Some viruses in my pc

**veeg** · 07-31-2019, 08:58 AM

@Malnutrition jmarket @gus

**Malnutrition** · 07-31-2019, 10:40 AM

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Right Click on adwcleaner.exe and run as admin to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

================================================== =============================

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

[MEDIA=imgur]LOr0Gd7[/MEDIA]

Hit Ok.

[MEDIA=imgur]sYFsqHx[/MEDIA]

Hit next make sure to leave all items checked, for removal.

[MEDIA=imgur]8NcZjGc[/MEDIA]

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

================================================== ===============================================

Download Quick Diag to your desktop.
Very Important!! – Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_9-27-51-png.1654/

PCHF Forums

Post the log that is generated in your next post.

**Malnutrition** · 08-01-2019, 06:12 AM

I’d replace Adblock … Ublock Origin.

================================================== ===========================

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**depor99** · 08-01-2019, 12:33 PM

Hello, thank you for your interest. But the problem is not solved. For now I just open google chrome a it pops some windows and immediately close them, for about 3 or 4 windows in a row, but it is not happening every time what I open google chrome.

Here are the logs.
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 7.4.0.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 07-23-2019[/HEADING]
[HEADING=1]Database: 2019-07-22.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Scan[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 08-01-2019[/HEADING]
[HEADING=1]Duration: 00:00:09[/HEADING]
[HEADING=1]OS: Windows 10 Home[/HEADING]
[HEADING=1]Scanned: 35810[/HEADING]
[HEADING=1]Detected: 22[/HEADING]
***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSDeviceActivation
Preinstalled.ASUSLiveUpdate
Preinstalled.ASUSProductRegistration
Preinstalled.ASUSSmartGesture
Preinstalled.ASUSSplendid
Preinstalled.ASUSWebStorage

AdwCleaner[S00].txt - [1505 octets] - [01/08/2019 13:48:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

================================================== ===================================

Adware Removal Tool 5.1
Time: 2019_08_01_14_00_13
OS: Windows 10 Home - x64 Bit
Account Name: denni
Adware Definition: 07312019
Elapsed time: 21:20
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

No results found

Adware Removal Tool 5.1
Time: 2019_08_01_14_00_13
OS: Windows 10 Home - x64 Bit
Account Name: denni
Adware Definition: 07312019
Elapsed time: 21:20
Scan Status:- Automatic Done

\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\

No results found

================================================== ===========================================

--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 01/08/2019 14:26:18

Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Belehrad, Bratislava, Budapešť, Ľubľana, Praha
[denni (Administrator)] - [DESKTOP-OM902LA] (S-1-5-21-1430618548-964272824-186209200-1001)

System: Microsoft Windows 10 Home - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1051 (041b) → (1803)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Home|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: X556UR - ASUSTeK COMPUTER INC. - IdNumber: GAN0CV21M323437 - UUID: 5EC7EAA5-951F-F543-88DE-82C638E275D3
Processor : X64 - 2400 Mhz - Intel(R) Core™ i5-6198DU CPU @ 2.30GHz
X556UR.315 - en|US|iso8859-1 - American Megatrends Inc. - S/N: GAN0CV21M323437 - X556UR.315 - ASUS - 1072009
CoreTemp : 57 Celsius

----------| Quick

---------- | SoundDevice

Intel(R) Zvuk pre obrazovky - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101& REV_1000\4&2504AC16&0&0201
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0255&SUBSYS_104311C0& REV_1000\4&2504AC16&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000

---------- | Video

Intel(R) HD Graphics 510 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_463164d40c3d26ce\igdumdim64.dll,C:\ WINDOWS\System32\DriverStore\FileRepository\igdlh6 4.inf_amd64_463164d40c3d26ce\igd10iumd64.dll,C:\WI NDOWS\System32\DriverStore\FileRepository\igdlh64. inf_amd64_463164d40c3d26ce\igd10iumd64.dll,C:\WIND OWS\System32\DriverStore\FileRepository\igdlh64.in f_amd64_463164d40c3d26ce\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1906&SUBSYS_10DE1043&REV_07\3&115 83659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
NVIDIA GeForce 930MX - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nva mi.inf_amd64_24fa95e729ecaade\nvldumdx.dll,C:\WIND OWS\System32\DriverStore\FileRepository\nvami.inf_ amd64_24fa95e729ecaade\nvldumdx.dll,C:\WINDOWS\Sys tem32\DriverStore\FileRepository\nvami.inf_amd64_2 4fa95e729ecaade\nvldumdx.dll,C:\WINDOWS\System32\D riverStore\FileRepository\nvami.inf_amd64_24fa95e7 29ecaade\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_134E&SUBSYS_10DE1043&REV_A2\4&267 F3346&0&00E0 - AdapterCompatibility: NVIDIA - RAM: -2147483648
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 510 - DriverVersion: 21.20.16.4550 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Qualcomm Atheros QCA9377 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall → SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_200F1043&REV_10\01000 000684CE00000
Qualcomm Atheros QCA9377 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0042&SUBSYS_2B311A3B&REV_31\4&331 85F15&0&00E5
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&13D8E7D6&0&11
Bluetooth Device (RFCOMM Protocol TDI) - - - Status: - PnPID :
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&13D8E7D6&0&12
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 8253 | Free (MB) : 5720
Pagefile = Total (MB) : 9563 | Free (MB) : 6842
Virtual = Total (MB) : 4194 | Free (MB) : 3895

Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 0 - Manufacturer: SK Hynix - PartNumber: HMA81GS6MFR8N-TF - S/N: 00000000

---------- | SID Users

Administrator : [S-1-5-21-1430618548-964272824-186209200-500]
DefaultAccount : [S-1-5-21-1430618548-964272824-186209200-503]
denni : [S-1-5-21-1430618548-964272824-186209200-1001]
Guest : [S-1-5-21-1430618548-964272824-186209200-501]
WDAGUtilityAccount : [S-1-5-21-1430618548-964272824-186209200-504]
Administrators : [S-1-5-32-544]
Device Owners : [S-1-5-32-583]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | [OS] | Total : 476.18 Go | Free : 408.2 Go → NTFS (SSD) [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:392,713 bytes/sec, Written:1,102,462 bytes/sec Max Read:392,713 bytes/sec, Max Write:1,102,462 bytes/sec

Overall - Read Maximum:392,713 bytes/sec, Write Maximum:1,102,462 bytes/sec

DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_MICRON_1&PROD_100_MTFDDAK512TB\4&102 36D14&0&000000

---------- | Windows updates - Activation - License

W.A.T :

Test 1 : Windows Is Activated
Test 2 : Possible Fixed Windows

Volume License

---------- | Browsers

IE : 11.0.17134.1 (© Microsoft Corporation. Všetky práva vyhradené.)
GC : 75.0.3770.142 (Copyright 2019 Google LLC.)

Default : “C:\Program Files\Internet Explorer\IEXPLORE.EXE”

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.207

---------- | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

388 | [Owner : SYSTEM | Parent : 4(System) | ???] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [13/02/2019 18:50:09] CPU Usage:0 %
564 | [Owner : SYSTEM | Parent : 492() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
688 | [Owner : SYSTEM | Parent : 492() | ???] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 %
696 | [Owner : SYSTEM | Parent : 680() | ???] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
760 | [Owner : SYSTEM | Parent : 688(wininit.exe) | ???] - (.Microsoft Corporation - Services and Controller app.) - (10.0.17134.191) = C:\Windows\System32\services.exe [15/08/2018 13:33:22] CPU Usage:0 %
768 | [Owner : SYSTEM | Parent : 688(wininit.exe) | 16.57 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [14/11/2018 00:04:44] CPU Usage:0 %
888 | [Owner : SYSTEM | Parent : 760(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
912 | [Owner : UMFD-0 | Parent : 688(wininit.exe) | 3.26 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe [11/07/2019 09:58:54] CPU Usage:0 %
920 | [Owner : SYSTEM | Parent : 760(services.exe) | 28.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1008 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 12.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
356 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
840 | [Owner : SYSTEM | Parent : 680() | 9.91 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [10/10/2018 17:37:24] CPU Usage:0 %
1000 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 11.52 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 %
1060 | [Owner : UMFD-1 | Parent : 840(winlogon.exe) | 6.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe [11/07/2019 09:58:54] CPU Usage:0 %
1132 | [Owner : DWM-1 | Parent : 840(winlogon.exe) | 69.51 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 %
1268 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1280 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 11.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1296 | [Owner : SYSTEM | Parent : 760(services.exe) | 14.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1364 | [Owner : SYSTEM | Parent : 760(services.exe) | 10.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1444 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1460 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 18.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1548 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 17.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1592 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1772 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 7.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1816 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 9.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1832 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.86 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [13/07/2019 15:36:45] CPU Usage:0 %
1844 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.68 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 359.23.) - (8.17.13.5923) = C:\Windows\System32\nvvsvc.exe [01/11/2016 00:43:59] CPU Usage:0 %
1872 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 7.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2028 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2036 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 7.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1056 | [Owner : SYSTEM | Parent : 760(services.exe) | 12.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2104 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 10.44 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2124 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2132 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 5.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2176 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2264 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.41 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igd lh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [30/11/2016 08:33:46] CPU Usage:0 %
2300 | [Owner : SYSTEM | Parent : 1832(NVDisplay.Container.exe) | 10.43 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [13/07/2019 15:36:45] CPU Usage:0 %
2340 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 8.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2352 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2380 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2556 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 12.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2584 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2636 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2644 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 11.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2740 | [Owner : SYSTEM | Parent : 760(services.exe) | 13.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2816 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.91 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2924 | [Owner : SYSTEM | Parent : 760(services.exe) | 15.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3044 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.14 Mo] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.88.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [22/07/2015 18:38:48] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2056 | [Owner : SYSTEM | Parent : 760(services.exe) | 2.9 Mo] - (.ASUSTek Computer Inc. - GFNEXSrv.) - (1.0.12.2) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [01/04/2015 20:01:32] CPU Usage:0 %
3132 | [Owner : SYSTEM | Parent : 760(services.exe) | 13.72 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 %
3200 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3320 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3372 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.39 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.3.9600.17038) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [24/03/2016 01:01:38] CPU Usage:0 %
3380 | [Owner : SYSTEM | Parent : 760(services.exe) | 12.13 Mo] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.8.1.21) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [01/11/2016 00:44:08] CPU Usage:0 %
3388 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.08 Mo] - (.ICEpower - ICEpower ICEsound APO service.) - (1.0.0.39) = C:\Windows\System32\ICEsoundService64.exe [01/11/2018 01:33:16] CPU Usage:0 %
3396 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.57 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.3.10203.4295) = C:\Windows\System32\Intel\DPTF\esif_uf.exe [12/01/2018 14:38:22] CPU Usage:0 %
3408 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3416 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 9.61 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3424 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3440 | [Owner : SYSTEM | Parent : 760(services.exe) | 20.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3456 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 23.47 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3536 | [Owner : SYSTEM | Parent : 760(services.exe) | 16.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3632 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3640 | [Owner : SYSTEM | Parent : 760(services.exe) | 10.14 Mo] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [01/11/2016 00:44:06] CPU Usage:0 %
3676 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 5.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3688 | [Owner : SYSTEM | Parent : 760(services.exe) | ???] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [15/08/2018 13:33:26] CPU Usage:0 %
3712 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3720 | [Owner : SYSTEM | Parent : 760(services.exe) | 18.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3748 | [Owner : SYSTEM | Parent : 760(services.exe) | ???] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe [26/07/2019 20:39:46] CPU Usage:0 %
3900 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3952 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4064 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 4.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3964 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4860 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4888 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5040 | [Owner : denni | Parent : 3396(esif_uf.exe) | 3.43 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.3.10203.4295) = C:\Windows\System32\Intel\DPTF\dptf_helper.exe [12/01/2018 14:38:22] CPU Usage:0 %
5056 | [Owner : SYSTEM | Parent : 3044(AsLdrSrv.exe) | 8.99 Mo] - (.ASUSTek Computer Inc. - HControl.) - (1.0.88.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [31/08/2015 13:52:18] CPU Usage:0 %
3564 | [Owner : denni | Parent : 1592(svchost.exe) | 24.66 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 %
1264 | [Owner : denni | Parent : 760(services.exe) | 14.13 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4644 | [Owner : denni | Parent : 760(services.exe) | 32.3 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2808 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 18.98 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe [04/06/2018 02:55:51] CPU Usage:0 %
4048 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | ???] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe [26/07/2019 20:39:46] CPU Usage:0 %
4848 | [Owner : denni | Parent : 1296(svchost.exe) | 1.95 Mo] - (.ASUS - ACMON.) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [02/12/2015 20:01:44] CPU Usage:0 %
2988 | [Owner : denni | Parent : 1296(svchost.exe) | 13.48 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [13/03/2019 16:20:57] CPU Usage:0 %
5232 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.22 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5296 | [Owner : denni | Parent : 5232(svchost.exe) | 18.31 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 %
5452 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5712 | [Owner : denni | Parent : 5628() | 126.03 Mo] - (.Microsoft Corporation - Prieskumník.) - (10.0.17134.858) = C:\Windows\explorer.exe [11/07/2019 09:59:03] CPU Usage:0 %
5768 | [Owner : denni | Parent : 5580() | 12.02 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igd lh64.inf_amd64_463164d40c3d26ce\igfxEM.exe [30/11/2016 08:34:10] CPU Usage:0 %
5884 | [Owner : denni | Parent : 4812() | 7.05 Mo] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.22.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [22/04/2015 12:28:24] CPU Usage:0 %
5896 | [Owner : denni | Parent : 4668() | 8.47 Mo] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.33.3) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [21/05/2015 16:52:36] CPU Usage:0 %
5928 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5256 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 13.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5700 | [Owner : SYSTEM | Parent : 760(services.exe) | 14.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
6160 | [Owner : denni | Parent : 920(svchost.exe) | 76.37 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe [15/05/2019 22:36:00] CPU Usage:0 %
6384 | [Owner : denni | Parent : 920(svchost.exe) | 116.57 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.885) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe [11/07/2019 09:59:13] CPU Usage:0 %
6572 | [Owner : denni | Parent : 920(svchost.exe) | 14.04 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
6604 | [Owner : denni | Parent : 920(svchost.exe) | 18.59 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7044 | [Owner : SYSTEM | Parent : 760(services.exe) | 22.54 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [11/04/2019 21:19:35] CPU Usage:0 %
7132 | [Owner : denni | Parent : 920(svchost.exe) | 5.96 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.885) = C:\Windows\System32\SettingSyncHost.exe [11/07/2019 09:58:56] CPU Usage:0 %
3140 | [Owner : denni | Parent : 920(svchost.exe) | 11.14 Mo] - (.-.) - (8.50.0.38) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe [25/07/2019 21:54:20] CPU Usage:0 %
2920 | [Owner : denni | Parent : 920(svchost.exe) | 136.96 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.50.0.38) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe [25/07/2019 21:54:20] CPU Usage:0 %
7172 | [Owner : denni | Parent : 920(svchost.exe) | 0.53 Mo] - (.-.) - (10.19031.1141.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.114 11.0_x64__8wekyb3d8bbwe\Video.UI.exe [13/07/2019 15:19:42] CPU Usage:0 %
7304 | [Owner : denni | Parent : 920(svchost.exe) | 15.52 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7860 | [Owner : denni | Parent : 6872() | 1.43 Mo] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [18/12/2015 19:21:58] CPU Usage:0 %
8008 | [Owner : SYSTEM | Parent : 3672() | 0.85 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.e xe [13/07/2019 14:53:54] CPU Usage:0 %
8032 | [Owner : SYSTEM | Parent : 3672() | 0.72 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64 .exe [13/07/2019 14:53:54] CPU Usage:0 %
5012 | [Owner : denni | Parent : 7860(AsusTPLoader.exe) | 2.9 Mo] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.84) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [18/12/2015 19:21:52] CPU Usage:0 %
5172 | [Owner : denni | Parent : 920(svchost.exe) | 19.69 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
8232 | [Owner : denni | Parent : 5012(AsusTPCenter.exe) | 1.01 Mo] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe [18/12/2015 19:22:16] CPU Usage:0 %
8284 | [Owner : denni | Parent : 920(svchost.exe) | 7.85 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
8484 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 12.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
8604 | [Owner : denni | Parent : 5712(explorer.exe) | 11.67 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 %
8724 | [Owner : denni | Parent : 5712(explorer.exe) | 19.14 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.12.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [01/11/2016 00:44:08] CPU Usage:0 %
8928 | [Owner : denni | Parent : 5712(explorer.exe) | 65.32 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\Steam.exe [22/05/2018 02:30:20] CPU Usage:0 %
9016 | [Owner : denni | Parent : 8928(Steam.exe) | 46.92 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
9064 | [Owner : SYSTEM | Parent : 760(services.exe) | 14.06 Mo] - (.Valve Corporation - Steam Client Service.) - (5.23.87.7) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [13/07/2019 15:33:09] CPU Usage:0 %
9128 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 12.1 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
1392 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 44.03 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
6420 | [Owner : denni | Parent : 5712(explorer.exe) | 148.26 Mo] - (.-.) - (1.0.0.0) = C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [13/07/2019 16:13:10] CPU Usage:0 %
8692 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 88.46 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
8020 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 38.93 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
2364 | [Owner : denni | Parent : 1296(svchost.exe) | 2.24 Mo] - (.Realtek Semiconductor - Správca zvuku s vysokým rozlíšením Realtek.) - (1.0.0.1128) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [01/11/2018 01:33:22] CPU Usage:0 %
2460 | [Owner : denni | Parent : 1296(svchost.exe) | 1.7 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [01/11/2018 01:33:22] CPU Usage:0 %
6424 | [Owner : SYSTEM | Parent : 920(svchost.exe) | 32.03 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 %
1860 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.76 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1173) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [16/10/2015 08:15:54] CPU Usage:0 %
1952 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.62 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1173) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [16/10/2015 08:14:56] CPU Usage:0 %
2580 | [Owner : SYSTEM | Parent : 760(services.exe) | 9.05 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 %
1112 | [Owner : SYSTEM | Parent : 760(services.exe) | ???] - (.Microsoft Corporation - System Guard Runtime Monitor Broker Service.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 %
3148 | [Owner : SYSTEM | Parent : 760(services.exe) | 27.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3544 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 8.32 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3840 | [Owner : denni | Parent : 760(services.exe) | 11.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
8144 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.92 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
9708 | [Owner : denni | Parent : 920(svchost.exe) | 30.53 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 %
8972 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.73 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5332 | [Owner : denni | Parent : 920(svchost.exe) | 19.53 Mo] - (.-.) - (2019.19051.16210.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19 051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.ex e [13/07/2019 15:17:25] CPU Usage:0 %
1584 | [Owner : SYSTEM | Parent : 760(services.exe) | 17.88 Mo] - (.Intel Corporation - Intel(R) Security Assist.) - (1.0.0.532) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [19/05/2015 11:11:00] CPU Usage:0 %
9036 | [Owner : denni | Parent : 920(svchost.exe) | 39.86 Mo] - (.Microsoft Corporation - Store.) - (11906.1001.18.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.100 1.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe [30/07/2019 13:16:32] CPU Usage:0 %
8200 | [Owner : denni | Parent : 920(svchost.exe) | 42.32 Mo] - (.Microsoft Corporation - Nastavenia.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.ex e [13/06/2018 15:14:26] CPU Usage:0 %
9404 | [Owner : SYSTEM | Parent : 760(services.exe) | 18.59 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1416 | [Owner : denni | Parent : 920(svchost.exe) | 21.61 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [11/04/2019 21:19:40] CPU Usage:0 %
10204 | [Owner : LOCAL SERVICE | Parent : 2556(svchost.exe) | 15.87 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [15/06/2019 12:01:13] CPU Usage:0 %
200 | [Owner : denni | Parent : 920(svchost.exe) | 39.08 Mo] - (.Microsoft Corporation - Prieskumník.) - (10.0.17134.858) = C:\Windows\explorer.exe [11/07/2019 09:59:03] CPU Usage:0 %
6640 | [Owner : denni | Parent : 5712(explorer.exe) | 57.55 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\denni\Desktop\quickdiag_V5_27.02.19.1.exe [01/08/2019 13:47:23] CPU Usage:0 %
32 | [Owner : NETWORK SERVICE | Parent : 920(svchost.exe) | 9.58 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %

