Administrátor\AppData\Local\ServiceHub
[18/08/2018 00:04:32] - |D| - [1880] - C:\Users\Administrátor\AppData\Local\speech
[17/08/2018 21:43:31] - |D| - [171453747] - C:\Users\Administrátor\AppData\Local\Temp
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Local\Temporary Internet Files
[31/08/2018 17:51:53] - |D| - [153203] - C:\Users\Administrátor\AppData\Local\Ubisoft
[17/08/2018 21:46:22] - |D| - [19816244] - C:\Users\Administrátor\AppData\Local\VirtualStore
[28/05/2019 17:29:45] - |D| - [151126] - C:\Users\Administrátor\AppData\LocalLow\Adobe
[18/08/2018 01:36:29] - |D| - [331] - C:\Users\Administrátor\AppData\LocalLow\IObit
[17/08/2018 21:47:02] - |SD| - [7252486] - C:\Users\Administrátor\AppData\LocalLow\Microsoft
[22/08/2018 22:32:09] - |D| - [676] - C:\Users\Administrátor\AppData\LocalLow\Perun Creative
[18/08/2018 00:59:46] - |D| - [15382] - C:\Users\Administrátor\AppData\LocalLow\Sun
[22/04/2019 00:26:30] - |D| - [417814439] - C:\Users\Administrátor\AppData\LocalLow\Wizards Of The Coast
[17/08/2018 21:46:22] - |D| - [50310] - C:\Users\Administrátor\AppData\Roaming\Adobe
[29/04/2019 21:08:47] - |D| - [1041408] - C:\Users\Administrátor\AppData\Roaming\Antonio de la Iglesia
[29/04/2019 21:09:19] - |D| - [1465] - C:\Users\Administrátor\AppData\Roaming\APKTOW10M
[28/06/2019 17:21:47] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Ashampoo
[20/11/2018 14:30:50] - |D| - [452] - C:\Users\Administrátor\AppData\Roaming\Bandicam Company
[11/09/2018 22:44:56] - |D| - [9659] - C:\Users\Administrátor\AppData\Roaming\Curiolab
[31/08/2018 17:44:03] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\DAEMON Tools Lite
[18/08/2018 16:41:17] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Daichi
[01/10/2018 01:49:04] - |D| - [441] - C:\Users\Administrátor\AppData\Roaming\DataWorks
[31/08/2018 22:20:35] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Frontier Developments
[23/09/2018 19:19:30] - |D| - [815] - C:\Users\Administrátor\AppData\Roaming\GHISLER
[18/08/2018 14:44:48] - |D| - [2752370] - C:\Users\Administrátor\AppData\Roaming\Image-Line
[28/12/2018 14:28:24] - |D| - [30578] - C:\Users\Administrátor\AppData\Roaming\ImgBurn
[17/09/2018 22:38:40] - |D| - [25005] - C:\Users\Administrátor\AppData\Roaming\inkscape
[31/08/2018 17:49:07] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\InstallShie ld
[18/08/2018 01:36:05] - |D| - [304867277] - C:\Users\Administrátor\AppData\Roaming\IObit
[07/09/2018 10:00:02] - |D| - [2538] - C:\Users\Administrátor\AppData\Roaming\IrfanView
[18/08/2018 16:28:05] - |D| - [349965] - C:\Users\Administrátor\AppData\Roaming\iZotope
[03/10/2018 10:50:49] - |D| - [187] - C:\Users\Administrátor\AppData\Roaming\KMP
[03/10/2018 14:33:41] - |D| - [970] - C:\Users\Administrátor\AppData\Roaming\Machete Lite
[13/12/2018 00:38:22] - |D| - [1024] - C:\Users\Administrátor\AppData\Roaming\Macromedia
[22/04/2019 21:23:42] - |D| - [4648] - C:\Users\Administrátor\AppData\Roaming\Mael Horz
[17/08/2018 21:43:31] - |SD| - [1628939] - C:\Users\Administrátor\AppData\Roaming\Microsoft
[19/04/2019 19:23:39] - |D| - [2474089] - C:\Users\Administrátor\AppData\Roaming\Notepad++
[24/02/2019 22:00:56] - |D| - [11741990] - C:\Users\Administrátor\AppData\Roaming\NVIDIA
[19/06/2019 13:50:33] - |D| - [1295523] - C:\Users\Administrátor\AppData\Roaming\OpenOffice
[30/12/2018 04:02:55] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Opera Software
[28/12/2018 13:59:59] - |D| - [236] - C:\Users\Administrátor\AppData\Roaming\PowerISO
[18/08/2018 00:59:46] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Sun
[28/06/2019 17:51:18] - |D| - [5637024] - C:\Users\Administrátor\AppData\Roaming\Visual Studio Setup
[08/09/2018 11:31:57] - |D| - [83796793] - C:\Users\Administrátor\AppData\Roaming\vlc
[28/06/2019 17:51:19] - |D| - [66] - C:\Users\Administrátor\AppData\Roaming\vstelemetry
[28/06/2019 17:51:15] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\vs_installe rshell
[18/08/2018 14:57:14] - |D| - [12] - C:\Users\Administrátor\AppData\Roaming\WinRAR
[17/08/2018 21:46:23] - |SH| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\desktop.ini
[17/08/2018 21:43:31] - |RD| - [81061] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programy
[17/08/2018 21:43:31] - |RD| - [3888] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Accessibility
[17/08/2018 21:43:31] - |RD| - [2929] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Accessories
[17/08/2018 21:46:23] - |RD| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Administrative Tools
[18/08/2018 14:45:51] - |D| - [4477] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\ASIO4ALL v2
[18/08/2018 15:27:01] - |D| - [1330] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Dada Life
[17/08/2018 21:43:31] - |SH| - [372] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\desktop.ini
[03/10/2018 14:09:18] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Freemake
[18/08/2018 14:44:47] - |D| - [8634] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Image-Line
[17/09/2018 22:38:02] - |A| - [883] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Inkscape.lnk
[18/08/2018 15:03:44] - |D| - [2603] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\iZotope
[17/08/2018 21:43:31] - |D| - [170] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Maintenance
[30/12/2018 03:21:50] - |D| - [4570] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\MEGAsync
[18/08/2018 15:01:45] - |D| - [20723] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Native Instruments