---------- | Locked Applications

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) – C:\Windows\System32\InputHost.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (21.20.16.4550) – C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll
(.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4550) – C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_463164d40c3d26ce\igc64.dll
(..-..) - (0.0.0.0) – C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) – C:\Windows\ShellComponents\TaskFlowUI.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 416.16.) - (25.21.14.1616) – C:\WINDOWS\system32\nvapi64.dll
(.NVIDIA Corporation.-.NVIDIA Slovak language resource library.) - (6.14.14.1616) – C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.14.1616) – C:\WINDOWS\system32\nv3dappshext.dll

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)

---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) – c:\windows\system32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
Steam - (“C:\Program Files (x86)\Steam\steam.exe” -silent [HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE...\Run]) - User: DESKTOP-OM902LA\denni
Bloody2 - (“C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe” Minimum [HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE...\Run]) - User: DESKTOP-OM902LA\denni
utweb - (“C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe” /MINIMIZED [HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE...\Run]) - User: DESKTOP-OM902LA\denni
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE...\Run]) - User: Public
NvBackend - (“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe” [HKLM\SOFTWARE...\Run]) - User: Public
ShadowPlay - (C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Run]
“Steam”=“C:\Program Files (x86)\Steam\steam.exe” -silent
“Bloody2”=“C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe” Minimum
“utweb”=“C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe” /MINIMIZED

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“Bloody2”=0x020000000000000000000000
“Steam”=0x020000000000000000000000
“utweb”=0x03000000C128F9EB0E47D501

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\RunMRU]
“a”=msconfig\1
“MRUList”=a

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“Device”=OneNote,winspool,Ne03:
“IsMRUEstablished”=0
“LegacyDefaultPrinterMode”=0

[HKLM\Software\Microsoft\Command Processor]
“DefaultColor”=0
“EnableExtensions”=1
“CompletionChar”=64
“PathCompletionChar”=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurityHealth”=%ProgramFiles%\Windows Defender\MSASCuiL.exe
“NvBackend”=“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
“ShadowPlay”=C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]
“SecurityHealth”=0x060000000000000000000000
“NvBackend”=0x020000000000000000000000
“ShadowPlay”=0x020000000000000000000000
“WindowsDefender”=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32]
“WebStorage”=0x040000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“Win32kLastWriteTime”=1D3D1ED98C0F7D8

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
“”=mnmsrvc
“AppInit_DLLs”=
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“DeviceNotSelectedTimeout”=15
“DwmInputUsesIoCompletionPort”=1
“EnableDwmInputProcessing”=7
“GDIProcessHandleQuota”=10000
“IconServiceLib”=IconCodecService.dll
“LoadAppInit_DLLs”=0
“NaturalInputHandler”=Ninput.dll
“ShutdownWarningDialogTimeout”=4294967295
“Spooler”=yes
“ThreadUnresponsiveLogTimeout”=500
“TransmissionRetryTimeout”=90
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

ASUS Smart Gesture Launcher
ASUS Splendid ACMON
ATK Package 36D18D69AFC3
ATK Package A22126881260
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
RtHDVBg_ListenToDevice
RTKCPL
WpsNotifyTask_Administrator
WpsUpdateTask_Administrator

---------- | Startings up registry ¦ Folder

---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server

[HKLM\System\CurrentControlSet\Control]
“BootDriverFlags”=28
“CurrentUser”=USERNAME
“EarlyStartServices”=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
“PreshutdownOrder”=UsoSvc
DeviceInstall
gpsvc
trustedinstaller
“SvcHostSplitThresholdInKB”=3670016
“WaitToKillServiceTimeout”=2000
“SystemStartOptions”= NOEXECUTE=OPTIN NOVGA
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(3)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(1)
“LastBootSucceeded”=1
“LastBootShutdown”=1
“DirtyShutdownCount”=5

[HKLM\System\CurrentControlSet\Control\lsa]
“auditbasedirectories”=0
“auditbaseobjects”=0
“Bounds”=0x0030000000200000
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Security Packages”=“” [13/07/2019 14:47:40]
“Notification Packages”=scecli
“Authentication Packages”=msv1_0
“LsaPid”=768
“SecureBoot”=1
“ProductType”=3
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“restrictanonymoussam”=1
“restrictanonymous”=0
“SamConnectedAccountsExist”=1

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Session Manager]
“AutoChkTimeout”=8
“BootExecute”=autocheck autochk *
“BootShell”=%SystemRoot%\system32\bootim.exe
“CriticalSectionTimeout”=2592000
“ExcludeFromKnownDlls”=
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“InitConsoleFlags”=0
“NumberOfInitialSessions”=2
“ObjectDirectories”=\Windows
\RPC Control
“ProcessorControl”=2
“ProtectionMode”=1
“RunLevelExecute”=WinInit
ServiceControlManager
“RunLevelValidate”=ServiceControlManager
“SETUPEXECUTE”=
“AutoChkSkipSystemPartition”=0
“ResourceTimeoutCount”=648000

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“DeleteTempDirsOnExit”=1
“fDenyTSConnections”=1
“fSingleSessionPerUser”=1
“NotificationTimeOut”=0
“PerSessionTempDir”=0
“ProductVersion”=5.1
“RCDependentServices”=CertPropSvc
SessionEnv
“SnapshotMonitors”=1
“StartRCM”=0
“TSUserEnabled”=0
“InstanceID”=67c84736-de5b-4d7b-a301-28aff63
“GlassSessionId”=1

---------- | .LNK with Arguments

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll → OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Control Panel\Desktop]
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretTimeout”=5000
“CaretWidth”=1
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=1
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=0
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=400
“MouseWheelRouting”=2
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“ScreenSaveActive”=1
“SnapSizing”=1
“TileWallpaper”=0
“WallPaper”=
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=2
“WheelScrollChars”=1
“WheelScrollLines”=3
“WindowArrangementActive”=1
“Win8DpiScaling”=0
“DpiScalingVer”=4096
“UserPreferencesMask”=0x9E1E078012000000
“MaxVirtualDesktopDimension”=1920
“MaxMonitorDimension”=1920
“TranscodedImageCount”=1
“LastUpdated”=4294967295
“TranscodedImageCache”=0x7AC30100BA723900800700003 8040000C665A3280A2CD10143003A005C00570049004E00440 04F00570053005C0061007300750073005C00770061006C006 C007000610070006500720073005C0061007300750073002E0 06A00700067000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000000000000000000
“IgnorePerProcessSystemDPIToast”=1
“WaitToKillAppTimeout”=2000
“HungAppTimeout”=2000

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ExplorerStartupTraceRecorded”=1
“ShellState”=0x24000000342800000000000000000000000 0000001000000130000000000000062000000
“UserSignedIn”=1
“SlowContextMenuEntries”=0x6024B221EA3A6910A2DC080 02B30309DC5010000206BB9B11DDA3C4A92C17229B32F23269 8060000CEC429A936FD7042B4F534ECAC5BD63C33020000D3E FA9CCED290A43BA6DE6BBFF0A60C26B03000016EC7DE90DA5B B49AE24CF682282E08DC5010000
“SIDUpdatedOnLibraries”=1
“LocalKnownFoldersMigrated”=1
“TelemetrySalt”=0
“GlobalAssocChangedCounter”=35
“FirstRunTelemetryComplete”=1
“AppReadinessLogonComplete”=1
“EdgeDesktopShortcutCreated”=1
“PostAppInstallTasksCompleted”=1

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“ServerAdminUI”=0
“Hidden”=2
“ShowCompColor”=1
“HideFileExt”=1
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“ShowSuperHidden”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ShowStatusBar”=1
“StoreAppsOnTaskbar”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“StartMenuInit”=13
“TaskbarStateLastRun”=0x6924405D00000000
“ReindexedProfile”=1

[HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers]
“authenticodeenabled”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableFullTrustStartupTasks”=2
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableUwpStartupTasks”=2
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“SupportFullTrustStartupTasks”=1
“SupportUwpStartupTasks”=1
“ValidateAdminCodeSignatures”=0
“FilterAdministratorToken”=1
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“GlobalAssocChangedCounter”=5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windo ws\Safer\CodeIdentifiers]
“authenticodeenabled”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“DSCAutomationHostEnabled”=2
“EnableCursorSuppression”=1
“EnableFullTrustStartupTasks”=2
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableUwpStartupTasks”=2
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“SupportFullTrustStartupTasks”=1
“SupportUwpStartupTasks”=1
“ValidateAdminCodeSignatures”=0
“FilterAdministratorToken”=1
“undockwithoutlogon”=1
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer]
“ForceActiveDesktopOn”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“NoRecentDocsHistory”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\ActiveDesktop]
“NoAddingComponents”=1
“NoComponents”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\NewStartPanel]
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\HideDesktopIcons\ClassicStartMen u]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“CheckedValue”=1
“DefaultValue”=2
“HKeyRoot”=2147483649
“Id”=2
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“ValueName”=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer]
“ActiveSetupDisabled”=0
“ActiveSetupTaskOverride”=1
“AsyncRunOnce”=1
“AsyncUpdatePCSettings”=1
“DisableAppInstallsOnFirstLogon”=1
“DisableResolveStoreCategories”=1
“DisableUpgradeCleanup”=1
“EarlyAppResolverStart”=1
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“FSIASleepTimeInMs”=60000
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“IconUnderline”=2
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“MachineOobeUpdates”=1
“NoWaitOnRoamingPayloads”=1
“TaskScheduler”={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
“GlobalAssocChangedCounter”=4

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced]
“Start_TrackDocs”=1
“TaskbarSizeMove”=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin;OneDrive;Work Folders
“BuildNumber”=17134
“FirstLogon”=0
“PUUActive”=0x0EFB17D00100040018008B004E790700215F 0F00215F0F00D200000002000B009D95FED680B81800CBA50E 00C8950300C5780300987C0200000000007D780E000B090000 140500008608564C5F48D5014E79070000000000010000004E 790700EE4200001F180000CEB78C0000000000
“DP”=0xD200E80038000400170000000EFB17D0CEB78C00000 000008608564C5F48D501C33A8AD34948D501BFEF560000000 00000000000174454000000000000000000000000000000000 000000000000000000000000000000000000000000000F03F8 0510100C4090180F0004441F0C844451E3300002684200F26A 4200F32220180020903600219036844B50080453990044D399 014E93B00800204012602060526A73C00C065510A60755B0A6 56C0801800600770406007714C9E100805400A9005481BD0CE A590080010041740100457C75910040AE420A20BE420E24354 2008000A0234000A02340

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“DisableBackButton”=1
“EnableSIHostIntegration”=1
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“ReportBootOk”=1
“Shell”=explorer.exe
“ShellCritical”=0
“ShellInfrastructure”=sihost.exe
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“WinStationsDisabled”=0
“scremoveoption”=0
“LastLogOffEndTimePerfCounter”=238332805901
“ShutdownFlags”=2147483687
“DisableCad”=1
“USERINIT”=C:\windows\system32\userinit.exe,
“DisableLockWorkstation”=0
“EnableFirstLogonAnimation”=1
“AutoLogonSID”=S-1-5-21-1430618548-964272824-186209200-1001
“LastUsedUsername”=denni

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DefaultDomainName”=
“DefaultUserName”=
“EnableSIHostIntegration”=1
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Shell”=explorer.exe
“ShellCritical”=0
“SiHostCritical”=0
“SiHostReadyTimeOut”=0
“SiHostRestartCountLimit”=0
“SiHostRestartTimeGap”=0

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internetový odkaz

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\Classes\Application.Reference]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\WOW6432Node\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Op en\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.com]
“”=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.reg]
“”=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Op en\Command]
“”=regedit.exe “%1”

[HKLM\Software\WOW6432Node\Classes.scr]
“”=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Op en\Command]
“”=“%1” /S

[HKLM\Software\WOW6432Node\Classes.bat]
“”=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.cmd]
“”=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.pif]
“”=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Op en\Command]
“”=“%1” %*

[HKLM\Software\WOW6432Node\Classes.inf]
“”=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Op en\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes.url]
“”=InternetShortcut

[HKLM\Software\WOW6432Node\Classes.lnk]
“”=lnkfile

[HKLM\Software\WOW6432Node\Classes.hta]
“”=htafile
“Content Type”=application/hta
“PerceivedType”=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Op en\Command]
“”=C:\Windows\SysWOW64\mshta.exe “%1” {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
“EditFlags”=2
“FriendlyTypeName”=@C:\WINDOWS\system32\ieframe.dl l,-10046
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“IsShortcut”=
“NeverShowExt”=
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internetový odkaz

[HKLM\Software\WOW6432Node\Classes\Application.Mani fest]
“”=Application Manifest
“BrowserFlags”=4096
“EditFlags”=4259840
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-200

[HKLM\Software\WOW6432Node\Classes\Application.Refe rence]
“”=Application Reference
“EditFlags”=131072
“FriendlyTypeName”=@C:\Windows\System32\dfshim.dll ,-201
“IsShortcut”=
“NeverShowExt”=

[HKLM\Software\WOW6432Node\Classes\Folder]
“”=Folder
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeLayoutPatternForSearch”=alpha
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze;System.HomeGroupSharingStatus
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.HomeGroupShari ngStatus

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 19:02:10]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\Shell\open\Command]
“”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\Shell\open\Command]
“”=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 19:02:10]
[HKLM\Software\WOW6432Node\Clients\StartMenuInterne t\IEXPLORE.EXE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

---------- | AppcompatFlags

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”=0x5341435001000000000 00000070000002800000038B30600CB9907000100000000000 0000000000A00210000BFA2139DEDD1D301000000000000000 00500000010000000000000000000000000000000000000000 20000002800000000000000000000400000000000000000000 0000000000000DFD9760E000000000F0000000F000000
“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”=0x534143500100000000000000070000 0028000000386303003DFB030001000000000000000000000A 00210000BFA2139DEDD1D30100000000000000000500000010 00000000000000000000000000000000000000020000002800 00000000000000000040000000000000000000000000000000 00DFD9760E000000000F0000000F000000
“C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe”=0x5341435 001000000000000000700000028000000F0BD0200F0B703000 1000000000000000000000A73220000BFA2139DEDD1D301000 00000000000000500000010000000000000000000000000000 00000000000020000002800000000000000000000400000000 00000000000000000000000007ABB760E000000000E0000000 E000000
“C:\Users\denni\AppData\Local\Packages\Microsoft.M icrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Chr omeSetup (1).exe”=0x534143500100000000000000070000002800000 038921100D8CF110001000000000000000000000A00210000B FA2139DEDD1D30100000000000000000200000028000000000 00000000000000000000000000000000000000000000080650 000000000000100000001000000
“C:\Users\denni\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncConfig.exe”=0x53414350010000 00000000000700000028000000787C03003765040001000000 000000000000000A00210000BFA2139DEDD1D3010000000100 000000
“C:\Users\denni\AppData\Local\Microsoft\OneDrive\U pdate\OneDriveSetup.exe”=0x53414350010000000000000 0070000002800000078E4FC0124EEFC0101000000000000000 000000A00210000BFA2139DEDD1D3010000000100000000
“C:\Users\denni\AppData\Local\Microsoft\OneDrive\1 9.103.0527.0003\FileSyncConfig.exe”=0x534143500100 000000000000070000002800000078D404009BC10500010000 00000000000000000A00210000BFA2139DEDD1D30100000001 00000000
“C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe”=0x53414350 01000000000000000700000028000000F0702C000D6F2D0001 000000000000000000000A00210000BFA2139DEDD1D3010000 00000000000002000000280000000000000000000000000000 00000000000000000000000000604702000000000002000000 02000000
“C:\Program Files (x86)\ASUS\Giftbox\uninstall.exe”=0x53414350010000 0000000000070000002800000038F3020038E9030003000000 000000000000000A00210000BFA2139DEDD1D3010000000000 00000005000000100000000000000000000000000000000000 00000200000028000000000000000000000000000000000000 000000000000000000E63A0000000000000100000001000000
“C:\Program Files\AVAST Software\SecureLine\unins000.exe”=0x53414350010000 00000000000700000028000000C83113001078130003000000 000000000000030600010000BFA2139DEDD1D3010000000000 00000005000000100000000000000000000000000000000000 00000200000028000000000000000000000000020000000000 000000000000000000097F0200000000000100000001000000
“C:\Program Files (x86)\TeamViewer\uninstall.exe”=0x5341435001000000 00000000070000002800000028FE0800B87709000300000000 0000000000010600010000BFA2139DEDD1D301000000000000 00000500000010000000000000000000000000000000000000 00020000002800000000000000000000000010800000000000 00008000000000001A35000000000000010000000100000001 0000000400000001000000
“C:\Program Files (x86)\WildTangent Games\Touchpoints\asus\Uninstall.exe”=0x5341435001 000000000000000700000028000000F0100500CC3005000300 0000000000000000010600010000BFA2139DEDD1D301000000 00000000000200000028000000000000000000000000000000 0000000000000000000000009A1D0000000000000100000001 000000
“C:\Program Files (x86)\ASUS\WebStorage\uninst.exe”=0x53414350010000 0000000000070000002800000013510300D041C70003000000 000000000000010600010000BFA2139DEDD1D3010000000000 00000005000000100000000000000000000000000000000000 00000200000028000000000000000000000000000000000000 00000000000000000073960000000000000100000001000000
“C:\Program Files\mcafee\msc\mcuihost.exe”=0x53414350010000000 0000000070000002800000018B10E00E0AB0F0003000000000 000000000000A00210000BFA2139DEDD1D3010000000000000 00002000000280000000000000000000000000000000000000 00000000000000000A7100400000000000100000001000000
“C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18. 1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe”=0x 534143500100000000000000070000002800000048B6000063 17010001000000000000000000000A73220000BFA2139DEDD1 D3010000000000000000020000002800000000000000000000 0000000000000000000000000000000000A30C000000000000 0200000002000000
“C:\Users\denni\AppData\Local\Microsoft\OneDrive\1 9.103.0527.0003\OneDriveSetup.exe”=0x5341435001000 00000000000070000002800000078E4FC0124EEFC010300000 0000000000000000A00210000BFA2139DEDD1D301000000010 0000000
“C:\Users\denni\Desktop\SteamSetup.exe”=0x53414350 01000000000000000700000028000000C0021800841D180001 000000000000000000000A00210000BFA2139DEDD1D3010000 00000000000002000000280000000000000000000040000000 00000000000000000000000000E53500000000000001000000 01000000
“C:\Users\denni\AppData\Local\Temp\Temp1_Bloody6_V 2017.0123_US.zip\Bloody6_V2017.0123_US.exe”=0x5341 43500100000000000000070000002800000069ABCB01000000 0001000000000000000000000A00210000BFA2139DEDD1D301 00000000000000000200000028000000000000000000000000 0000000000000000000000000000003FA50F00000000000100 000001000000
“C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe”=0x5341435001000 00000000000070000002800000000102701000000000100000 0000000000000000A71220000BFA2139DEDD1D301000000000 00000000200000028000000000000000000000000000000000 000000000000000000000BA080000000000000200000002000 000
“C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe”=0x5341435001000000000000000 70000002800000038272A007DDF2A000100000000000000000 0000A71220000BFA2139DEDD1D301000000000000000002000 00028000000000000000000000000000000000000000000000 000000000576C0000000000000100000001000000
“C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe”=0x5341435001000000000000 00070000002800000090F9040031D705000100000000000000 0000000A71220000BFA2139DEDD1D301000000000000000002 00000028000000000000000000000000000000000000000000 00000000000016040000000000000200000002000000
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”=0x5341 435001000000000000000700000028000000F0BD1700C83918 0001000000000000000000000A00210000BFA2139DEDD1D301 00000000000000000200000028000000000000000000000000 00000000000000000000000000000080FCCF05000000000A00 00000A000000
“C:\Program Files (x86)\Steam\Steam.exe”=0x5341435001000000000000000 70000002800000020FB300035DB31000100000000000000000 0000A00210000BFA2139DEDD1D301000000000000000002000 00028000000000000000000000000000000000000000000000 0000000003F000000000000002900000029000000
“C:\Program Files (x86)\Evernote\Evernote\EvernoteCleanup.exe”=0x534 14350010000000000000007000000280000000866020074D50 20001000000000000000000000A71220000BFA2139DEDD1D30 10000000000000000020000002800000000000000000000400 00000000000000000000000000000003F00000000000000010 0000001000000
“C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe”=0x53414350010000000000000007 00000028000000D00214006298140003000000000000000000 000A00210000BFA2139DEDD1D3010000000000000000020000 00280000000000000000000000000000000000000000000000 00000000291B0000000000000100000001000000
“C:\Users\denni\AppData\Roaming\uTorrent Web\Uninstall.exe”=0x53414350010000000000000007000 00028000000B0CF03002050040003000000000000000000000 A00210000BFA2139DEDD1D3010000000000000000050000001 00000000000000000000000000000000000000002000000280 00000000000000000000000000000000000000000000000000 00044210000000000000100000001000000
“C:\Users\denni\Desktop\FRST64(1).exe”=0x534143500 100000000000000070000002800000000182500B1AF2500010 00000000000000000000A00210000BFA2139DEDD1D30100000 00000000000
“C:\Users\denni\Desktop\aswmbr.exe”=0x534143500100 0000000000000700000028000000005A4F0000000000010000 00000000000000000A71220000BFA2139DEDD1D30100000000 00000000
“C:\Users\denni\Desktop\adwcleaner_7.4.exe”=0x5341 435001000000000000000700000028000000C854740054F074 0001000000000000000000000A00210000BFA2139DEDD1D301 0000000000000000
“C:\Users\denni\Desktop\quickdiag_V5_27.02.19.1.ex e”=0x534143500100000000000000070000002800000098F74 E00B9194F0001000000000000000000000A00210000BFA2139 DEDD1D30100000000000000000200000028000000000000000 000004000000000000000000000000000000000A78B0300000 000000100000001000000
“C:\Users\denni\Desktop\Adware Removal Tool by TSA.exe”=0x534143500100000000000000070000002800000 0A87A0B0004E60B0001000000000000000000000A71220000B FA2139DEDD1D30100000000000000000500000010000000000 00000000000000000000000000000020000002800000000000 0000000004000000000000000000000000000000000B191170 0000000000200000002000000

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“Beep”=#USR:Control Panel\Sound
“CoolSwitch”=USR:Control Panel\Desktop
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SwapMouseButtons”=#USR:Control Panel\Mouse
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=132074991441642178

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“ProductAppDataPath”=C:\ProgramData\Microsoft\Wind ows Defender
“ProductIcon”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
“ProductLocalizedName”=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
“RemediationExe”=%ProgramFiles%\Windows Defender\MSASCui.exe
“ProductType”=2
“InstallTime”=0x42A5C5428139D501
“InstallLocation”=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0
“TrustedImageIdentifier”={X556UR00-0000-0000-0000-000000000000}
“OOBEInstallTime”=0xF0B05ECA7939D501
“DisableAntiSpyware”=0
“DisableAntiVirus”=0
“ProductStatus”=0
“LastEnabledTime”=0x85604FAE7D39D501
“ManagedDefenderProductType”=0
“ReportingGUID”=C297EE81-9324-B349-F403-D4DF5114B298
“BackupLocation”=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts

---------- | Ping

Pinging google.com [172.217.23.206] with 32 bytes of data:
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53

Ping statistics for 172.217.23.206:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 18ms, Average = 18ms

---------- | @

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Internet Explorer\Main]
“Anchor Underline”=yes
“Cache_Update_Frequency”=yes
“Disable Script Debugger”=yes
“DisableScriptDebuggerIE”=yes
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Local Page”=%11%\blank.htm
“Save_Session_History_On_Exit”=no
“Search Page”= Search - Microsoft Bing
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“UseClearType”=no
“XMLHTTP”=1
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page”= MSN
“Default_Page_URL”= MSN
“DisableFirstRunCustomize”=3
“ImageStoreRandomFolder”=w2jn42f

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“DisableCachingOfSSLPages”=0
“IE5_UA_Backup_Flag”=5.0
“PrivacyAdvanced”=1
“SecureProtocols”=2688
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“CertificateRevocation”=1
“ZonesSecurityUpgrade”=0x343151ECCC33D201
“WarnonZoneCrossing”=0
“EnableNegotiate”=1
“MigrateProxy”=1
“ProxyEnable”=0
“LockDatabase”=132074959328110586

[HKLM\Software\Microsoft\Internet Explorer\Main]
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Start Page”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\System32\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
“TabProcGrowth”=Medium

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“AutoHide”=yes
“Start Page”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Default_Page_URL”= MSN
“Default_Search_URL”= Search - Microsoft Bing
“Default_Secondary_Page_URL”=
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Extensions Off Page”=about:NoAdd-ons
“Local Page”=C:\Windows\SysWOW64\blank.htm
“Placeholder_Height”=0x1A000000
“Placeholder_Width”=0x1A000000
“Search Page”= Search - Microsoft Bing
“Security Risk Page”=about:SecurityRisk
“Use_Async_DNS”=yes
“x86AppPath”=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“Home”=270
“InPrivate”=res://ieframe.dll/inprivate.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“PostNotCached”=res://ieframe.dll/repost.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\DefaultPrefix]
“”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\URL\Prefixes]
“ftp”=ftp://
“home”=http://
“mosaic”=http://
“www”=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Internet settings]
“ActiveXCache”=C:\Windows\Downloaded Program Files
“CodeBaseSearchPath”=CODEBASE
“EnablePunycode”=1
“MinorVersion”=0
“WarnOnIntranet”=1

---------- | Proxy

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} –
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} –
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} –

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=

---------- | Toolbar

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) -

---------- | SearchScopes

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - Google {searchTerms}&sourceid=ie7&rls=com.microsoft:{lang uage}:{referrer:source}&ie={inputEncoding?}&oe={ou tputEncoding?} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - Google {searchTerms}&sourceid=ie7&rls=com.microsoft:{lang uage}:{referrer:source}&ie={inputEncoding?}&oe={ou tputEncoding?} :

---------- | Browser Helper Objects

---------- | Chrome

C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhon fmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfi lokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigk jlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [ http://docs.google.com/http://drive....ve.google.com/ ] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddi lifddb = : MSG_description - short_name: MSG_name - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebReques tBlockingwebNavigationstorageunlimitedStoragenotif ications] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpeb giejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi = : MSG_extDesc - MSG_extName - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegiea cbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\ihcjicgdanjaechkgeegckofjj edodee = : The fastest and safest web browsing experience. - Malwarebytes Browser Extension - permissions:[downloadsstoragetabswebRequestwebRequestBlockingun limitedStorage\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx

---------- | Opera

---------- | Firefox

[HKLM\Software\WOW6432Node\MozillaPlugins@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{2670b808-8c92-4106-b1e6-d42996d50301}]
“DhcpNameServer”=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{a4770a48-bbb9-4051-8148-596b9b597b3c}]
“DhcpNameServer”=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{2670b808-8c92-4106-b1e6-d42996d50301}]
“DhcpNameServer”=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{a4770a48-bbb9-4051-8148-596b9b597b3c}]
“DhcpNameServer”=192.168.1.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\chrome.exe] : “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” – “%1”
[HKLM\SOFTWARE\Classes\Applications\et.exe] : “C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\et.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1” /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\Classes\Applications\wpp.exe] : “C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wpp.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\wps.exe] : “C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wps.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\chr ome.exe] : “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” – “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\et. exe] : “C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\et.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iex plore.exe] : “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\not epad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\pro vtool.exe] : “%SystemRoot%\System32\provtool.exe” “%1” /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmp layer.exe] : “%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wor dpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wpp .exe] : “C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wpp.exe” “%1”
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wps .exe] : “C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wps.exe” “%1”

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
“rdxgroup”=RetailDemo
“wusvcs”=WaaSMedicSvc
“BthAppGroup”=BluetoothUserService
“BcastDVRUserService”=BcastDVRUserService
“Camera”=FrameS
“diagnostics”=DiagSvc
“PrintWorkflow”=PrintWorkflowUserSvc
“GraphicsPerfSvcGroup”=GraphicsPerfSvc
“DevicesFlow”=DevicesFlowUserSvc
DevicePickerUserSvc
“smbsvcs”=lanmanserver
browser

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
“DcomLaunch”=PlugPlay
DcomLaunch
DeviceInstall
“PrintWorkflow”=PrintWorkflowUserSvc
“smbsvcs”=lanmanserver

---------- | SvcHost - Netsvcs (Whitelist)

---------- | Software

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\AppDataLow]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\ASUS]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Chromium]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\DropboxUpdate]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\ECAREME]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Google]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Intel]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\MacroMouse]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\nwjs]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Opera Stable Offer]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Policies]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Realtek]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\sysinternals]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Valve]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Agere]
[HKLM\Software\ASUS]
[HKLM\Software\Atheros]
[HKLM\Software\Clients]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\ECAREME]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\ICEpower]
[HKLM\Software\Intel]
[HKLM\Software\IPS]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\LSI]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Network Associates]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Waves Audio]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResource Manager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr ictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFir ewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Adware Removal Tool by TSA]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\ATHEROS]
[HKLM\Software\WOW6432Node\Bloody]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\ECAREME]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Kingsoft]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Network Associates]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Qualcomm Atheros]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\SRS Labs]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickN ote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Enterp riseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStor age]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Script edDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Window s Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr ictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFir ewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives

---------- | C:

[13/07/2019 14:38:42] - |SHD| - [387] - C:$Recycle.Bin
[13/07/2019 13:31:01] - |HD| - [100608019] - C:$SysReset
[01/08/2019 13:48:01] - |D| - [8018992] - C:\AdwCleaner
[03/04/2016 15:09:57] - |SHD| - [18457756] - C:\Boot
[MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
[01/11/2016 09:30:54] - |D| - [2762305961] - C:\eSupport
[31/07/2019 09:23:25] - |D| - [108860159] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/07/2019 15:44:35] - |ASH| - (.-.) - [3380232192] - (0.0.0.0) - C:\hiberfil.sys
[13/07/2019 15:36:13] - |HD| - [267764] - C:\Intel
[20/01/2019 23:58:35] - |RHD| - [802660306] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/11/2016 00:31:38] - |ASH| - (.-.) - [1342177280] - (0.0.0.0) - C:\pagefile.sys
[13/07/2019 14:38:42] - |HD| - [0] - C:\PerfLogs
[13/07/2019 14:38:42] - |RD| - [4358857483] - C:\Program Files
[13/07/2019 14:38:42] - |RD| - [26554956165] - C:\Program Files (x86)
[13/07/2019 14:38:42] - |HD| - [717144891] - C:\ProgramData
[01/08/2019 13:52:23] - |D| - [393775] - C:\QuickDiag
[MD5.DBBFFAEBAD7736DC41AF7A04E1C0166C] - [01/08/2019 14:26:18] - |A| - (.-.) - [136047] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.56D15E8F2A0E4C39007F34715B911CBA] - [01/08/2019 13:56:13] - |RAST| - (.-.) - [322949] - (0.0.0.0) - C:\QuickDiag_01_08_2019_13_56_13.txt
[03/04/2016 06:12:01] - |SHD| - [4954849342] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/11/2016 00:31:38] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[01/11/2016 09:25:42] - |SHD| - [0] - C:\System Volume Information
[13/07/2019 14:34:00] - |RD| - [1195871021] - C:\Users
[13/07/2019 14:34:00] - |D| - [39133053399] - C:\Windows