[17/08/2018 21:43:31] - |A| - [2391] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\OneDrive.lnk
[17/08/2018 21:46:23] - |RD| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup
[17/08/2018 21:43:31] - |RD| - [3496] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\System Tools
[23/09/2018 19:19:31] - |D| - [2174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Total Commander
[12/11/2018 22:54:25] - |D| - [2370] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\u-he
[20/11/2018 22:51:02] - |D| - [7324] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\VirtualDJ
[17/08/2018 21:43:31] - |RD| - [7754] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Windows PowerShell
[18/08/2018 14:56:24] - |D| - [4625] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\WinRAR
[17/08/2018 21:46:23] - |SH| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[17/08/2018 21:46:23] - |RHD| - [196] - C:\Users\Public\AccountPictures
[12/04/2018 01:38:20] - |RHD| - [27546] - C:\Users\Public\Desktop
[12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini
[12/04/2018 01:38:20] - |RD| - [278] - C:\Users\Public\Documents
[12/04/2018 01:38:20] - |RD| - [174] - C:\Users\Public\Downloads
[12/04/2018 01:38:20] - |RHD| - [1174] - C:\Users\Public\Libraries
[12/04/2018 01:38:20] - |RD| - [380] - C:\Users\Public\Music
[18/08/2018 01:03:10] - |A| - [8192] - C:\Users\Public\ntuser.dat
[10/04/2019 19:03:36] - |AH| - [1024] - C:\Users\Public\NTUSER.DAT.LOG
[18/08/2018 01:03:10] - |ASH| - [8192] - C:\Users\Public\ntuser.dat.LOG1
[18/08/2018 01:03:10] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2
[18/08/2018 01:03:10] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{09c920ac-a255-11e8-9333-00252281e08d}.TM.blf
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{09c920ac-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000001.regt rans-ms
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{09c920ac-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000002.regt rans-ms
[12/04/2018 01:38:20] - |RD| - [1263209] - C:\Users\Public\Pictures
[31/08/2018 18:00:51] - |D| - [5827903] - C:\Users\Public\Ubisoft
[12/04/2018 01:38:20] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[28/05/2019 17:28:51] - |D| - [422789217] - C:\ProgramData\Adobe
[28/06/2019 17:21:06] - |D| - [786701] - C:\ProgramData\Ashampoo
[30/09/2018 15:10:20] - |D| - [19808] - C:\ProgramData\Audyssey Labs
[28/12/2018 13:57:40] - |D| - [9776] - C:\ProgramData\AVAST Software
[18/08/2018 15:48:21] - |D| - [500668] - C:\ProgramData\Camel Audio
[31/08/2018 17:40:40] - |D| - [1468] - C:\ProgramData\DAEMON Tools Lite
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Data aplikací
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Dokumenty
[30/09/2018 15:10:26] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[14/02/2019 22:58:17] - |D| - [706140] - C:\ProgramData\GOG.com
[26/04/2019 15:50:43] - |D| - [0] - C:\ProgramData\HTC
[31/08/2018 17:49:07] - |D| - [132] - C:\ProgramData\InstallShield
[18/08/2018 01:36:15] - |D| - [20903744] - C:\ProgramData\IObit
[17/08/2018 21:53:00] - |D| - [1019781742] - C:\ProgramData\Kaspersky Lab
[17/08/2018 21:51:06] - |D| - [0] - C:\ProgramData\Kaspersky Lab Setup Files
[26/03/2019 12:41:01] - |RASHD| - [1024] - C:\ProgramData\Key-Base
[26/04/2019 15:50:43] - |D| - [0] - C:\ProgramData\LGE
[12/09/2018 05:32:54] - |D| - [138092564] - C:\ProgramData\Malwarebytes
[28/12/2018 13:57:28] - |D| - [0] - C:\ProgramData\McAfee
[12/04/2018 01:38:20] - |SD| - [2421998616] - C:\ProgramData\Microsoft
[17/08/2018 21:47:46] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[28/06/2019 17:50:36] - |D| - [1092] - C:\ProgramData\Microsoft Visual Studio
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Nabídka Start
[18/08/2018 01:03:10] - |A| - [8192] - C:\ProgramData\ntuser.dat
[18/08/2018 01:03:10] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1
[18/08/2018 01:03:10] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2
[18/08/2018 01:03:10] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{09c920a2-a255-11e8-9333-00252281e08d}.TM.blf
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{09c920a2-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000001.regt rans-ms
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{09c920a2-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000002.regt rans-ms
[18/12/2018 19:49:55] - |RASH| - [8] - C:\ProgramData\ntuser.pol
[11/11/2018 15:40:18] - |D| - [2502463] - C:\ProgramData\NVIDIA
[11/11/2018 15:38:33] - |D| - [3068730] - C:\ProgramData\NVIDIA Corporation
[18/08/2018 00:59:25] - |D| - [70997662] - C:\ProgramData\Oracle
[18/08/2018 01:52:38] - |D| - [149273793] - C:\ProgramData\Package Cache
[20/08/2018 23:12:50] - |D| - [1015808] - C:\ProgramData\Packages
[14/10/2018 12:50:39] - |D| - [485] - C:\ProgramData\Planet Coaster
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Plocha
[29/06/2019 09:59:13] - |D| - [104] - C:\ProgramData\ProductData
[12/04/2018 01:38:20] - |D| - [2073] - C:\ProgramData\regid.1991-06.com.microsoft
[11/09/2018 23:03:13] - |D| - [475130] - C:\ProgramData\RogueKiller
[12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[12/04/2018 01:38:20] - |D| - [13980] - C:\ProgramData\USOPrivate
[17/08/2018 21:40:04] - |D| - [8470528] - C:\ProgramData\USOShared
[12/04/2018 17:52:15] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[26/03/2019 12:41:01] - |D| - [0] - C:\ProgramData{FA7D5C51-6ACA-0558-7668-96BA089C68BD}
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Šablony