---------- | C:\WINDOWS

[MD5.A486C15BA34B4C23677AA34F47CE2C0D] - [01/11/2016 00:50:37] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\WINDOWS\ACU.ico
[13/07/2019 14:38:42] - |D| - [802] - C:\WINDOWS\addins
[13/07/2019 14:38:42] - |D| - [10006297] - C:\WINDOWS\appcompat
[13/07/2019 14:38:42] - |D| - [8280510] - C:\WINDOWS\apppatch
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\AppReadiness
[MD5.F3B25701FE362EC84616A93A45CE9998] - [01/11/2016 09:30:54] - |A| - (.-.) - [2] - (0.0.0.0) - C:\WINDOWS\AsCDProc.log
[MD5.3B8ACE958BAFB2187C0D560218AC149A] - [18/05/2016 08:24:27] - |A| - (.-.) - [24] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt
[MD5.FE5B1AD554FCE7597EDB2C70DECE162A] - [03/04/2016 15:03:41] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt
[MD5.52100AC9ECF4B21B0A32155A635E8C97] - [17/02/2016 08:54:52] - |A| - (.-.) - [80] - (0.0.0.0) - C:\WINDOWS\ASOFSVer.txt
[MD5.410C0F4B8FD2594365D1311257C99C1C] - [01/11/2016 09:31:17] - |A| - (.-.) - [96] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt
[13/07/2019 14:38:42] - |RSD| - [881032967] - C:\WINDOWS\assembly
[MD5.467E7BA4A4ECB38F6046BDC6699DB24E] - [01/11/2016 09:31:17] - |A| - (.-.) - [55] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt
[13/07/2019 14:49:57] - |D| - [412898245] - C:\WINDOWS\ASUS
[13/07/2019 14:38:42] - |D| - [720353] - C:\WINDOWS\bcastdvr
[MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |N| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe
[13/07/2019 14:38:42] - |D| - [38319551] - C:\WINDOWS\Boot
[MD5.3ACEABE9E81F7FEE46252BA9783292C3] - [13/07/2019 14:49:44] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[13/07/2019 14:38:42] - |D| - [2448472] - C:\WINDOWS\Branding
[13/07/2019 14:34:47] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.EF26845B2194269AE85BFC918EDE0066] - [01/11/2016 01:17:15] - |A| - (.-.) - [6586] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 20:19:51] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml
[03/04/2016 14:39:23] - |D| - [0] - C:\WINDOWS\cs-CZ
[MD5.F7C6DE1B6A6C7B1A36E0615B4BF980CC] - [03/04/2016 06:21:00] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt
[13/07/2019 14:38:42] - |D| - [11482410] - C:\WINDOWS\Cursors
[13/07/2019 14:38:42] - |D| - [3549] - C:\WINDOWS\debug
[30/10/2015 09:24:24] - |RD| - [0] - C:\WINDOWS\DesktopTileResources
[MD5.EF82B304067EDCF3CF990A42DE93B695] - [01/11/2016 01:17:15] - |A| - (.-.) - [9510] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[13/07/2019 14:38:42] - |D| - [4590061] - C:\WINDOWS\diagnostics
[MD5.EF82B304067EDCF3CF990A42DE93B695] - [01/11/2016 01:17:15] - |A| - (.-.) - [9510] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[13/07/2019 14:41:58] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.36E93D99FE6F386D3F8F903614EF3ECD] - [13/07/2019 16:23:00] - |A| - (.-.) - [10009] - (0.0.0.0) - C:\WINDOWS\DirectX.log
[13/07/2019 14:38:42] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.A3B69E7B332E2A27D016AFB44F1B46FB] - [01/11/2016 00:55:36] - |A| - (.-.) - [4820] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.163244DB517D466A45AC22523F2C6AEC] - [18/05/2016 08:17:44] - |A| - (.-.) - [4783] - (0.0.0.0) - C:\WINDOWS\DriverCD_Template.txt
[MD5.38F419B92196B7C1A6B38872370D99EE] - [13/07/2019 14:40:29] - |A| - (.-.) - [3610] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[13/07/2019 14:38:42] - |HD| - [44616] - C:\WINDOWS\ELAMBKUP
[30/10/2015 20:10:40] - |D| - [0] - C:\WINDOWS\en-GB
[13/07/2019 14:41:58] - |D| - [49152] - C:\WINDOWS\en-US
[MD5.A1D1CE7D323A357163A500CDC15EDA54] - [11/07/2019 09:59:03] - |A| - (.© Microsoft Corporation. Všetky práva vyhradené. - Prieskumník.) - [4038688] - (10.0.17134.858) - C:\WINDOWS\explorer.exe
[MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 08:50:32] - |A| - (.-.) - [176] - (0.0.0.0) - C:\WINDOWS\explorer.exe.config
[13/07/2019 14:48:10] - |D| - [6162432] - C:\WINDOWS\Firmware
[13/07/2019 14:38:42] - |RSD| - [375389372] - C:\WINDOWS\Fonts
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[13/07/2019 14:38:42] - |D| - [46780131] - C:\WINDOWS\Globalization
[13/07/2019 14:38:42] - |D| - [71423676] - C:\WINDOWS\Help
[MD5.30D302335B017DC3B53519BD9E33D763] - [13/02/2019 18:50:09] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Microsoft Help and Support.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe
[MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Microsoft® HTML Help Executable.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe
[03/04/2016 14:46:26] - |D| - [0] - C:\WINDOWS\hu-HU
[13/07/2019 14:38:42] - |D| - [29869] - C:\WINDOWS\IdentityCRL
[13/07/2019 14:38:42] - |D| - [28826518] - C:\WINDOWS\IME
[13/07/2019 14:38:42] - |RD| - [8489249] - C:\WINDOWS\ImmersiveControlPanel
[13/07/2019 14:37:29] - |D| - [134129533] - C:\WINDOWS\INF
[13/07/2019 14:49:51] - |D| - [1851212250] - C:\WINDOWS\InfusedApps
[13/07/2019 14:38:42] - |D| - [38137502] - C:\WINDOWS\InputMethod
[MD5.48D8D206C3E099D3B6F3696601F7EE7A] - [01/11/2016 00:33:54] - |A| - (.-.) - [1926186] - (0.0.0.0) - C:\WINDOWS\Inst.log
[13/07/2019 14:38:42] - |SHD| - [150932187] - C:\WINDOWS\Installer
[MD5.64B6EE9D188DB07B8CD2E0D7C65A4399] - [01/11/2016 00:58:12] - |A| - (.-.) - [1102] - (0.0.0.0) - C:\WINDOWS\Inst_AsModelCopy.log
[MD5.9F6546121B75E19513BF7E8F82149BD5] - [01/11/2016 00:35:24] - |A| - (.-.) - [19994] - (0.0.0.0) - C:\WINDOWS\Inst_CMD.log
[MD5.D227CD39635AB84D46BD79736588AF84] - [01/11/2016 00:36:05] - |A| - (.-.) - [682196] - (0.0.0.0) - C:\WINDOWS\Inst_Device.log
[13/07/2019 14:38:42] - |D| - [94163] - C:\WINDOWS\L2Schemas
[13/07/2019 14:38:42] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[03/04/2016 14:12:22] - |D| - [18686750] - C:\WINDOWS\Log
[13/07/2019 14:38:42] - |D| - [24394768] - C:\WINDOWS\Logs
[MD5.E53E4D67879C09B22978144BAC37E49B] - [13/07/2019 15:35:19] - |A| - (.-.) - [1376] - (0.0.0.0) - C:\WINDOWS\lsasetup.log
[13/07/2019 14:38:42] - |RSD| - [20486563] - C:\WINDOWS\media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |N| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[13/07/2019 14:38:42] - |RD| - [779332806] - C:\WINDOWS\Microsoft.NET
[13/07/2019 14:38:42] - |D| - [3135] - C:\WINDOWS\Migration
[31/07/2019 09:34:13] - |D| - [0] - C:\WINDOWS\Minidump
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Poznámkový blok.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [13/07/2019 15:36:45] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[13/07/2019 14:42:20] - |D| - [254036] - C:\WINDOWS\OCR
[13/07/2019 14:38:42] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[13/07/2019 14:33:58] - |D| - [137033327] - C:\WINDOWS\Panther
[13/07/2019 14:38:42] - |D| - [390801] - C:\WINDOWS\Performance
[MD5.42E88E9FDE054E851C07EF6317C48FBF] - [13/07/2019 16:29:23] - |A| - (.-.) - [22240] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[03/04/2016 14:32:45] - |D| - [0] - C:\WINDOWS\pl-PL
[13/07/2019 14:38:42] - |D| - [1121835] - C:\WINDOWS\PLA
[13/07/2019 14:38:42] - |D| - [2648711] - C:\WINDOWS\PolicyDefinitions
[13/07/2019 14:38:42] - |D| - [3889321] - C:\WINDOWS\prefetch
[13/07/2019 14:38:42] - |RD| - [1965018] - C:\WINDOWS\PrintDialog
[13/07/2019 14:38:42] - |D| - [5519070] - C:\WINDOWS\Provisioning
[30/10/2015 09:24:24] - |RD| - [0] - C:\WINDOWS\PurchaseDialog
[MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |N| - (.© Microsoft Corporation. - Registry Editor.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe
[13/07/2019 14:38:42] - |D| - [1094420] - C:\WINDOWS\Registration
[13/07/2019 14:38:42] - |D| - [3678312] - C:\WINDOWS\rescache
[13/07/2019 14:38:42] - |D| - [5057489] - C:\WINDOWS\Resources
[MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [01/11/2016 00:47:39] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\SchCache
[13/07/2019 14:38:42] - |D| - [122082] - C:\WINDOWS\schemas
[13/07/2019 14:38:42] - |D| - [7623788] - C:\WINDOWS\security
[13/07/2019 15:35:20] - |D| - [65191504] - C:\WINDOWS\ServiceProfiles
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\ServiceState
[13/07/2019 14:34:00] - |D| - [75426716] - C:\WINDOWS\servicing
[13/07/2019 14:44:28] - |D| - [42] - C:\WINDOWS\Setup
[MD5.57C0BE9D6EB97B60F8C33EC573EB0BB9] - [13/07/2019 15:35:55] - |A| - (.-.) - [1840] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.5D13D3C5156E54E115644CF0A19141A2] - [13/07/2019 15:35:55] - |A| - (.-.) - [107] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[13/07/2019 14:38:42] - |D| - [6443008] - C:\WINDOWS\ShellComponents
[13/07/2019 14:38:42] - |D| - [53634048] - C:\WINDOWS\ShellExperiences
[30/10/2015 20:19:04] - |D| - [0] - C:\WINDOWS\ShellNew
[13/07/2019 14:41:58] - |D| - [50688] - C:\WINDOWS\sk-SK
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\SKB
[01/11/2016 00:32:56] - |D| - [305374505] - C:\WINDOWS\SoftwareDistribution
[13/07/2019 14:38:42] - |D| - [15504633] - C:\WINDOWS\Speech
[13/07/2019 14:38:42] - |D| - [19459183] - C:\WINDOWS\Speech_OneCore
[MD5.1CC7C7CCB919892585890F22DB69258D] - [11/07/2019 09:58:52] - |N| - (.© Microsoft Corporation. - Print driver host for applications.) - [131072] - (10.0.17134.885) - C:\WINDOWS\splwow64.exe
[13/07/2019 14:38:42] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[13/07/2019 14:34:00] - |D| - [21590546459] - C:\WINDOWS\System32
[13/07/2019 14:38:42] - |D| - [225487048] - C:\WINDOWS\SystemApps
[13/07/2019 14:38:42] - |D| - [25664857] - C:\WINDOWS\SystemResources
[13/07/2019 14:38:42] - |D| - [1697244579] - C:\WINDOWS\SysWOW64
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\TAPI
[30/10/2015 09:24:25] - |D| - [854] - C:\WINDOWS\Tasks
[13/07/2019 14:38:42] - |D| - [154197] - C:\WINDOWS\Temp
[13/07/2019 14:38:42] - |D| - [13610496] - C:\WINDOWS\TextInput
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\tracing
[13/07/2019 14:38:42] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |N| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[13/07/2019 14:38:42] - |D| - [12420] - C:\WINDOWS\Vss
[13/07/2019 14:38:42] - |D| - [25818] - C:\WINDOWS\WaaS
[13/07/2019 14:38:42] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.60CDAF0811BF825164C0E246F4F5620D] - [30/10/2015 09:24:29] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |H| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [03/04/2016 06:22:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Windows Winhlp32 Stub.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe
[13/07/2019 14:34:00] - |D| - [9916692711] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |N| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |N| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[19/01/2016 07:54:47] - C:\WINDOWS\Installer\132ec9.msi : (Device Setup - ASUSTek Computer Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2016 00:48:53] - C:\WINDOWS\Installer\19355.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2016 00:49:19] - C:\WINDOWS\Installer\1935c.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2015 08:52:24] - C:\WINDOWS\Installer\19360.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/06/2018 17:31:30] - C:\WINDOWS\Installer\1ba4b7d.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2015 07:49:26] - C:\WINDOWS\Installer\67b5.msi : (Intel(R) Serial IO - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/12/2015 12:08:52] - C:\WINDOWS\Installer\6b5f.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2015 11:23:00] - C:\WINDOWS\Installer\6d38.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/08/2015 19:07:44] - C:\WINDOWS\Installer\715a.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2016 00:58:14] - C:\WINDOWS\Installer\8b5a.msi : (AudioWizard - ICEpower a/s) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 08:18:06] - C:\WINDOWS\Installer\9695.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 08:18:56] - C:\WINDOWS\Installer\9699.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 08:19:12] - C:\WINDOWS\Installer\969d.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/05/2015 19:27:22] - C:\WINDOWS\Installer\96a1.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/05/2015 03:25:00] - C:\WINDOWS\Installer\96a5.msi : (Intel® Security Assist - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/11/2015 09:55:46] - C:\WINDOWS\Installer\a2ab.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/07/2019 14:53:54] - C:\WINDOWS\Installer\d2975.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/03/2019 21:03:32] - C:\WINDOWS\Installer\d297b.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%*.in*

[12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[03/04/2016 06:19:22] - [838560] - C:\WINDOWS\System32\PerfStringBackup.INI
[12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini
[12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/07/2019 22:52:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/07/2019 22:52:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.C8777FDE627FAA526E2FAE0DFC4FFA87] - |A| - [01/08/2019 13:48:18] - (.-.) - [15.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HighPerformancePlan.log
[MD5.4E20A7B3A8279D4383811F3F3CDFD7C0] - |A| - [31/07/2019 09:13:11] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mb_errors6492.log
[MD5.7219E68C6ED01E612BBBE61CCF23DEF1] - |A| - [22/07/2019 04:58:40] - (.-.) - [74.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.29AAF84F0982585CE6392831DD91467F] - |A| - [30/07/2019 00:19:27] - (.-.) - [44.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.D08606EFC25C45EDFA332A10675C5519] - |A| - [01/08/2019 13:48:18] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PowerPlan.log
[MD5.76F1A85AEBFF9DCC4422EF925C281DCA] - |A| - [01/08/2019 13:48:17] - (.-.) - [16.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\UsoStoreFile.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:58] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |N| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |N| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |N| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |N| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |N| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |N| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |N| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |N| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WiFiNotificationIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |N| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |N| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |N| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |N| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |N| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32@WwanSimLockIcon.png
[MD5.FA014663F5E9DA41391A70828E6531EC] - |A| - [01/11/2018 01:33:04] - (.-.) - [115.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |N| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\as-IN
[MD5.5376DA98A7940DAA2DBC3D38DF100166] - |A| - [01/11/2018 01:33:48] - (.ASUSTeK COMPUTER INC. - ASUS WMI Interface for Gaming DT/NB.) - [171.52 Ko] - (3.0.0.1) - C:\WINDOWS\System32\ATKWMI.dll
[MD5.7C4B511638DA6C989365A81E27BDCD5F] - |A| - [01/11/2018 01:33:06] - (.-.) - [102.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |N| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.D282CC8607B66AB15225468B836C2898] - |A| - [01/11/2016 01:13:48] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AxeLog-000.etl
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.705628497C0012302212A46ADD463E6E] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIco n.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIco n.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIco n.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIco n.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contr ast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [4833.51 Ko] - C:\WINDOWS\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA
[MD5.06DB0A736F8A78151518276F232669FC] - |N| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [76378.63 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [29629.3 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [3461.39 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [18/05/2016 08:18:15] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [368 Ko] - C:\WINDOWS\System32\com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png
[MD5.04437926A6F8D9DF73F60B079E39432E] - |A| - [01/11/2018 01:33:06] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.55 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [231977.99 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [49.3 Ko] - C:\WINDOWS\System32\Configuration
[MD5.0E7CCD69215CA3615CDF824D81D82D1B] - |A| - [30/11/2016 03:06:38] - (.-.) - [547.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:39:24] - [0 Ko] - C:\WINDOWS\System32\cs
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |N| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe
[MD5.CC98160AED3EE674CC8CA8BD20D44D8E] - |A| - [01/11/2016 00:47:41] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [399 Ko] - C:\WINDOWS\System32\da-DK
[MD5.48E51DAA9278C41213957795D439A274] - |N| - [14/11/2018 00:04:42] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:36:23] - [14122.32 Ko] - C:\WINDOWS\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:36:23] - [9568.75 Ko] - C:\WINDOWS\System32\DAX3
[MD5.F3D8953D9DD688F642277DD6E9605D2A] - |A| - [01/11/2018 01:33:50] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1507.95 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOProp.dll
[MD5.1ED773D545D4A713A4D3A8889C6FC800] - |A| - [01/11/2018 01:33:52] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1340.12 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOv251.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [217.6 Ko] - C:\WINDOWS\System32\DDFs
[MD5.E07AB7C2FEC33FD496F08AAB97B1F055] - |A| - [01/11/2018 01:33:52] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [271.65 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.F3ED2B35A03A9D6134E0E6C2C873C4A9] - |A| - [01/11/2018 01:33:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [308.47 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll
[MD5.A0D9EC25DEB7D6633D0E82F293B0F4FA] - |A| - [01/11/2018 01:33:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1925.06 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.9F3D203D2FD29EFCF6B6DAC8F63AB783] - |A| - [01/11/2018 01:33:56] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1918.99 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll
[MD5.C1F72143D126FF275EB8E8E66B449871] - |A| - [01/11/2018 01:33:56] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [325.1 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.581A5DA51F80025AFA45C8D78962C373] - |A| - [01/11/2018 01:33:58] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [358.89 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll
[MD5.0D0934946802B676458EF7CABBEC80C5] - |A| - [01/11/2018 01:33:08] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6935.4 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.2A9C040F20026212A5B63D3FC6090B69] - |A| - [01/11/2018 01:33:10] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6123.32 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [453 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |N| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |N| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [13/07/2019 14:38:45] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |N| - [14/11/2018 00:05:08] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |N| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [946 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |N| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [9745.57 Ko] - C:\WINDOWS\System32\Dism
[MD5.BE8941F76F047859A35CA1AAC9763C57] - |A| - [18/05/2016 08:18:18] - (.-.) - [806.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contras t-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png
[MD5.7496F2FB8ACF41CEEEB222F041F21120] - |A| - [01/11/2018 01:33:58] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1414.72 Ko] - (1.1.5.3) - C:\WINDOWS\System32\DolbyAPOv251gm.dll
[MD5.39515C2C3865E92DBACFBEE78B8EADA9] - |A| - [01/11/2018 01:34:00] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1137.22 Ko] - (1.6.1.2) - C:\WINDOWS\System32\DolbyAPOvlldpgm.dll
[MD5.D53167F0BDE21E274050D6EF2CDDE20C] - |A| - [01/11/2018 01:33:12] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1132.1 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll
[MD5.AEA1DD65498C1BA796E4C747B6632211] - |A| - [01/11/2018 01:34:00] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2387.28 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll
[MD5.CD34B3D358272BB45910A8EB3EA5D81B] - |A| - [01/11/2018 01:34:02] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.57 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll
[MD5.FE3CC6FD3A3145FCDB3405CF0F654C39] - |A| - [01/11/2018 01:34:04] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1230.1 Ko] - (1.6.1.53) - C:\WINDOWS\System32\DolbyDAX2APOvlldp.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:25] - [131061.52 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\DriverState
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [17206013.42 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [152 Ko] - C:\WINDOWS\System32\dsc
[MD5.E7BC29DD34E5C461CFFA2810674E6E72] - |A| - [01/11/2018 01:34:04] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [733.59 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.6004CB691FD2A13A86967CC6EDDDBEC6] - |A| - [01/11/2018 01:34:06] - (.(c) DTS. - DTS Boost COM DLL.) - [1480.63 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.F0F3A8A317B2F2305F55C5D5A788B7CC] - |A| - [01/11/2018 01:34:06] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [437.98 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.F9680EB5A6AE374B2E7B313911E894A2] - |A| - [01/11/2018 01:34:06] - (.(c) DTS. - DTS GFX APO.) - [255.01 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.D2E4F7325D47262C0ADE38EF849F23AE] - |A| - [01/11/2018 01:34:08] - (.(c) DTS. - DTS GFX APO.) - [254.01 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll
[MD5.13204A18ADD052D3B0B414BA3C3CC125] - |A| - [01/11/2018 01:34:10] - (.(c) DTS. - DTS LFX APO.) - [254.98 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.AB57D934C2117AD9A2E5055560208222] - |A| - [01/11/2018 01:34:10] - (.(c) DTS. - DTS Limiter COM DLL.) - [442.02 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.7BF6E609E4B0392EDE1208B6C9465E10] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [499.55 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.4AD278185666C0DA26CC5E37EE72490C] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1561.04 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.81AF343FFF1587C5C0455AA96CFF81C6] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1746.15 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.9E40383D46BA9D1EADCC9952DC28A9C7] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS Symmetry COM DLL.) - [717.66 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll
[MD5.21F6F0EB305EEDB65D0AF6A8F60AD5C0] - |A| - [01/11/2016 00:47:41] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll
[MD5.FCEB8EE508639D7595F1D3F9D1125D49] - |A| - [01/11/2016 00:47:41] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll
[MD5.D1F5BEBC01177215FD588D4E865A4A8A] - |A| - [01/11/2016 00:47:41] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll
[MD5.12F33558AA9A500CEE7891E8A7FAB7F3] - |A| - [01/11/2018 01:34:14] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [698.98 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |N| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |N| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |N| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |N| - [13/02/2019 18:50:07] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [451.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.8366D9B73AFF416327D220B4C99E8F96] - |A| - [13/07/2019 15:45:23] - (.-.) - [22.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:58] - [3118 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [324 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [24692.09 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [433.5 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [358.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [318.5 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [17114.64 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR
[MD5.4DBB768C8F7E49566670FF10A61726A3] - |N| - [11/07/2018 15:02:06] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll
[MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |N| - [11/07/2018 15:01:55] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll
[MD5.BB0137476B1EC8B10CE944BF023C91F6] - |N| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |N| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |N| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [18/05/2016 08:18:18] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv
[MD5.6DDE0D9A989B051291FA178F9B8AC032] - |A| - [13/07/2019 15:35:19] - (.-.) - [385.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [369 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [447.5 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |N| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [34 Ko] - C:\WINDOWS\System32\gd-GB
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/07/2019 15:36:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\System32\gl-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.con trast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png
[MD5.3144A3B5D89C2F561659AE3F66B3E3D1] - |A| - [01/11/2018 01:33:14] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.84 Ko] - (1.2.0.0) - C:\WINDOWS\System32\HarmanAudioInterface.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [327.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contr ast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contras t-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png
[MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |N| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\hi-IN
[MD5.4CB8E69ADA9D1725CFD6ED9FCAF3C756] - |A| - [01/11/2018 01:33:14] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.6 Ko] - (0.8.8.85) - C:\WINDOWS\System32\HiFiDAX2API.dll
[MD5.1BC92F3C69DE7B9A2852663B4D377402] - |A| - [01/11/2018 01:34:14] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [397.02 Ko] - (1.6.1.53) - C:\WINDOWS\System32\HiFiDAX2APIPCLL.dll
[MD5.FFBC71132719BD842504A3D9C23C59ED] - |A| - [01/11/2018 01:34:14] - (.© Harman. - Audio by Harman APO.) - [352 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMClariFi.dll
[MD5.F237081E728B11237F90464380C6F772] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [186.56 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ.dll
[MD5.B2B927AF197BC43EEE470BC9C1BCC146] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [186.56 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ_Voice.dll
[MD5.F490B5C7C14374FE88DA6123AA9D3DCE] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [199.16 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMHVS.dll
[MD5.15E1D176BAD54AE6283B6956B6A96122] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [175.48 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMLimiter.dll
[MD5.58F1740F6D7C5431D1F9142E338C9121] - |A| - [01/11/2018 01:33:16] - (.?Harman. - Audio by Harman APO UI.) - [406.83 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMUI.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [335 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:46:27] - [0 Ko] - C:\WINDOWS\System32\hu
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [411 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |N| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.A6529B401AD0A81124F54CCD04CDB9F6] - |A| - [01/11/2018 01:34:16] - (.Copyright (c) 2018, ICEpower a/s - ICEpower ICEsound APO.) - [863.84 Ko] - (1.0.0.39) - C:\WINDOWS\System32\ICEsoundAPO64.dll
[MD5.C6AC6E35D9B28E59E8612E35EEF78923] - |A| - [01/11/2018 01:14:28] - (.-.) - [197.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ICEsoundService.bin
[MD5.8F085579FC9202B3782536B557A5E7E1] - |A| - [01/11/2018 01:33:16] - (.Copyright (c) 2018, ICEpower a/s - ICEpower ICEsound APO service.) - [787.45 Ko] - (1.0.0.39) - C:\WINDOWS\System32\ICEsoundService64.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.CD591279F103D5E02F84ABD7ED450E57] - |N| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.4185EE055F39FD2D726A91E6A8A1A093] - |N| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\System32\ig-NG
[MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [18/05/2016 08:18:24] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin
[MD5.D68CFBF223EB2B0CC7EAF61940C25BDC] - |A| - [18/05/2016 08:18:28] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [400.37 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.E8F98FDC766AEFB0EAC4EC490694EA77] - |A| - [18/05/2016 08:18:28] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1523 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.A3DD07E4C4BEE6CFC2369245D0144ED2] - |A| - [18/05/2016 08:18:29] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [399.34 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.B3C180B612558C19629E768F4CE1BA5D] - |A| - [30/11/2016 08:33:42] - (.-.) - [265.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.AA35528CAF42327481F20E3F6303776D] - |A| - [18/05/2016 08:18:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.95B4678F53CF8A99B0AB5633C4478E64] - |A| - [18/05/2016 08:18:29] - (.-.) - [65.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.D6DFBE0CFCB12AAB4F0D1DCCE7162DE0] - |A| - [18/05/2016 08:18:29] - (.-.) - [76 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.03DE1512E98690F9A3413BC1FE2E0C63] - |A| - [18/05/2016 08:18:29] - (.-.) - [11.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.C30A6D006BFDC367F8B3EFBB1C9B7977] - |A| - [18/05/2016 08:18:29] - (.-.) - [11.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.037C9C315E0B8F784AF2CC5098A8C17E] - |A| - [18/05/2016 08:18:29] - (.-.) - [10 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.EC78BA8368C7C408B057BCA7DA0DEC2B] - |A| - [18/05/2016 08:18:29] - (.-.) - [10 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.303D8DEFF349152B7FDEABA8512B118A] - |A| - [18/05/2016 08:18:30] - (.-.) - [5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.48D78F1D97DE2648F75CDB83E9991830] - |A| - [18/05/2016 08:18:30] - (.-.) - [5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.F1AE13473E6B6C8C4FF2FE6689C8371C] - |A| - [18/05/2016 08:18:30] - (.-.) - [984.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe
[MD5.EC8DFEED86137795A660C07EECC0FC9A] - |A| - [18/05/2016 08:18:30] - (.-.) - [81.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll
[MD5.62C3AD4CFDEC4C123AEE09F966498F77] - |A| - [18/05/2016 08:18:30] - (.-.) - [92 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll
[MD5.02112BAC9497F6FAE72456EAE8A7765A] - |A| - [18/05/2016 08:18:30] - (.-.) - [375.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [18/05/2016 08:18:30] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [18/05/2016 08:18:30] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [18/05/2016 08:18:30] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [18/05/2016 08:18:30] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [18/05/2016 08:18:30] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [18/05/2016 08:18:30] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [18/05/2016 08:18:30] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [18/05/2016 08:18:30] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.52EF5E741AC045DC4D1E313FADD53107] - |A| - [18/05/2016 08:18:30] - (.-.) - [4.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.67B646C256190F118619C9D10AAE4B5C] - |N| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [01/11/2016 00:48:53] - [2848.42 Ko] - C:\WINDOWS\System32\ihvmanager
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [18/05/2016 08:18:31] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [25221.12 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.BB1480586B5C174900A1051CEB2B462F] - |N| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:35:54] - [14954.85 Ko] - C:\WINDOWS\System32\Intel
[MD5.48893B9A91CC100FD2F0625600D6A044] - |A| - [18/05/2016 08:18:31] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [590.12 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe
[MD5.2AEB01E400F6625FDBDD577730EAFED6] - |A| - [30/11/2016 08:36:10] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [111.01 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\is-IS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [432.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE
[MD5.8AB601D55CE5C9FA6B8FE147F0616D76] - |A| - [01/11/2016 00:47:41] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll
[MD5.23AC7515B6D8A794BCC01B582F044078] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contra st-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28 Ko] - C:\WINDOWS\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [297 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\ky-KG
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |N| - [14/11/2018 00:05:24] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |N| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [33 Ko] - C:\WINDOWS\System32\lb-LU
[MD5.4F5120E44845A78D5920D2F0BDE0340F] - |N| - [12/04/2018 19:03:19] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [559.86 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [459.94 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [333 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [30096.04 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.AEA14D8302A7D16E6EA87D1902D9F583] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.1C4E46C22DFE90DCF00C0F150FB91C47] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll
[MD5.394999A1CC3EF884C72AAB98F4088BB1] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll
[MD5.363B091F6CEC26BD99F54CDCA58D338F] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.44 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll
[MD5.B7A93AD901C9A0DA7A339CA03B059701] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1387.8 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll
[MD5.E2B42DEEE7E422D34AF1B5224A7D549F] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll
[MD5.402BBD61ED52291022A8070738435EAC] - |A| - [01/11/2016 00:47:41] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll
[MD5.7EE6CB3F9F2E28A02C4CC9E85375A2D8] - |A| - [01/11/2016 00:47:41] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll
[MD5.7D9929F2D7FD04D7ED4F4C2843EC3256] - |A| - [01/11/2016 00:47:41] - (.Copyright Â© 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll
[MD5.6EA78E8C67580A74EB1E60A2ED90003A] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1291.66 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll
[MD5.4C6A4049A3BE4DFCE3D4A4980269FA5E] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll
[MD5.62E978D965EE25A5F3FFE2025B3E1A1C] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll
[MD5.7F02267308BEE7B0194B21212C0D31FF] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll
[MD5.BE79D07140F104938FBD4524745DDC23] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.8 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll
[MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |N| - [13/03/2019 16:20:56] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |N| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.D225B2044789A6059344503C1AE33347] - |N| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 18:35:30] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [4180.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [34.35 Ko] - C:\WINDOWS\System32\my-mm
[MD5.777FDA2DB87DE207DD3FFA2570A49EF0] - |A| - [01/11/2016 00:47:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll
[MD5.53A7F93BAEDFF5DF62E36C1EEC4B64A4] - |A| - [01/11/2016 00:47:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll
[MD5.CE45B194226CEA3E17BFE10E7CAC4A71] - |A| - [01/11/2016 00:47:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5641.3 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP
[MD5.B52FA68804EE31D5EAAB0C1E4508CA31] - |A| - [13/07/2019 15:35:20] - (.-.) - [32.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |N| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.842C5617FAB46F23FBDB581312743BF7] - |A| - [13/07/2019 15:36:56] - (.-.) - [8172.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.2C8BDEE2D6D5CC898EC6202AEB87AB77] - |A| - [09/10/2018 17:00:28] - (.-.) - [46.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.1C52C7C2E7DE4ADB265C35F8ACA40C01] - |A| - [01/11/2016 00:44:52] - (.-.) - [108.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll
[MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [13/07/2019 14:38:46] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [25970.33 Ko] - C:\WINDOWS\System32\oobe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |N| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\pa-IN
[MD5.874B0871DA3EC061D1BF30423C1E165B] - |N| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe
[MD5.5FEA7F1CC1047DEB3C2C2FB685E6F507] - |A| - [03/04/2016 14:39:57] - (.-.) - [152.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc005.dat
[MD5.D947BC1AC3802CA65BBBEE5CAF556F2D] - |A| - [13/07/2019 14:40:22] - (.-.) - [130.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.3078E2B9C413847E007E4D2C850CDB33] - |A| - [03/04/2016 14:47:02] - (.-.) - [169.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00E.dat
[MD5.EBE29F603BC16B8B5ECF3FE7BEF969C5] - |A| - [03/04/2016 14:33:17] - (.-.) - [159.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc015.dat
[MD5.AD4F9756147EF295FDA522DE30C80EE8] - |A| - [03/04/2016 14:39:57] - (.-.) - [37.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd005.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [13/07/2019 14:40:22] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.F11FC85B93C67E12873A011719582A12] - |A| - [03/04/2016 14:47:02] - (.-.) - [49.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00E.dat
[MD5.89AC0EC2EB702024F2BD0ADEB3C29F77] - |A| - [03/04/2016 14:33:17] - (.-.) - [40.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd015.dat
[MD5.63990CE2BC78A6BD5BC83DA38551187B] - |A| - [03/04/2016 14:39:57] - (.-.) - [740.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh005.dat
[MD5.7C7BFF9F305EB1E65D9F66591ED9380D] - |A| - [13/07/2019 14:40:22] - (.-.) - [684.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.F03718650A4589423B65E67BC60FDF3E] - |A| - [03/04/2016 14:47:02] - (.-.) - [750.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00E.dat
[MD5.732AF51D43513F6CEE4CB0F5F4CF337C] - |A| - [03/04/2016 14:33:17] - (.-.) - [806.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh015.dat
[MD5.AF174727B8B43A6E1A860C0283DC406F] - |A| - [03/04/2016 06:19:22] - (.-.) - [818.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |N| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:32:45] - [0 Ko] - C:\WINDOWS\System32\pl
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [420 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [681.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:58] - [553.03 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |N| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [422 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE
[MD5.2D92991EB0E274CD83325948F6B89FE1] - |A| - [01/11/2018 01:34:20] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [136.59 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.4509296FF3492F5C61BB89BE9146B00E] - |A| - [01/11/2018 01:34:20] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [442.75 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.A65ED44399FAD238441A02BE0E27DDA0] - |A| - [01/11/2018 01:34:22] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [88.16 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.2A4F2B66D4A76635ECB2B8208F8857D2] - |A| - [01/11/2018 01:34:22] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [153.76 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.EFF5A2202197716168A4CDD94B52CA2E] - |A| - [01/11/2018 01:33:20] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7010.31 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |N| - [04/06/2018 03:08:25] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1.04 Ko] - C:\WINDOWS\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png
[MD5.93915F385A4EED6C0FBEE364EA90CE56] - |N| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |N| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.C0021ECF4FE049EEFB694982DEB809A7] - |A| - [01/11/2016 00:38:54] - (.-.) - [16.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml
[MD5.EFB43DC16D08ED08DB57AE064B2CF0F5] - |A| - [01/11/2018 01:34:22] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [319.73 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.414178DD5C36154372C41270C9F7FDD1] - |A| - [01/11/2018 01:34:24] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [319.7 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.D7CFCE6811519582690065C21088E9A5] - |A| - [12/01/2018 14:38:43] - (.Copyright (C) 2014 - RtCRX.) - [82.5 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll
[MD5.A0051372ED692B6AF74A6C295F0B2090] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [215.33 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.3134AEDB269D300383B584535FEBD7B3] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [91.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.9A7DC7E4698686826FB94800A6885FAA] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [113.91 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.7D7CE0502AFBD4A78E3DB56B9CD5CD43] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [383.77 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.BA34CA469FE48B13922CD7A07A4A904A] - |N| - [10/10/2018 17:37:17] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |N| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |N| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.9F2DE145A7782ED71A0A333C387BBA2C] - |A| - [01/11/2018 01:34:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.38 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll
[MD5.596C7E2E91F51E151417C933093F35BF] - |A| - [01/11/2018 01:34:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.89 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll
[MD5.77C85B8B01CED5823AEC47EA0CD52CA8] - |A| - [01/11/2018 01:34:36] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.58 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll
[MD5.4DFDCBEACBCCB129BAF98B55D13AE021] - |A| - [01/11/2018 01:34:38] - (.Copyright (C) 2018 DTS, Inc. - DTS Universal APO DLL.) - [971.47 Ko] - (3.5.17.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.68400432B211A8358306F2AE8BB44590] - |A| - [01/11/2018 01:34:38] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Controller DLL.) - [3338 Ko] - (3.5.17.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:35:20] - [21619.11 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.A570B3CBC296E391966D48F3917C6EBD] - |A| - [01/11/2018 01:33:34] - (.TODO: (c) . - TODO: .) - [260.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.4C39B4DFAD8019747E00107555196EC6] - |A| - [01/11/2018 01:34:42] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Technology DLL.) - [3055.58 Ko] - (3.5.17.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |N| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [13633.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contra st-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png
[MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |N| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [7404.9 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [11725.15 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [30972.57 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [15037.59 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [23.61 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.FFFBBA8446BB4CBF7FD229559ABA5DAC] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.31 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll
[MD5.5BBAA111B0CDE56329E337FF0C7BEB4D] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.26 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll
[MD5.D95FF3E2B6ED9DA183C23D4EDEDBA46C] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.59 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |N| - [04/06/2018 03:08:49] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.4FD560E994EDF0353835F3F9F506A62C] - |N| - [11/07/2018 15:01:51] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A996DF0DC0B33854AFC77E4154BDCD8C] - |A| - [01/11/2018 01:34:46] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.61 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll
[MD5.91031FE0DB5F0D7457EB8CC67086E781] - |A| - [01/11/2018 01:34:46] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [213.26 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.BACE98530CE0DA6A59F4148D4D025DAC] - |A| - [01/11/2018 01:34:46] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [225.4 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.157ACEBB28937AF663D5F7DD5ED4869B] - |A| - [01/11/2018 01:34:46] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [528.54 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.87FC7BFD57579A4E5EC5E3EF646A7EA1] - |A| - [01/11/2018 01:34:46] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [170.95 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [26840 Ko] - C:\WINDOWS\System32\sru
[MD5.8A02EF186BDC952CA75EFA689EC4F275] - |N| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1401.26 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [922.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [44.73 Ko] - C:\WINDOWS\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk
[MD5.9CD66B93520B6DD13C71EAEF487D7899] - |N| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [583.4 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [485.64 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.AD6EA34C17105785BE012B0685835BD2] - |N| - [11/07/2019 09:58:51] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim
[MD5.D602CA245CC6774A0981B607F0675609] - |N| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\te-IN
[MD5.925C58370F8BEF4EF421DECBF85E18F3] - |A| - [01/11/2018 01:34:52] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [832.27 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tosasfapo64.dll
[MD5.7AA1EC2AB0876AE8B50E514D920F212F] - |A| - [01/11/2018 01:34:52] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.82 Ko] - (2.1.0.0) - C:\WINDOWS\System32\toseaeapo64.dll
[MD5.25CA550521D57BFEE2B5BDA83BF10A83] - |A| - [01/11/2018 01:34:52] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.39 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tossaeapo64.dll
[MD5.381D8CDEDD7C2D1ABF71A81B1C077B5A] - |A| - [01/11/2018 01:34:54] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [590.73 Ko] - (1.1.2.0) - C:\WINDOWS\System32\tossaemaxapo64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |N| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |N| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials. xslt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28 Ko] - C:\WINDOWS\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [2716.43 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK
[MD5.5B0D59652F66ABB715DC53C312B26BD0] - |N| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN
[MD5.5A94CE1EC9A4902D34F240589F59299A] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [955.38 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll
[MD5.5A94CE1EC9A4902D34F240589F59299A] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [955.38 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.E92E68E800F9F6DBB05A81000BE75152] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [261.91 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe
[MD5.E92E68E800F9F6DBB05A81000BE75152] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [261.91 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.BA53D0938424F152E8EE6D936240F9D3] - |A| - [01/11/2016 00:47:43] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [91149.7 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [105146.76 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |N| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |N| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dl l
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [9825.83 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [104056 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |N| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.DE198ABE13B6E663E60E006E17CF68B1] - |N| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\xh-ZA
[MD5.82C37C3E27020AF6C2E018E944284676] - |N| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |N| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |N| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |N| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN
[MD5.B8783941C7C420206B0E7F1DC28F27E4] - |A| - [01/11/2016 01:04:44] - (.-.) - [6.16 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\AsPowerCfg.log
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |N| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [7754.96 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.F07442443E1BC5FA31EDCCA0AE819DA9] - |A| - [01/11/2016 00:44:49] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log
[MD5.1E91815C329345AD54FE08BF7A98F749] - |N| - [12/04/2018 19:02:15] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.B4242227EAA6B910E3D0B985816DB2E7] - |N| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:46:29] - [0 Ko] - C:\WINDOWS\SysWOW64\hu
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.17F5D3282D520EB2EA7C488AA6C57438] - |N| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.A456E020684366A0DB0714ABFB1B5A2A] - |N| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: Unicode Terms of Use - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG
[MD5.9DDE110E76DD3D7FAA7282361069528E] - |N| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.C72942631ECEB8BF2765F7444FDEF0F2] - |A| - [30/11/2016 08:36:06] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.01 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.CB111DA8FAFCD06EE732D2EEA7E5932B] - |A| - [30/11/2016 08:36:14] - (.-.) - [138.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll
[MD5.C77D17FBD6CE8FC4357539AE3B8EAF66] - |A| - [30/11/2016 08:36:16] - (.-.) - [99.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
[MD5.48162AC548DE03DAC9556C22AF8FD3EC] - |A| - [30/11/2016 08:36:20] - (.-.) - [109.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [24626.88 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |N| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [678.8 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:32:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pl
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [553.21 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.5BBAA111B0CDE56329E337FF0C7BEB4D] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.26 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |N| - [04/06/2018 03:08:59] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.DC2DB04CA829CAD7910CE71263F68C90] - |N| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN
[MD5.A4B4C733F9EA7908371B6A3485A3E9F1] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [825.38 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
[MD5.A4B4C733F9EA7908371B6A3485A3E9F1] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [825.38 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.E58BD9E9234087D87826A69A746C7D8B] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [237.88 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
[MD5.E58BD9E9234087D87826A69A746C7D8B] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [237.88 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [15621.64 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |N| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dl l
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [8871.87 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN
[MD5.62236256C14EBAB96F24E4F1D7049CA8] - |N| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:32:50] - [0 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA