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[12/04/2018 01:38:20] - |RD| - [192090] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programy
[27/02/2019 22:28:21] - |A| - [1128] - C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[28/06/2019 17:33:08] - |D| - [1557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[12/04/2018 01:38:20] - |RD| - [13063] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[28/05/2019 17:29:29] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[12/04/2018 01:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[28/06/2019 17:21:20] - |D| - [1404] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[20/11/2018 14:30:40] - |D| - [3286] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[18/08/2018 15:48:21] - |D| - [4076] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio
[03/03/2019 23:33:42] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[18/08/2018 00:45:47] - |D| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[12/04/2018 01:38:24] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[01/10/2018 02:11:55] - |D| - [2817] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
[05/03/2019 16:32:26] - |A| - [1828] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[09/07/2019 00:57:11] - |D| - [2714] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[18/08/2018 01:12:50] - |A| - [2301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[20/08/2018 23:01:14] - |D| - [871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[22/04/2019 21:23:39] - |D| - [3379] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[18/08/2018 14:44:47] - |D| - [3913] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[28/12/2018 14:25:34] - |D| - [5922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[28/12/2018 14:25:34] - |A| - [1950] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[18/08/2018 18:31:07] - |D| - [2750] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[18/08/2018 18:31:07] - |A| - [1428] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[07/09/2018 10:00:10] - |D| - [8979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[28/12/2018 15:18:10] - |D| - [6980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[18/08/2018 00:59:40] - |D| - [6758] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[17/09/2018 23:59:23] - |D| - [5186] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
[12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[08/07/2019 13:26:11] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[22/04/2019 00:20:05] - |D| - [1415] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
[19/04/2019 19:23:40] - |A| - [1104] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
[11/11/2018 15:42:09] - |D| - [4994] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[14/10/2018 12:48:56] - |D| - [2005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet Coaster
[28/12/2018 13:57:27] - |D| - [7109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[18/08/2018 14:58:18] - |D| - [4088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq Ambisone VST 2.02
[18/08/2018 14:58:29] - |D| - [4043] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq Dynasone VST 2.02
[18/08/2018 14:58:05] - |D| - [4129] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq OrangeVocoder VST 2.02
[18/08/2018 14:58:40] - |D| - [3975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq PiWarp VST 2.02
[18/08/2018 14:59:31] - |D| - [4124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq Roomulator VST 2.02
[18/08/2018 14:59:41] - |D| - [4088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq VoxCiter VST 2.02
[14/02/2019 22:58:16] - |D| - [2646] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rain World [GOG.com]
[04/03/2019 03:10:27] - |D| - [3382] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[11/11/2018 15:33:52] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
[08/09/2018 11:31:39] - |D| - [5850] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[28/06/2019 17:56:31] - |D| - [2099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
[28/06/2019 17:56:07] - |A| - [1499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
[28/06/2019 17:51:23] - |A| - [1359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
[18/08/2018 15:53:50] - |D| - [4364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
[26/04/2019 15:50:44] - |A| - [2759] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Device Recovery Tool.lnk
[20/04/2019 21:58:16] - |D| - [3051] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.0
[18/08/2018 14:56:24] - |D| - [4553] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[28/05/2019 17:29:18] - |D| - [371702206] - C:\Program Files (x86)\Adobe
[28/06/2019 17:21:05] - |D| - [131044400] - C:\Program Files (x86)\Ashampoo
[18/08/2018 14:45:51] - |D| - [573777] - C:\Program Files (x86)\ASIO4ALL v2
[20/11/2018 14:30:35] - |D| - [48356741] - C:\Program Files (x86)\Bandicam
[20/11/2018 14:30:34] - |D| - [9130326] - C:\Program Files (x86)\BandiMPEG1
[18/08/2018 15:48:21] - |D| - [131557] - C:\Program Files (x86)\Camel Audio
[12/04/2018 01:38:20] - |D| - [264565175] - C:\Program Files (x86)\Common Files
[18/08/2018 19:41:42] - |D| - [160013915] - C:\Program Files (x86)\Comodo
[18/08/2018 19:28:43] - |D| - [0] - C:\Program Files (x86)\DAE
[12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[18/08/2018 01:12:26] - |D| - [480703556] - C:\Program Files (x86)\Google
[18/08/2018 14:39:09] - |D| - [8552609070] - C:\Program Files (x86)\Image-Line
[28/12/2018 14:25:34] - |D| - [3153590] - C:\Program Files (x86)\ImgBurn
[13/09/2018 12:05:10] - |HD| - [10556049] - C:\Program Files (x86)\InstallShield Installation Information
[12/04/2018 01:38:20] - |D| - [2004463] - C:\Program Files (x86)\Internet Explorer
[18/08/2018 01:36:25] - |D| - [78904514] - C:\Program Files (x86)\IObit
[18/08/2018 15:04:14] - |D| - [108457017] - C:\Program Files (x86)\iZotope
[18/08/2018 00:59:23] - |D| - [183067966] - C:\Program Files (x86)\Java
[17/09/2018 23:59:01] - |D| - [333728366] - C:\Program Files (x86)\Kaspersky Lab
[26/04/2019 15:50:43] - |D| - [78224862] - C:\Program Files (x86)\Microsoft Care Suite
[20/04/2019 17:32:35] - |D| - [228602213] - C:\Program Files (x86)\Microsoft SDKs
[28/06/2019 17:51:09] - |D| - [660508106] - C:\Program Files (x86)\Microsoft Visual Studio
[18/08/2018 01:51:30] - |D| - [6076507] - C:\Program Files (x86)\Microsoft XNA
[12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[03/10/2018 14:53:32] - |D| - [2015806] - C:\Program Files (x86)\MSBuild
[18/08/2018 15:01:07] - |D| - [253734310] - C:\Program Files (x86)\Native Instruments
[19/04/2019 19:23:39] - |D| - [10195036] - C:\Program Files (x86)\Notepad++
[11/11/2018 15:40:11] - |D| - [35228100] - C:\Program Files (x86)\NVIDIA Corporation
[18/08/2018 01:51:42] - |D| - [809496] - C:\Program Files (x86)\OpenAL
[03/10/2018 14:53:32] - |D| - [200932037] - C:\Program Files (x86)\Reference Assemblies
[07/11/2018 21:27:33] - |D| - [0] - C:\Program Files (x86)\ShiningMorning
[28/12/2018 15:18:09] - |D| - [13924233] - C:\Program Files (x86)\Smart Projects
[18/08/2018 15:03:44] - |D| - [216992265] - C:\Program Files (x86)\Steinberg
[30/09/2018 13:56:39] - |HD| - [0] - C:\Program Files (x86)\Temp
[09/11/2018 10:59:05] - |D| - [63043064] - C:\Program Files (x86)\u-he
[01/10/2018 00:37:15] - |D| - [3077865] - C:\Program Files (x86)\VIA
[20/11/2018 22:50:59] - |D| - [11654144] - C:\Program Files (x86)\VirtualDJ
[18/08/2018 14:45:07] - |D| - [38881053] - C:\Program Files (x86)\VstPlugins
[11/11/2018 15:40:31] - |D| - [1735394] - C:\Program Files (x86)\VulkanRT
[12/04/2018 01:38:20] - |D| - [1822328] - C:\Program Files (x86)\Windows Defender
[17/12/2018 23:49:04] - |D| - [4433858] - C:\Program Files (x86)\Windows Kits
[12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[12/04/2018 17:50:52] - |D| - [3323847] - C:\Program Files (x86)\Windows Media Player
[12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform
[12/04/2018 01:38:20] - |D| - [7604568] - C:\Program Files (x86)\windows nt
[20/04/2019 21:58:16] - |D| - [58653462] - C:\Program Files (x86)\Windows Phone Kits
[12/04/2018 01:38:20] - |D| - [5409544] - C:\Program Files (x86)\Windows Photo Viewer
[12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices
[12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[12/04/2018 01:38:20] - |D| - [2247115] - C:\Program Files (x86)\WindowsPowerShell
[22/04/2019 00:20:05] - |D| - [4336218343] - C:\Program Files (x86)\Wizards of the Coast