---------- | [denni]

[13/07/2019 14:50:54] - |RD| - [298] - C:\Users\denni\3D Objects
[13/07/2019 14:47:40] - |HD| - [1093359741] - C:\Users\denni\AppData
[13/07/2019 14:50:54] - |RD| - [412] - C:\Users\denni\Contacts
[13/07/2019 14:47:40] - |RD| - [26759521] - C:\Users\denni\Desktop
[13/07/2019 14:47:40] - |RD| - [402] - C:\Users\denni\Documents
[13/07/2019 14:47:40] - |RD| - [66729251] - C:\Users\denni\Downloads
[13/07/2019 14:47:40] - |RD| - [833] - C:\Users\denni\Favorites
[13/07/2019 14:50:52] - |SHD| - [25308] - C:\Users\denni\IntelGraphicsProfiles
[13/07/2019 14:47:40] - |RD| - [1981] - C:\Users\denni\Links
[13/07/2019 14:51:17] - |HD| - [2631339] - C:\Users\denni\MicrosoftEdgeBackups
[13/07/2019 14:47:40] - |RD| - [504] - C:\Users\denni\Music
[13/07/2019 14:47:40] - |AH| - [1835008] - C:\Users\denni\NTUSER.DAT
[13/07/2019 14:47:40] - |ASH| - [229376] - C:\Users\denni\ntuser.dat.LOG1
[13/07/2019 14:47:40] - |ASH| - [501760] - C:\Users\denni\ntuser.dat.LOG2
[13/07/2019 14:47:40] - |ASH| - [65536] - C:\Users\denni\NTUSER.DAT{6de8c59b-a57b-11e9-9a13-704d7bbb609a}.TM.blf
[13/07/2019 14:47:40] - |ASH| - [524288] - C:\Users\denni\NTUSER.DAT{6de8c59b-a57b-11e9-9a13-704d7bbb609a}.TMContainer00000000000000000001.regt rans-ms
[13/07/2019 14:47:40] - |ASH| - [524288] - C:\Users\denni\NTUSER.DAT{6de8c59b-a57b-11e9-9a13-704d7bbb609a}.TMContainer00000000000000000002.regt rans-ms
[13/07/2019 14:47:40] - |SH| - [20] - C:\Users\denni\ntuser.ini
[13/07/2019 14:55:06] - |RD| - [96] - C:\Users\denni\OneDrive
[13/07/2019 14:47:40] - |RD| - [884] - C:\Users\denni\Pictures
[13/07/2019 14:47:40] - |RD| - [282] - C:\Users\denni\Saved Games
[13/07/2019 14:50:54] - |RD| - [1872] - C:\Users\denni\Searches
[13/07/2019 14:47:40] - |RD| - [694] - C:\Users\denni\Videos
[13/07/2019 14:47:40] - |D| - [1089057556] - C:\Users\denni\AppData\Local
[13/07/2019 14:47:40] - |D| - [190898] - C:\Users\denni\AppData\LocalLow
[13/07/2019 14:47:40] - |D| - [4111287] - C:\Users\denni\AppData\Roaming
[13/07/2019 15:34:14] - |D| - [3765577] - C:\Users\denni\AppData\Local\CEF
[13/07/2019 15:08:14] - |D| - [18898948] - C:\Users\denni\AppData\Local\Comms
[13/07/2019 14:50:51] - |D| - [2046] - C:\Users\denni\AppData\Local\ConnectedDevicesPlatf orm
[13/07/2019 14:53:01] - |D| - [40] - C:\Users\denni\AppData\Local\Crashpad
[13/07/2019 15:19:00] - |D| - [137032] - C:\Users\denni\AppData\Local\D3DSCache
[13/07/2019 14:53:51] - |D| - [700148645] - C:\Users\denni\AppData\Local\Google
[13/07/2019 16:29:02] - |AH| - [127730] - C:\Users\denni\AppData\Local\IconCache.db
[31/07/2019 09:03:00] - |D| - [776360] - C:\Users\denni\AppData\Local\mbam
[31/07/2019 09:02:42] - |D| - [235676] - C:\Users\denni\AppData\Local\mbamtray
[13/07/2019 14:47:40] - |D| - [92448998] - C:\Users\denni\AppData\Local\Microsoft
[13/07/2019 14:51:08] - |D| - [70882] - C:\Users\denni\AppData\Local\MicrosoftEdge
[13/07/2019 14:52:23] - |D| - [132002704] - C:\Users\denni\AppData\Local\NVIDIA
[13/07/2019 14:50:53] - |D| - [94224210] - C:\Users\denni\AppData\Local\Packages
[13/07/2019 14:52:33] - |D| - [0] - C:\Users\denni\AppData\Local\PlaceholderTileLogoFo lder
[13/07/2019 15:09:53] - |D| - [0] - C:\Users\denni\AppData\Local\Programs
[13/07/2019 14:51:04] - |D| - [0] - C:\Users\denni\AppData\Local\Publishers
[13/07/2019 15:34:12] - |D| - [35190000] - C:\Users\denni\AppData\Local\Steam
[13/07/2019 14:47:40] - |D| - [11028708] - C:\Users\denni\AppData\Local\Temp
[13/07/2019 14:50:53] - |D| - [0] - C:\Users\denni\AppData\Local\VirtualStore
[13/07/2019 14:47:58] - |SD| - [190898] - C:\Users\denni\AppData\LocalLow\Microsoft
[13/07/2019 14:50:53] - |D| - [0] - C:\Users\denni\AppData\Roaming\Adobe
[13/07/2019 14:55:09] - |D| - [0] - C:\Users\denni\AppData\Roaming\Google
[13/07/2019 14:56:27] - |D| - [735] - C:\Users\denni\AppData\Roaming\Macromedia
[13/07/2019 14:47:40] - |SD| - [4110034] - C:\Users\denni\AppData\Roaming\Microsoft
[13/07/2019 14:52:16] - |A| - [184] - C:\Users\denni\AppData\Roaming\sp_data.sys
[13/07/2019 14:53:07] - |D| - [48] - C:\Users\denni\AppData\Roaming\WebStorage
[13/07/2019 15:13:35] - |D| - [286] - C:\Users\denni\AppData\Roaming\WildTangent
[13/07/2019 14:50:54] - |SH| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\desktop.ini
[13/07/2019 14:47:40] - |RD| - [20714] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs
[13/07/2019 14:47:40] - |RD| - [3888] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessibility
[13/07/2019 14:47:40] - |RD| - [2927] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories
[13/07/2019 14:50:54] - |RD| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools
[13/07/2019 14:47:40] - |SH| - [264] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\desktop.ini
[13/07/2019 14:47:40] - |D| - [170] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance
[13/07/2019 14:50:54] - |RD| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
[13/07/2019 14:47:40] - |RD| - [3496] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\System Tools
[22/07/2019 18:43:21] - |A| - [1867] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\uTorrent Web.lnk
[13/07/2019 14:47:40] - |RD| - [7754] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Windows PowerShell
[13/07/2019 14:50:54] - |SH| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini

---------- | [Public]