---------- | C:\Program Files

[28/06/2019 17:33:08] - |D| - [5204927] - C:\Program Files\7-Zip
[18/08/2018 15:48:32] - |D| - [131420] - C:\Program Files\Camel Audio
[03/03/2019 23:33:40] - |D| - [41242400] - C:\Program Files\CCleaner
[12/04/2018 01:38:20] - |D| - [209407278] - C:\Program Files\Common Files
[31/08/2018 17:44:02] - |D| - [23830127] - C:\Program Files\DAEMON Tools Lite
[12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini
[17/12/2018 23:49:07] - |D| - [707464] - C:\Program Files\DIFX
[05/03/2019 16:32:26] - |D| - [6520522] - C:\Program Files\Eraser
[11/09/2018 22:44:33] - |D| - [18507298] - C:\Program Files\Exterminate It!
[24/02/2019 22:16:47] - |D| - [19274378] - C:\Program Files\Exterminate It!64
[20/08/2018 23:01:14] - |D| - [4977481] - C:\Program Files\HWiNFO64
[22/04/2019 21:23:38] - |D| - [8150288] - C:\Program Files\HxD
[18/08/2018 14:44:47] - |D| - [6320083] - C:\Program Files\Image-Line
[17/09/2018 22:37:29] - |D| - [216321405] - C:\Program Files\Inkscape
[12/04/2018 01:38:20] - |D| - [2636282] - C:\Program Files\internet explorer
[07/09/2018 10:00:02] - |D| - [6796083] - C:\Program Files\IrfanView
[03/10/2018 10:50:23] - |D| - [124545727] - C:\Program Files\KMPlayer 64X
[12/09/2018 05:32:54] - |D| - [170759844] - C:\Program Files\Malwarebytes
[28/12/2018 13:57:31] - |D| - [0] - C:\Program Files\McAfee
[03/10/2018 14:53:32] - |D| - [25757] - C:\Program Files\MSBuild
[11/11/2018 15:35:54] - |D| - [669768550] - C:\Program Files\NVIDIA Corporation
[14/10/2018 12:46:06] - |D| - [7562610738] - C:\Program Files\Planet Coaster
[22/12/2018 01:26:23] - |D| - [13369755] - C:\Program Files\PowerISO
[04/03/2019 03:10:26] - |D| - [10449456] - C:\Program Files\Recuva
[03/10/2018 14:53:32] - |D| - [36741289] - C:\Program Files\Reference Assemblies
[16/11/2018 20:05:08] - |D| - [37131921] - C:\Program Files\rempl
[12/11/2018 22:54:51] - |D| - [21594359] - C:\Program Files\Steinberg
[17/08/2018 21:36:16] - |HD| - [0] - C:\Program Files\Uninstall Information
[19/06/2019 15:14:38] - |D| - [5795426] - C:\Program Files\UNP
[11/11/2018 15:44:08] - |D| - [2929872] - C:\Program Files\VIA
[08/09/2018 11:31:27] - |D| - [172381388] - C:\Program Files\VideoLAN
[18/08/2018 15:53:49] - |D| - [2193232] - C:\Program Files\Voxengo
[18/08/2018 15:48:32] - |D| - [54478395] - C:\Program Files\VSTPlugins
[12/04/2018 01:38:20] - |RD| - [19590831] - C:\Program Files\Windows Defender
[12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail
[12/04/2018 17:50:52] - |D| - [4890091] - C:\Program Files\Windows Media Player
[12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform
[12/04/2018 01:38:20] - |D| - [7871320] - C:\Program Files\windows nt
[12/04/2018 01:38:20] - |D| - [6209800] - C:\Program Files\Windows Photo Viewer
[12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices
[12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security
[12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[12/04/2018 01:38:20] - |HD| - [2472088797] - C:\Program Files\WindowsApps
[12/04/2018 01:38:20] - |D| - [2495349] - C:\Program Files\WindowsPowerShell
[18/08/2018 14:56:13] - |D| - [8671566] - C:\Program Files\WinRAR
[27/02/2019 22:28:11] - |D| - [7146655] - C:\Program Files\WinRAR57

---------- | C:\Program Files (x86)\Common Files

[28/05/2019 17:29:18] - |D| - [23846438] - C:\Program Files (x86)\Common Files\Adobe
[18/08/2018 18:03:56] - |D| - [86585344] - C:\Program Files (x86)\Common Files\Digidesign
[31/08/2018 17:45:52] - |D| - [5571484] - C:\Program Files (x86)\Common Files\InstallShield
[18/08/2018 18:31:09] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit
[07/11/2018 15:05:17] - |D| - [1973744] - C:\Program Files (x86)\Common Files\Java
[17/12/2018 23:48:47] - |D| - [6419917] - C:\Program Files (x86)\Common Files\Microsoft
[12/04/2018 01:38:20] - |D| - [25505554] - C:\Program Files (x86)\Common Files\microsoft shared
[18/08/2018 18:03:57] - |D| - [6230053] - C:\Program Files (x86)\Common Files\Native Instruments
[07/11/2018 15:05:28] - |D| - [1370320] - C:\Program Files (x86)\Common Files\Oracle
[18/08/2018 14:45:06] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software
[12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[18/08/2018 15:53:49] - |D| - [7028432] - C:\Program Files (x86)\Common Files\Steinberg
[12/04/2018 01:38:20] - |D| - [9798539] - C:\Program Files (x86)\Common Files\system
[18/08/2018 15:03:56] - |D| - [88797392] - C:\Program Files (x86)\Common Files\VST3

---------- | C:\Program Files\Common files

[17/08/2018 21:53:36] - |D| - [1885243] - C:\Program Files\Common files\AV
[18/08/2018 15:53:50] - |D| - [8072216] - C:\Program Files\Common files\Avid
[18/08/2018 17:13:28] - |D| - [0] - C:\Program Files\Common files\Digidesign
[12/04/2018 01:38:20] - |D| - [53586602] - C:\Program Files\Common files\microsoft shared
[18/08/2018 14:45:06] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software
[12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services
[18/08/2018 15:53:49] - |D| - [8003280] - C:\Program Files\Common files\Steinberg
[12/04/2018 01:38:20] - |D| - [10504075] - C:\Program Files\Common files\system
[18/08/2018 14:45:07] - |D| - [7070720] - C:\Program Files\Common files\VST2
[18/08/2018 15:04:02] - |D| - [118089424] - C:\Program Files\Common files\VST3

---------- | Tasks

[MD5.D343CDB9AD8119D02785F0082470B78F] - [09/07/2019 18:09:34] - |A| - [214] - C:\Windows\Tasks\CreateExplorerShellUnelevatedTask .job
[MD5.00000000000000000000000000000000] - [28/12/2018 16:18:53] - |D| - [0] - C:\Windows\Tasks\ImCleanDisabled
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [17/08/2018 21:36:09] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.B1C1535057B8BDF0E4B26EDB1AAE67BF] - [09/07/2019 00:55:29] - |A| - [326] - C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor .job
[MD5.D0CE7C7D2539A6D869363194EF47C685] - [28/05/2019 17:29:39] - |A| - [4562] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.A41A625BB99BB8A55661B01BCE1EAE5F] - [19/08/2018 19:52:24] - |A| - [4682] - C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_207_pepper.exe
[MD5.C4943990B7936CEBED220EFA5E39069A] - [05/12/2018 20:34:47] - |A| - [4506] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
[MD5.432B80398C7C804B1A73AB127578C724] - [01/10/2018 00:37:01] - |A| - [3304] - C:\Windows\System32\Tasks\ASUS Patch for VIA Audio : C:\Windows\system32\AsPatchViaAudio.exe
[MD5.00000000000000000000000000000000] - [28/12/2018 16:15:29] - |D| - [0] - C:\Windows\System32\Tasks\Avast Software
[MD5.48EA8E3823856A869FF16950FA1B023F] - [03/03/2019 23:33:42] - |A| - [4210] - C:\Windows\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe
[MD5.B860C669485ED321823AAC61FF700B57] - [03/03/2019 23:33:43] - |A| - [2904] - C:\Windows\System32\Tasks\CCleanerSkipUAC : “C:\Program Files\CCleaner\CCleaner.exe”
[MD5.B482E945267DA166012C0B4759D44FBF] - [21/04/2019 18:43:40] - |A| - [3672] - C:\Windows\System32\Tasks\CreateExplorerShellUnele vatedTask : c:\windows\explorer.exe
[MD5.E9B427C976DD7606EC2C1708EFF3D3D0] - [18/08/2018 01:12:29] - |A| - [3348] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.5BE83553A0CDD707FB346CEC8068E063] - [18/08/2018 01:12:29] - |A| - [3472] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [30/12/2018 03:21:57] - |D| - [3844] - C:\Windows\System32\Tasks\MEGA
[MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [527074] - C:\Windows\System32\Tasks\Microsoft
[MD5.E2A63F3C32E13D2CE65C484865E3A570] - [17/08/2018 21:48:58] - |A| - [3396] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandalo neUpdater.exe
[MD5.2D01BA3DE58644D13FFEA75A529144CA] - [22/04/2019 22:28:30] - |A| - [3394] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandalo neUpdater.exe
[MD5.EDD0A894CC09952AE8A5A39C031F1085] - [09/07/2019 00:55:29] - |A| - [2544] - C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admi nistrátor : C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
[MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“WirelessDisplay-Infra-In-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=7250|App=%systemroot%\system32\CastSrv.e xe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
“WirelessDisplay-Out-UDP”=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|App=%systemroot%\system32\WUDFHost.exe|Name= @wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Out-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@ wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-In-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|App=%systemroot%\system32\WUDFHost.exe|Name=@w ifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSDA;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“Netlogon-TCP-RPC-In”=v2.28|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe| Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
“Netlogon-NamedPipe-In”=v2.28|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“DeliveryOptimization-UDP-In”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol =17|LPort=7680|App=%SystemRoot%\system32\svchost.e xe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll ,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“DeliveryOptimization-TCP-In”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol =6|LPort=7680|App=%SystemRoot%\system32\svchost.ex e|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“WiFiDirect-KM-Driver-Out-UDP”=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-In-UDP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-Out-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-In-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“TCP Query User{E96235E5-EDCE-415F-8632-AD4985C9F6B0}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile =Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|Defer=User|
“UDP Query User{DA595FDE-2607-4729-BC55-C1461DB32C17}C:\program files (x86)\google\chrome\application\chrome.exe”=v2.10| Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profil e=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Go ogle Chrome|Desc=Google Chrome|Defer=User|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{05f5cf e2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) → @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1169ec 26-0cff-41fb-8d18-1d0ec75d68b0}] : (WMZUNEUSBSER) → @oem23.inf,%DeviceClass%;Windows Phone USB Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{13e42d fa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) → @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{14b62f 50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) → @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1ed2bb f9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) → @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25dbce 51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{268c95 a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) → @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2a9fe5 32-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) → @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2db153 74-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) → @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2EA9B4 3F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B648}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B649}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36fc9e 60-c465-11cf-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3e3f06 74-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) → @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675d 81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) → @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658ee 7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) → @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721b 56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48d3eb c4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) → @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49ce6a c8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 65-e325-11ce-bfc1-08002be10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 66-e325-11ce-bfc1-08002be10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 67-e325-11ce-bfc1-08002be10318}] : (DiskDrive) → @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 68-e325-11ce-bfc1-08002be10318}] : (Display) → @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 69-e325-11ce-bfc1-08002be10318}] : (FDC) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6a-e325-11ce-bfc1-08002be10318}] : (HDC) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6b-e325-11ce-bfc1-08002be10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6c-e325-11ce-bfc1-08002be10318}] : (MEDIA) → @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6d-e325-11ce-bfc1-08002be10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6e-e325-11ce-bfc1-08002be10318}] : (Monitor) → @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6f-e325-11ce-bfc1-08002be10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 70-e325-11ce-bfc1-08002be10318}] : (MTD) → @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 71-e325-11ce-bfc1-08002be10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 72-e325-11ce-bfc1-08002be10318}] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 73-e325-11ce-bfc1-08002be10318}] : (NetClient) → @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 74-e325-11ce-bfc1-08002be10318}] : (NetService) → @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 75-e325-11ce-bfc1-08002be10318}] : (NetTrans) → @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 77-e325-11ce-bfc1-08002be10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 78-e325-11ce-bfc1-08002be10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 79-e325-11ce-bfc1-08002be10318}] : (Printer) → @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7d-e325-11ce-bfc1-08002be10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7e-e325-11ce-bfc1-08002be10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 80-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4fc954 1c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) → @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127d c3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) → @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906c b8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4a-f6b9-4057-a056-8c550228544c}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50dd52 30-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) → @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175d3 34-c371-4806-b3ba-71fd53c9258d}] : (Sensor) → @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533c5b 84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53487c 23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) → @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53966c b1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) → @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53b3cf 03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) → @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53ccb1 49-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) → @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53d29e f7-377c-4d14-864b-eb3a85769359}] : (Biometric) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{563083 1c-06c9-4856-b327-f5d32586e060}] : (Proximity) → @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5989fc e8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) → @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5aea00 1d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) → @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5c4c33 32-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) → @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5d1b9a aa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) → @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{62f9c7 41-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) → @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{645ad9 9b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) → @PerceptionSimulationSixDof.inf,%ClassName%;Percep tion Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6a0a8e 78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) → @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c1-810f-11d0-bec7-08002be2092f}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c5-810f-11d0-bec7-08002be2092f}] : (Infrared) → @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c6-810f-11d0-bec7-08002be2092f}] : (Image) → @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6d8078 84-7d21-11cf-801c-08002be10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71a27c dd-812a-11d0-bec7-08002be2092f}] : (Volume) → @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71aa14 f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) → @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631e 54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) → @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745a17 a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) → @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{772e18 f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) → @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{78A1C3 41-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7ebefb c0-3200-11d2-b4c2-00a0c9697d07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{81C874 65-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8503c9 11-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) → @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{87ef9a d1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) → @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88a1c3 42-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) → @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88bae0 32-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) → @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class{89786f f1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) → @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ecc05 5d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990a2b d7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) → @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9da2b8 0f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) → @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a588 a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a701 c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) → @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A73C93 F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b1d1a1 69-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) → @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b2728d 24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) → @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b86dff 51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) → @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{bbbe87 34-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) → @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c06ff2 65-ae09-48f0-812c-16753d7cba83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c16652 3c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) → @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c243ff bd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) → @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c30ece a0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c7bc9b 22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) → @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ca3e7a b9-b4c3-4ae6-8251-579ef933890f}] : (Camera) → @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class{cdcf09 39-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) → @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ce5939 ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d02bc3 da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) → @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d421b0 8e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) → @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d48179 be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d54650 0a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) → @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61255 3d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) → @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61ca3 65-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) → @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d94ee5 d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{db4f6d dd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) → @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e0cbf0 6c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e2f84c e7-8efa-411c-aa69-97454ca4cb57}] : (Extension) → @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e55fa6 f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) → @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e6f1aa 1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) → @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{eec5ad 98-8080-425f-922a-dabf3de3f69a}] : (WPD) → @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f2e7dd 72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) → @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f3586b af-b5aa-49b5-8d6c-0569284c639f}] : (Compression) → @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f75a86 c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) → @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f8ecaf a6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) → @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{fe8f15 72-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) → @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[29/04/2019 11:39:50] - (2.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor) - C:\Windows\System32\Drivers\klupd_klif_arkmon.sys
[27/01/2018 11:10:16] - (5.2.6.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys
[27/12/2017 10:10:46] - (15.1.206.0) - (AO Kaspersky Lab - Backup Disk Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys
[29/04/2019 15:45:17] - (11.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver) - C:\Windows\System32\Drivers\klupd_klif_klbg.sys
[17/09/2018 23:58:52] - (20.0.122.61) - (AO Kaspersky Lab - klhk [fre_win7_x64]) - C:\Windows\System32\drivers\klhk.sys
[02/02/2018 03:45:32] - (15.1.205.0) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys
[17/09/2018 23:58:52] - (15.1.242.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klflt.sys
[17/09/2018 23:58:52] - (15.1.242.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klif.sys
[30/05/2017 18:51:40] - (15.1.203.0) - (AO Kaspersky Lab - Format Recognizer [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klpd.sys
[17/02/2018 02:50:40] - (15.1.211.0) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys
[12/02/2018 04:17:16] - (15.1.203.0) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klim6.sys
[28/12/2018 13:57:26] - (6.9.0.0) - (Power Software Ltd - PowerISO Virtual Drive) - C:\Windows\System32\Drivers\SCDEmu.SYS
[24/02/2018 05:17:48] - (15.1.215.0) - (AO Kaspersky Lab - Network Processor [fre_win8_x64]) - C:\Windows\system32\DRIVERS\kneps.sys
[16/05/2018 21:05:18] - (16.2.207.0) - (AO Kaspersky Lab - Virtual Disk [fre_win8_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys
[18/08/2018 01:36:29] - (8.98.0.0) - (REALiX™ - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
[20/08/2018 23:01:24] - (10.11.0.0) - (REALiX™ - HWiNFO AMD64 Kernel Driver) - C:\Windows\system32\drivers\HWiNFO64A.SYS
[11/11/2018 15:38:56] - (23.21.13.9135) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 391.35) - C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys
[31/08/2018 17:44:03] - (5.24.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\Windows\System32\drivers\dtlitescsibus.sys
[17/07/2015 18:26:01] - (7.0.12.713) - (C-Media Inc. - C-Media USB Audio Class Driver) - C:\Windows\system32\DRIVERS\CMUACWO.sys
[15/01/2018 05:13:30] - (15.1.204.0) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys
[11/12/2017 11:49:16] - (15.1.202.0) - (AO Kaspersky Lab - Mouse Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys
[22/03/2019 18:12:08] - (0.0.0.47) - (AO Kaspersky Lab - Kernel heuristics engine) - C:\Windows\System32\Drivers\klupd_klif_kimul.sys
[29/04/2019 11:39:50] - (6.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine) - C:\Windows\System32\Drivers\klupd_klif_mark.sys
[18/08/2018 18:31:07] - (1.0.0.20) - (IObit - IUProcessFilter) - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sy s
[18/08/2018 18:31:07] - (1.0.0.20) - (IObit - IURegistryFilter) - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.s ys
[29/04/2019 15:46:18] - (4.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit) - C:\Windows\System32\Drivers\klupd_klif_klark.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () → System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) → System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) → System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () → System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - amdide64 () → System32\drivers\amdide64.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - amdsata () → System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () → System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () → System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport’s Miniport Driver) → System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) → System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) → System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) → System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () → System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) → System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) → system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) → System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) → System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) → System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) → System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () → System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) → System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) → System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () → System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) → System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) → system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () → System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () → System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) → system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) → system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - klupd_klif_arkmon (klupd_klif_arkmon) → System32\Drivers\klupd_klif_arkmon.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klupd_klif_klbg () → System32\Drivers\klupd_klif_klbg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () → System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () → System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () → System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () → System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - MbamElam (MbamElam) → system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () → System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () → System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () → System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () → System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () → System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () → System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () → System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) → System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () → System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () → System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) → system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () → System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () → System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) → system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) → System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) → System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) → system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () → System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () → System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) → System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () → System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsof t Standard SATA AHCI Driver) → System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) → System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) → System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) → System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () → System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) → System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) → System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) → System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) → System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) → System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () → System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) → System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) → System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) → system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy .SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) → System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) → \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) → system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) → system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () → \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () → \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) → \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) → system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) → \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) → system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) → System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO (HWiNFO Kernel Driver) → ??\C:\Windows\system32\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) → ??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) → system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kldisk (kldisk) → \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLHK (@oem24.inf,%klhkDisplayName%;Kaspersky Lab service driver) → \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) → system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klim6 (@oem7.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) → \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) → system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwtp (KLwtp - WFP callout traffic inspector) → \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) → \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) → \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) → system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) → \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) → System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - SCDEmu () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) → System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) → system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) → system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) → \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) → system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) → system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) → system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) → system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) → System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) → \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\HWiNFO64_is1] : (HWiNFO64 Version 5.86.-.Martin Malík - REALiX) → “C:\Program Files\HWiNFO64\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Voxengo SPAN_is1] : (Voxengo SPAN.-.Voxengo) → “C:\Program Files\Voxengo\Voxengo SPAN\unins000.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{58F37E51-2A83-49F3-9117-6005C63CF399}] : (Eraser 6.2.0.2970.-.The Eraser Project) → MsiExec.exe /I{58F37E51-2A83-49F3-9117-6005C63CF399}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Ovládací panel NVIDIA 391.35.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\1541665964_is1] : (Rain World.-.GOG.com) → “C:\GOG Games\Rain World\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Camel Audio CamelCrusher] : (Camel Audio CamelCrusher.-.Camel Audio) → C:\Program Files (x86)\Camel Audio\CamelCrusher\CamelCrusherUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Camel Audio CamelCrusher64] : (Camel Audio CamelCrusher64.-.Camel Audio) → C:\Program Files\Camel Audio\CamelCrusher\CamelCrusherUninstall64.exe
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Exterminate It!] : (Exterminate It!.-.Curio Systems GmbH) → C:\Program Files\Exterminate It!\ExterminateIt_Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Inkscape] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\InstallWIX{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Free.-.Kaspersky Lab) → MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IObitUninstall] : (IObit Uninstaller 8.-.IObit) → “C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IsoBuster_is1] : (IsoBuster 4.2.-.Smart Projects) → “C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MTG Arena 0.1.1391.0] : (MTG Arena.-.Wizards of the Coast) → msiexec.exe /x {2C05A091-D2BF-4001-8CA1-3C3ABF03850F} AI_UNINSTALLER_CTP=1
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS] : (Native Instruments Massive v1.0.1.008 VSTi DXi RTAS.-.) → \UNWISE.EXE \INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\u-he Zebra2] : (u-he Zebra2.-.u-he) → “C:\Program Files (x86)\u-he\Zebra2.7.2.3898\uninstall.exe”
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{20D4A895-748C-4D88-871C-FDB1695B0169}] : (Platform.-.VIA Technologies, Inc.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F32180191F0}] : (Java 8 Update 191.-.Oracle Corporation) → MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180191F0}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}] : (MTG Arena.-.Wizards of the Coast) → MsiExec.exe /X{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Free.-.Kaspersky Lab) → MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{C515E2A3-4878-4C85-A519-52630C7AB08B}] : (VirtualDJ PRO Full.-.Atomix Productions) → MsiExec.exe /I{C515E2A3-4878-4C85-A519-52630C7AB08B}

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\05E3B26797B388D41B517915C3 ECC8BD] : vs_minshellmsi
[HKCR\Installer\Products\15E73F8538A23F94197106506C C33F99] : Eraser 6.2.0.2970 → C:\Windows\Installer{58F37E51-2A83-49F3-9117-6005C63CF399}\Eraser.exe
[HKCR\Installer\Products\184AE0FFBD24EA8A3865840CF9 D759D3] : Windows IP Over USB
[HKCR\Installer\Products\190A50C2FB2D1004C81AC3A3FB 3058F0] : MTG Arena → C:\Windows\Installer{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}\Icon_1.exe
[HKCR\Installer\Products\271AD80F77706C048AAB0D3F41 65B0EE] : vs_FileTracker_Singleton
[HKCR\Installer\Products\3D5E8C7ECDE90344A8FEDF9590 735FF5] : Windows Phone IP Over USB
[HKCR\Installer\Products\4BA5F0F3EC9C622438399EFC8F 63D9D9] : Emergency Download Driver
[HKCR\Installer\Products\4EA42A62D9304AC4784BF22381 10190F] : Java 8 Update 191 → C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe
[HKCR\Installer\Products\4F316817D2942724CA3C0DA4E8 0F8F38] : Kaspersky Free → C:\Windows\Installer{718613F4-492D-4272-ACC3-D04A8EF0F883}\arp.ico
[HKCR\Installer\Products\56FAAB925E9025F4D851F2FAE2 328ACD] : WinUSB Drivers ext
[HKCR\Installer\Products\57F5B12D240893B3081A1F5DD6 D64BBA] : Windows Phone 8.0 Managed SDK Profiler (X86)
[HKCR\Installer\Products\598A4D02C84788D478C1DF1B96 B51096] : Platform
[HKCR\Installer\Products\632B0A4A6406BAC41877E1FA16 11C257] : WinUSB Compatible ID Drivers
[HKCR\Installer\Products\66DC40CEA30CD0740B2DB4CB78 6F83D2] : vs_minshellmsires
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070 E41400] : Adobe Acrobat Reader DC → C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\8381B2ADE2B30224B8E297F664 424D36] : vs_minshellmsires
[HKCR\Installer\Products\94C938AC1D3B6AE4BBA81239B7 087817] : FFU Loader Driver 1.0.0
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\A81955798FDCE1F448353695FC A133A0] : WinUsb CoInstallers
[HKCR\Installer\Products\A86BF41F88196304DAD00D45CB C92919] : Update for Windows 10 for x64-based Systems (KB4023057)
[HKCR\Installer\Products\B280515779B0C1337952D924FE D05E10] : Windows Phone 8.0 Emulation Images
[HKCR\Installer\Products\CE62EE7CD7740D73784BDE41C6 A5C92D] : Windows Phone SDK 8.0 Assemblies
[HKCR\Installer\Products\DA3AED6DE736A863DB0005D144 F3E568] : Windows Phone 8.0 Managed SDK Profiler (ARM)
[HKCR\Installer\Products\DCDBBAA5D5DEDFA4482348D78D F7E8C4] : vs_filehandler_x86
[HKCR\Installer\Products\EA2D34FE15EE3C14CB0A5C7E09 322B71] : vs_filehandler_amd64
[HKCR\Installer\Products\EF57A2D91EC87924EA1C0A794D B7CA9E] : Lumia UEFI Blue Driver
[HKCR\Installer\Products\F60730A4A66673047777F57284 67D401] : Java Auto Updater
[HKCR\Installer\Products\F80615A5B95F54B4EA602163F3 BE6E10] : Windows Device Recovery Tool 3.14.07501 → C:\Windows\Installer{5A51608F-F59B-4B45-AE06-12363FEBE601}\DefaultApplicationIcon.ico

---------- | Drives

---------- | MBR

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

----------( EOF)---------- - 4221 | 18:46:33

Quick Diag Fix.

First please create a restore point!
Right click on Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.