[01/11/2016 00:33:55] - |RHD| - [196] - C:\Users\Public\AccountPictures
[30/10/2015 09:24:24] - |RHD| - [5578] - C:\Users\Public\Desktop
[13/07/2019 14:38:44] - |ASH| - [174] - C:\Users\Public\desktop.ini
[30/10/2015 09:24:24] - |RD| - [278] - C:\Users\Public\Documents
[30/10/2015 09:24:24] - |RD| - [174] - C:\Users\Public\Downloads
[13/07/2019 14:38:42] - |RHD| - [1135] - C:\Users\Public\Libraries
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Music
[13/07/2019 15:20:14] - |A| - [8192] - C:\Users\Public\NTUSER.DAT
[13/07/2019 15:20:14] - |ASH| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1
[13/07/2019 15:20:14] - |ASH| - [0] - C:\Users\Public\NTUSER.DAT.LOG2
[13/07/2019 15:20:14] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{5823dac9-a574-11e9-9a15-f0038c07fc30}.TM.blf
[13/07/2019 15:20:14] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5823dac9-a574-11e9-9a15-f0038c07fc30}.TMContainer00000000000000000001.regt rans-ms
[13/07/2019 15:20:14] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5823dac9-a574-11e9-9a15-f0038c07fc30}.TMContainer00000000000000000002.regt rans-ms
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Pictures
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[13/07/2019 14:56:14] - |D| - [0] - C:\ProgramData\ASUS
[13/07/2019 14:52:15] - |D| - [3036] - C:\ProgramData\ASUS Smart Gesture
[03/04/2016 06:33:44] - |D| - [4065] - C:\ProgramData\ASUS WebStorage
[30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms
[13/07/2019 15:36:26] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[01/11/2016 00:39:10] - |D| - [47443549] - C:\ProgramData\Intel
[03/04/2016 06:35:36] - |D| - [28501] - C:\ProgramData\Kingsoft
[01/11/2016 00:58:57] - |D| - [176] - C:\ProgramData\McAfee
[13/07/2019 14:38:42] - |SD| - [646660086] - C:\ProgramData\Microsoft
[01/11/2016 00:34:08] - |D| - [25] - C:\ProgramData\Microsoft OneDrive
[13/07/2019 15:36:45] - |D| - [72204] - C:\ProgramData\NVIDIA
[01/11/2016 00:43:51] - |D| - [4277014] - C:\ProgramData\NVIDIA Corporation
[03/04/2016 06:33:59] - |D| - [17729160] - C:\ProgramData\Package Cache
[13/07/2019 15:07:17] - |D| - [73728] - C:\ProgramData\Packages
[13/07/2019 14:38:42] - |D| - [999] - C:\ProgramData\regid.1991-06.com.microsoft
[13/07/2019 14:38:42] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[13/07/2019 14:52:16] - |D| - [2] - C:\ProgramData\USBChargerPlus
[13/07/2019 14:38:42] - |D| - [19802] - C:\ProgramData\USOPrivate
[13/07/2019 15:37:48] - |D| - [798720] - C:\ProgramData\USOShared
[03/04/2016 06:33:44] - |D| - [4065] - C:\ProgramData\WebStorage
[03/04/2016 06:34:43] - |D| - [29759] - C:\ProgramData\WildTangent
[13/07/2019 14:38:42] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[13/07/2019 14:38:44] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2019 14:38:42] - |RD| - [76584] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[13/07/2019 14:38:42] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[13/07/2019 14:38:42] - |RD| - [13071] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2019 14:38:42] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[03/04/2016 06:33:45] - |D| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[13/07/2019 16:13:53] - |D| - [4217] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
[13/07/2019 14:38:44] - |SH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[03/04/2016 06:34:50] - |RD| - [95] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[13/07/2019 14:54:16] - |A| - [2315] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[01/11/2016 00:58:44] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
[12/04/2018 01:35:21] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[01/11/2016 00:38:14] - |A| - [724] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
[13/07/2019 14:38:42] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/11/2016 00:44:52] - |D| - [1470] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[13/07/2019 15:36:28] - |D| - [2041] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[13/07/2019 14:38:42] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[13/07/2019 15:33:09] - |D| - [1110] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[13/07/2019 14:38:42] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[30/10/2015 20:19:04] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[13/07/2019 15:43:01] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[03/04/2016 06:35:42] - |D| - [11823] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[13/07/2019 14:38:44] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[01/08/2019 14:00:26] - |D| - [670] - C:\Program Files (x86)\Adware Removal Tool by TSA
[03/04/2016 06:33:28] - |D| - [115319531] - C:\Program Files (x86)\ASUS
[13/07/2019 16:13:10] - |D| - [99694183] - C:\Program Files (x86)\Bloody6
[13/07/2019 14:38:42] - |D| - [103177891] - C:\Program Files (x86)\Common Files
[13/07/2019 14:38:44] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[13/07/2019 14:53:54] - |D| - [481021973] - C:\Program Files (x86)\Google
[01/11/2016 00:58:43] - |D| - [7536023] - C:\Program Files (x86)\ICEpower
[01/11/2016 00:47:40] - |HD| - [123271158] - C:\Program Files (x86)\InstallShield Installation Information
[13/07/2019 15:36:19] - |D| - [37767097] - C:\Program Files (x86)\Intel
[13/07/2019 14:38:42] - |D| - [1996955] - C:\Program Files (x86)\Internet Explorer
[03/04/2016 06:35:09] - |D| - [414779362] - C:\Program Files (x86)\Kingsoft
[03/04/2016 06:35:38] - |D| - [0] - C:\Program Files (x86)\Microsoft Office
[13/07/2019 14:38:42] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[13/07/2019 14:42:19] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[13/07/2019 15:36:44] - |D| - [222402390] - C:\Program Files (x86)\NVIDIA Corporation
[01/11/2016 00:48:53] - |D| - [7938801] - C:\Program Files (x86)\Qualcomm Atheros
[01/11/2016 00:47:40] - |D| - [164207892] - C:\Program Files (x86)\Realtek
[13/07/2019 14:42:19] - |D| - [36970241] - C:\Program Files (x86)\Reference Assemblies
[13/07/2019 15:33:08] - |D| - [24718044744] - C:\Program Files (x86)\Steam
[01/11/2016 00:47:40] - |HD| - [0] - C:\Program Files (x86)\Temp
[13/07/2019 15:36:44] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[13/07/2019 14:38:42] - |D| - [1774200] - C:\Program Files (x86)\Windows Defender
[13/07/2019 14:38:42] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[13/07/2019 14:42:19] - |D| - [3250631] - C:\Program Files (x86)\Windows Media Player
[13/07/2019 14:38:42] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform
[13/07/2019 14:38:42] - |D| - [7441752] - C:\Program Files (x86)\windows nt
[13/07/2019 14:38:42] - |D| - [5366024] - C:\Program Files (x86)\Windows Photo Viewer
[13/07/2019 14:38:42] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices
[13/07/2019 14:38:42] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[13/07/2019 14:38:42] - |D| - [2238461] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[01/11/2016 00:58:07] - |D| - [63664241] - C:\Program Files\AVAST Software
[13/07/2019 14:38:42] - |D| - [47591858] - C:\Program Files\Common Files
[13/07/2019 14:38:43] - |ASH| - [174] - C:\Program Files\desktop.ini
[01/11/2016 00:55:38] - |D| - [1049584] - C:\Program Files\DIFX
[13/07/2019 15:36:12] - |D| - [62774267] - C:\Program Files\Intel
[13/07/2019 14:38:42] - |D| - [2628774] - C:\Program Files\internet explorer
[01/11/2016 01:05:08] - |D| - [0] - C:\Program Files\Microsoft Office
[13/07/2019 14:42:19] - |D| - [25757] - C:\Program Files\MSBuild
[13/07/2019 15:36:37] - |D| - [713109136] - C:\Program Files\NVIDIA Corporation
[13/07/2019 15:36:20] - |D| - [57155832] - C:\Program Files\Realtek
[13/07/2019 14:42:19] - |D| - [34633385] - C:\Program Files\Reference Assemblies
[13/07/2019 18:34:43] - |D| - [10917521] - C:\Program Files\rempl
[03/04/2016 06:20:51] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/07/2019 03:07:34] - |D| - [14879312] - C:\Program Files\UNP
[13/07/2019 14:38:42] - |D| - [19266227] - C:\Program Files\Windows Defender
[30/10/2015 20:19:04] - |D| - [0] - C:\Program Files\Windows Journal
[13/07/2019 14:38:42] - |D| - [635392] - C:\Program Files\Windows Mail
[13/07/2019 14:42:19] - |D| - [4774891] - C:\Program Files\Windows Media Player
[13/07/2019 14:38:42] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform
[13/07/2019 14:38:42] - |D| - [7708504] - C:\Program Files\windows nt
[13/07/2019 14:38:42] - |D| - [6166280] - C:\Program Files\Windows Photo Viewer
[13/07/2019 14:38:42] - |D| - [46576] - C:\Program Files\Windows Portable Devices
[13/07/2019 14:38:42] - |D| - [106165] - C:\Program Files\Windows Security
[13/07/2019 14:38:42] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[13/07/2019 14:38:42] - |HD| - [3309020459] - C:\Program Files\WindowsApps
[13/07/2019 14:38:42] - |D| - [2656572] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[01/11/2016 00:50:19] - |D| - [14352] - C:\Program Files (x86)\Common Files\Atheros
[13/07/2019 15:36:11] - |D| - [75340981] - C:\Program Files (x86)\Common Files\Intel
[13/07/2019 14:38:42] - |D| - [13970041] - C:\Program Files (x86)\Common Files\microsoft shared
[01/11/2016 00:39:12] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent
[01/11/2016 00:48:51] - |D| - [55056] - C:\Program Files (x86)\Common Files\Qualcomm Atheros
[13/07/2019 14:38:42] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[13/07/2019 15:33:09] - |D| - [4079680] - C:\Program Files (x86)\Common Files\Steam
[13/07/2019 14:38:42] - |D| - [9510283] - C:\Program Files (x86)\Common Files\system

---------- | C:\Program Files\Common files

[13/07/2019 14:38:42] - |D| - [37161794] - C:\Program Files\Common files\microsoft shared
[01/11/2016 00:50:20] - |D| - [202327] - C:\Program Files\Common files\QCA_Bluetooth
[13/07/2019 14:38:42] - |D| - [2702] - C:\Program Files\Common files\Services
[13/07/2019 14:38:42] - |D| - [10225035] - C:\Program Files\Common files\system

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [13/07/2019 15:45:43] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.1CFA418A51BE926C89E2BE4AA048EB29] - [03/04/2016 06:35:41] - |A| - [424] - C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
[MD5.E39393788501A3E8E362A6A0FE224B99] - [03/04/2016 06:35:40] - |A| - [424] - C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
[MD5.00000000000000000000000000000000] - [13/07/2019 15:45:43] - |D| - [2468] - C:\WINDOWS\System32\Tasks\ASUS
[MD5.88BF4D72E48A5C7C3260EB6A5C56AEBB] - [13/07/2019 15:45:43] - |A| - [2862] - C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher : C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
[MD5.D5B85D0930BE440F5775D99A81316085] - [13/07/2019 15:45:43] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON : C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
[MD5.00000000000000000000000000000000] - [13/07/2019 14:53:40] - |D| - [0] - C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
[MD5.AEDC8E22D7F58845F9132CC2B36C1E1A] - [13/07/2019 15:45:43] - |A| - [2924] - C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3 : “C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe”
[MD5.A4C90D430197DE626B28A0D0B60C8981] - [13/07/2019 15:45:43] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ATK Package A22126881260 : “C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe”
[MD5.9488250E54C8C6CB42BC7E650A9E6942] - [13/07/2019 14:53:55] - |A| - [3332] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.3A84BB710C20E9041FF9E92319665F37] - [13/07/2019 14:53:55] - |A| - [3456] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2019 15:45:43] - |D| - [0] - C:\WINDOWS\System32\Tasks\McAfee
[MD5.00000000000000000000000000000000] - [13/07/2019 14:38:42] - |D| - [567294] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.C4DEFE179456697578CC4A86444DE4F5] - [13/07/2019 15:45:43] - |A| - [2346] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice : “C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe”
[MD5.DA27E11EE2F7EC8285002AF3E18F42A1] - [13/07/2019 15:45:43] - |A| - [2280] - C:\WINDOWS\System32\Tasks\RTKCPL : “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe”
[MD5.EB39FB5E4874764990E62CAFC34E5E55] - [13/07/2019 15:45:43] - |A| - [3004] - C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administra tor : C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
[MD5.10A50D9A2F3F04472648B0383AE2112F] - [13/07/2019 15:45:43] - |A| - [3004] - C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administra tor : C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“WiFiDirect-KM-Driver-In-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-Out-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-In-UDP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“WiFiDirect-KM-Driver-Out-UDP”=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protoc ol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
“DeliveryOptimization-TCP-In”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol =6|LPort=7680|App=%SystemRoot%\system32\svchost.ex e|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“DeliveryOptimization-UDP-In”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol =17|LPort=7680|App=%SystemRoot%\system32\svchost.e xe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll ,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
“Netlogon-NamedPipe-In”=v2.28|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“Netlogon-TCP-RPC-In”=v2.28|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe| Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
“WirelessDisplay-In-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|App=%systemroot%\system32\WUDFHost.exe|Name=@w ifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD

A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
“WirelessDisplay-Infra-In-TCP”=v2.28|Action=Allow|Active=TRUE|Dir=In|Protoco l=6|LPort=7250|App=%systemroot%\system32\CastSrv.e xe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
“{F9E5BF9D-6A2B-4E5F-84A5-F778F173BE6D}”=v2.25|Action=Allow|Active=TRUE|Dir= Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-219842481-2801163338-4081607194-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2: 6:2|Platform2=GTEQ|
“{C9F25067-49C5-44B5-9BC9-1924A707FE5A}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2: 6:2|Platform2=GTEQ|
“{D31D12E4-E260-4CA9-8CE6-C739FD01250B}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn= S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6: 2|Platform2=GTEQ|
“{6969CBD7-FAE7-490B-94C6-A41D44E20D69}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6: 2|Platform2=GTEQ|Edge=TRUE|
“{EE0BC692-1C94-4690-9EAD-014CE321418E}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
“{ADCFD631-3E1D-4750-B33E-8EEDB5B8D0DC}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ|
“{6ECF1B94-8522-4904-8FFF-89594F5D0B3A}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Candy Crush Friends|Desc=Candy Crush Friends|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2434645666-2532177092-3042203602-619713399-428220933-2149260498-1813168567|EmbedCtxt=Candy Crush Friends|Platform=2:6:2|Platform2=GTEQ|
“{2E114F06-D829-49E0-8D45-FE1F3013EF5F}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=MyASUS-Service Center|Desc=MyASUS-Service Center|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-545957056-798866350-1522785379-2444689802-67236901-3270837419-2293412403|EmbedCtxt=MyASUS-Service Center|Platform=2:6:2|Platform2=GTEQ|
“{B91E65E2-1B85-44A1-BF96-00C0EDC70CA9}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
“{98351FBF-238D-4902-91C7-D1119253FA5A}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
“{1F0C1C5E-84BC-4443-B31A-76D9B3CA160D}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
“{6A83DF8A-AED1-4DE0-BB12-8D9DC9E7716F}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
“{F51FFA6B-9BE7-4061-9C40-527FA37DE721}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
“{1C0C75EC-1556-447D-8DD8-3AC2F32042A8}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ|
“{A7CD97CE-1DAB-428C-AB66-479FF2F6618E}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platfo rm2=GTEQ|
“{D7F498F6-86E8-420C-ACB3-B7A843BEAF8B}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platfo rm2=GTEQ|Edge=TRUE|
“{15901265-ED1B-4FEC-BB5D-33AB0415B924}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=TripAdvisor Hotels Flights Restaurants|Desc=TripAdvisor Hotels Flights Restaurants|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3043548224-2235967549-1382791125-3168413616-1702302935-4247438294-2497735402|EmbedCtxt=TripAdvisor Hotels Flights Restaurants|Platform=2:6:2|Platform2=GTEQ|
“{D4D5E900-3F0C-44B9-89B2-4BEA1EC34F56}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Candy Crush Saga|Desc=Candy Crush Saga|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2599857031-3789198952-3515498744-3120614410-3826243417-3816649221-455961092|EmbedCtxt=Candy Crush Saga|Platform=2:6:2|Platform2=GTEQ|
“{6F4B626F-F837-4758-B96C-47E766C558ED}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome (mDNS-In)|Desc=Pravidlo pre prichádzajúce prenosy pre prehliadač Google Chrome, ktoré povoľuje prenos dát mDNS.|EmbedCtxt=Google Chrome|
“{1790C8F9-6C0F-4CA0-99EE-B4F8FA38C071}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=@{king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqv nymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Desc=@{king.com.BubbleWitch3Saga_5.8.4.0_ x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2480992608-1527340332-3131305588-448447103-1026586663-3117074242-2125591980|EmbedCtxt=@{king.com.BubbleWitch3Saga_5 .8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
“{C1F16B6A-23D5-4339-AB15-20139A142ECA}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platfo rm2=GTEQ|
“{09D9EA35-A94B-433D-8E9A-7AF71B58FC29}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=OneNote|Des c=OneNote|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platfo rm2=GTEQ|
“{24581E2C-7DB7-4DD5-B204-82822979F399}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
“{B3FC647E-429A-4D05-B6C8-EC8B648EF921}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
“{61E7EA99-DEC8-49D0-88E0-D28B82381271}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=@{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j 1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_3.0.0.0_x64__ a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_3.0.0.0 _x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|
“{75970A91-3A16-440F-BF3B-083886ED7000}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Profile=Domain|Profile=Private|Profile=Public|N ame=@{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1 jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_3.0.0.0_x64__ a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_3.0.0.0 _x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
“{4845CC40-1506-42EA-82B9-D2BC24EE9A66}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ|
“{9A0D96FC-A65D-481F-9869-84ABAF77B7FF}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=6|LPort2_10=4371-4379|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{BC331252-4B94-40A5-913D-99920B0BD3A7}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=6|LPort2_10=4381-4389|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{79E193FA-8BF7-4B63-B4E7-EFE4C9D77C12}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=6|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{C76D90D7-0F84-494D-B4C1-F2CA97066EA7}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{F1BB3FA9-E3FB-41CB-BA24-7E47AB045767}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=57621|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{07D1CC60-28D2-4081-8C28-38FF8A6B0CBC}”=v2.28|Action=Allow|Active=TRUE|Dir= In|Protocol=6|LPort2_10=57621-57631|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{423C5176-8E9D-4E16-ABF7-F098BF187F7C}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Protocol=6|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{EE9AE504-1D88-442B-A153-F6DDDEC2BA08}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Protocol=17|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449 .0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
“{C4294457-6291-4EFF-B582-CD3F3583A091}”=v2.28|Action=Allow|Active=TRUE|Dir= Out|Profile=Domain|Profile=Private|Profile=Public| Name=Spotify Music|Desc=Spotify Music|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-557819504-3144503769-3460048582-2468406004-2969798954-3397036932-4166026031|EmbedCtxt=Spotify Music|Platform=2:6:2|Platform2=GTEQ|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{05f5cf e2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) → @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{13e42d fa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) → @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{14b62f 50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) → @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{1ed2bb f9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) → @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class{24A0C8 40-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25dbce 51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{268c95 a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) → @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2a9fe5 32-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) → @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class{2db153 74-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) → @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B648}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3163C5 66-D381-4467-87BC-A65A18D5B649}] : (fvevol) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36fc9e 60-c465-11cf-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3e3f06 74-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) → @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{3f966b d9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) → @oem58.inf,%ClassName%;Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675d 81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) → @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658ee 7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) → @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721b 56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48d3eb c4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) → @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49ce6a c8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 65-e325-11ce-bfc1-08002be10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 66-e325-11ce-bfc1-08002be10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 67-e325-11ce-bfc1-08002be10318}] : (DiskDrive) → @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 68-e325-11ce-bfc1-08002be10318}] : (Display) → @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 69-e325-11ce-bfc1-08002be10318}] : (FDC) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6a-e325-11ce-bfc1-08002be10318}] : (HDC) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6b-e325-11ce-bfc1-08002be10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6c-e325-11ce-bfc1-08002be10318}] : (MEDIA) → @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6d-e325-11ce-bfc1-08002be10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6e-e325-11ce-bfc1-08002be10318}] : (Monitor) → @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 6f-e325-11ce-bfc1-08002be10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 70-e325-11ce-bfc1-08002be10318}] : (MTD) → @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 71-e325-11ce-bfc1-08002be10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 72-e325-11ce-bfc1-08002be10318}] : (Net) → @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 73-e325-11ce-bfc1-08002be10318}] : (NetClient) → @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 74-e325-11ce-bfc1-08002be10318}] : (NetService) → @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 75-e325-11ce-bfc1-08002be10318}] : (NetTrans) → @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 77-e325-11ce-bfc1-08002be10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 78-e325-11ce-bfc1-08002be10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 79-e325-11ce-bfc1-08002be10318}] : (Printer) → @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7d-e325-11ce-bfc1-08002be10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 7e-e325-11ce-bfc1-08002be10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4d36e9 80-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4fc954 1c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) → @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127d c3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) → @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class{502EB6 8B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906c b8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4a-f6b9-4057-a056-8c550228544c}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50dd52 30-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) → @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175d3 34-c371-4806-b3ba-71fd53c9258d}] : (Sensor) → @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533c5b 84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53487c 23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) → @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53966c b1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) → @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53b3cf 03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) → @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53ccb1 49-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) → @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53d29e f7-377c-4d14-864b-eb3a85769359}] : (Biometric) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{563083 1c-06c9-4856-b327-f5d32586e060}] : (Proximity) → @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5989fc e8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) → @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5aea00 1d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) → @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5c4c33 32-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) → @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5d1b9a aa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) → @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{62f9c7 41-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) → @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{645ad9 9b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) → @PerceptionSimulationSixDof.inf,%ClassName%;Percep tion Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6a0a8e 78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) → @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c1-810f-11d0-bec7-08002be2092f}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c5-810f-11d0-bec7-08002be2092f}] : (Infrared) → @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6bdd1f c6-810f-11d0-bec7-08002be2092f}] : (Image) → @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6d8078 84-7d21-11cf-801c-08002be10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71a27c dd-812a-11d0-bec7-08002be2092f}] : (Volume) → @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71aa14 f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) → @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631e 54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) → @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745a17 a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) → @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{772e18 f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) → @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7ebefb c0-3200-11d2-b4c2-00a0c9697d07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{81C874 65-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8503c9 11-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) → @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{87ef9a d1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) → @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88a1c3 42-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) → @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{88bae0 32-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) → @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class{89786f f1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) → @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ecc05 5d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990a2b d7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) → @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class{9da2b8 0f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) → @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a588 a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{a0a701 c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) → @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A73C93 F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b1d1a1 69-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) → @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b2728d 24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) → @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{b86dff 51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) → @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{bbbe87 34-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) → @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c06ff2 65-ae09-48f0-812c-16753d7cba83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c16652 3c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) → @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c243ff bd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) → @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c3077f cd-9c3c-482f-9317-460712f23efd}] : (DPTF) → @oem78.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c30ece a0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{c7bc9b 22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) → @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ca3e7a b9-b4c3-4ae6-8251-579ef933890f}] : (Camera) → @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class{cdcf09 39-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) → @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{ce5939 ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d02bc3 da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) → @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d421b0 8e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) → @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d48179 be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d54650 0a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) → @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61255 3d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) → @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d61ca3 65-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) → @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class{d94ee5 d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{db4f6d dd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) → @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e0cbf0 6c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e2f84c e7-8efa-411c-aa69-97454ca4cb57}] : (Extension) → @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e55fa6 f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) → @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{e6f1aa 1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) → @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class{eec5ad 98-8080-425f-922a-dabf3de3f69a}] : (WPD) → @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f2e7dd 72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) → @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f3586b af-b5aa-49b5-8d6c-0569284c639f}] : (Compression) → @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f75a86 c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) → @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{f8ecaf a6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) → @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class{fe8f15 72-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) → @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[08/05/2015 12:07:06] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
[09/10/2018 17:00:28] - (25.21.14.1616) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 416.16) - C:\WINDOWS\System32\DriverStore\FileRepository\nva mi.inf_amd64_24fa95e729ecaade\nvlddmkm.sys
[12/01/2018 14:38:55] - (12.0.0.312) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys
[12/01/2018 14:38:02] - (1.0.0.7) - (ASUS - HID minidriver for ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsRadioControl.sys
[09/10/2018 17:00:28] - (4.8.3.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys
[12/01/2018 14:38:44] - (10.0.15063.31236) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys
[12/01/2018 14:39:14] - (10.0.0.312) - (Qualcomm - Qualcomm BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys
[08/05/2015 12:49:58] - (1.0.9.1) - (ASUS - Memory mapping Driver) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () → System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) → System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) → System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () → System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () → System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () → System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () → System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport’s Miniport Driver) → System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) → System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) → System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) → System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () → System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) → System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) → System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) → System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) → System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) → System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () → System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA (@oem1.inf,%iaStorA.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) → System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) → System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) → System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () → System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) → System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) → system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () → System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () → System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () → System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () → System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () → System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () → System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () → System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () → System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () → System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () → System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () → System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () → System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () → System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) → System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () → System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () → System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) → system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () → System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () → System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) → system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) → System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) → System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) → system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () → System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () → System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) → System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () → System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsof t Standard SATA AHCI Driver) → System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) → System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) → System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) → System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () → System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) → System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) → System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) → System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) → System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) → System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () → System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) → System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) → system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) → system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) → System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) → system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy .SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) → System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) → \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) → system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) → ??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) → system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () → \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () → \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) → \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) → system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) → \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) → system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) → System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) → \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) → system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) → \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) → System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) → System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - ASMMAP64 (ASMMAP64) → ??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) → system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) → system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) → \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) → system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) → system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) → system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) → system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) → system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) → System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) → \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{30E935B2-0DAC-455E-AC76-3C8504DC3D18}] : (Intel(R) Serial IO.-.Intel Corporation) → MsiExec.exe /I{30E935B2-0DAC-455E-AC76-3C8504DC3D18}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{3241744A-BA36-41F0-B4AA-EF3946D00632}] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{3DF3AC42-174D-4915-9ED2-448AD4338B83}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) → MsiExec.exe /I{3DF3AC42-174D-4915-9ED2-448AD4338B83}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{62260D0F-633D-4B77-B394-BB57DF7223D9}] : (Intel(R) Management Engine Components.-.Intel Corporation) → MsiExec.exe /I{62260D0F-633D-4B77-B394-BB57DF7223D9}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) → MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{8E2CA9DC-9975-468F-90CF-C740109DD2B8}] : (Intel(R) Chipset Device Software.-.Intel Corporation) → MsiExec.exe /I{8E2CA9DC-9975-468F-90CF-C740109DD2B8}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Ovládací panel NVIDIA 416.16.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.8.1.21.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 2.8.1.21.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.8.1.21.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.31.-.NVIDIA Corporation) →
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{EA30CEC3-9CC5-4C80-AE8E-209A6F894961}] : (Intel(R) Management Engine Components.-.Intel Corporation) → MsiExec.exe /I{EA30CEC3-9CC5-4C80-AE8E-209A6F894961}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\AddressBook] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE40] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\IEData] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall\WIC] : (.-.) →
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{0969AF05-4FF6-4C00-9406-43599238DE0D}] : (ASUS Splendid Video Enhancement Technology.-.ASUS) → MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4B230374-6475-4A73-BA6E-41015E9C5013}] : (Intel® Security Assist.-.Intel Corporation) → MsiExec.exe /I{4B230374-6475-4A73-BA6E-41015E9C5013}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{4D3286A6-F6AB-498A-82A4-E4F040529F3D}] : (ASUS Smart Gesture.-.ASUS) → MsiExec.exe /I{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) → MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (.-.) →
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8D6B05E0-F457-408C-9D13-549334D8FAE1}] : (Device Setup.-.ASUSTek Computer Inc.) → MsiExec.exe /I{8D6B05E0-F457-408C-9D13-549334D8FAE1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{8F21291E-0444-4B1D-B9F9-4370A73E346D}] : (WinFlash.-.ASUS) → MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{9C4B0706-9F9A-47BF-B417-0A111FC52B04}] : (ASUS Device Activation.-.ASUSTeK COMPUTER INC.) → MsiExec.exe /X{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\Curren tVersion\Uninstall{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}] : (ATK Package.-.ASUS) → MsiExec.exe /X{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\0E50B6D8754FC804D931453943 8DAF1E] : Device Setup → C:\windows\Installer{8D6B05E0-F457-408C-9D13-549334D8FAE1}_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\24CA3FD3D4715194E92D44A84D 33B838] : Intel(R) ME UninstallLegacy
[HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E6 22453D] : AudioWizard → C:\Windows\Installer{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2B539E03CAD0E554CA67C35840 CDD381] : Intel(R) Serial IO
[HKCR\Installer\Products\343E48D7D32AC1541B3210592B 9D306A] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\3CEC03AE5CC908C4EAE802A9F6 989416] : Intel(R) Management Engine Components
[HKCR\Installer\Products\473032B4574637A4ABE61410E5 C90531] : Intel® Security Assist → C:\Windows\Installer{4B230374-6475-4A73-BA6E-41015E9C5013}\isa.ico
[HKCR\Installer\Products\4B8898265AF36AE4AB3AAD46F0 7681DB] : → C:\Windows\Installer{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\50FA96906FF400C44960349529 83EDD0] : ASUS Splendid Video Enhancement Technology → C:\Windows\Installer{0969AF05-4FF6-4C00-9406-43599238DE0D}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\6070B4C9A9F9FB744B71A011F1 5CB240] : ASUS Device Activation → C:\WINDOWS\Installer{9C4B0706-9F9A-47BF-B417-0A111FC52B04}\MyIcon
[HKCR\Installer\Products\6A6823D4BA6FA894284A4E0F04 25F9D3] : ASUS Smart Gesture → C:\Windows\Installer{4D3286A6-F6AB-498A-82A4-E4F040529F3D}_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\75B373813CF4A1B4593B7A5ECD 5A777F] : Qualcomm Atheros Setup → C:\Windows\Installer{18373B57-4FC3-4B1A-95B3-A7E5DCA577F7}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\76E045AFC590B1A479ABD445D7 CEA94F] : ASUS Live Update → C:\WINDOWS\Installer{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\A86BF41F88196304DAD00D45CB C92919] : Update for Windows 10 for x64-based Systems (KB4023057)
[HKCR\Installer\Products\CD9AC2E85799F86409FC7C0401 D92D8B] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\E19212F84440D1B49B9F34077A E343D6] : WinFlash → C:\Windows\Installer{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon
[HKCR\Installer\Products\E339C5BAD7C503D43B41C9384A B949EB] : ATK Package → C:\Windows\Installer{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\F0D06226D33677B43B49BB75FD 27329D] : Intel(R) Management Engine Components

---------- | Drives

---------- | MBR

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation
[HEADING=1]Context:
Current State: DoSnapshotSet[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Názov chybujúcej aplikácie: AUDIODG.EXE, verzia: 10.0.17134.829, časová značka: 0x9ed7383d
Názov chybujúceho modulu: ICEsoundAPO64.dll, verzia: 1.0.0.39, časová značka: 0x5bd6e5e4
Kód výnimky: 0xc0000005
Odstup chyby: 0x000000000003cda7
Identifikácia chybujúceho procesu: 0x1df8
Čas spustenia chybujúcej aplikácie: 0x01d5448ae9960942
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\AUDIODG.EXE
Cesta chybujúceho modulu: C:\WINDOWS\system32\ICEsoundAPO64.dll
Identifikácia hlásenia: 76fd7589-054a-49ba-8b63-9a8799a8f934
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
[HEADING=1]Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.[/HEADING]
----------( EOF)---------- - 3574 | 14:29:47

**depor99** · 08-01-2019, 12:43 PM

Originally posted by Malnutrition

I’d replace Adblock … Ublock Origin.

================================================== ===========================

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by denni (01-08-2019 14:36:30) Run:1
Running from C:\Users\denni\Desktop
Loaded Profiles: denni (Available Profiles: denni)
Boot Mode: Normal[/HEADING]
fixlist content:

Start
Closeprocesses:
CreateRestorePoint:
Emptytemp:
HKU\S-1-5-21-1430618548-964272824-186209200-1001...\Run: [utweb] => “C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe” /MINIMIZED
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Inst aller\chrmstp.exe [2019-07-16] (Google LLC → Google LLC)
Task: {7E90FE39-4E88-4665-B0E3-C6C40A5D4C5E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. → ASUSTek Computer Inc.)
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{2670b808-8c92-4106-b1e6-d42996d50301}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{a4770a48-bbb9-4051-8148-596b9b597b3c}: [DhcpNameServer] 192.168.1.1
CHR Extension: (Safe Torrent Scanner) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnal hlkkjb [2019-07-24]
CHR Extension: (Avast Online Security) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2019-07-18]
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2019-07-13]
VirusTotal: C:\WINDOWS\System32\drivers\usb2ser.sys
VirusTotal: C:\Users\denni\AppData\Roaming\sp_data.sys
Folder: C:\Program Files\rempl
C:\WINDOWS\System32\Tasks\McAfee
C:\WINDOWS\System32\Tasks\Update Checker
C:\Program Files\AVAST Software
C:\Users\denni\AppData\Roaming\uTorrent Web
HKU\S-1-5-21-1430618548-964272824-186209200-1001...\StartupApproved\Run: => “utweb”
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 → C:\Users\denni\AppData\Local\Microsoft\OneDrive\19 .103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 → C:\Users\denni\AppData\Local\Microsoft\OneDrive\19 .103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 → C:\Users\denni\AppData\Local\Microsoft\OneDrive\19 .103.0527.0003\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => → No File
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => → No File
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => → No File
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => → No File
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => → No File
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => → No File
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => → No File
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
FirewallRules: [{E44394D9-F177-4026-9175-B58BFA58771D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D0E9727B-B821-423C-B878-CE1C50B2583F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
RemoveProxy:
CMD: ipconfig /flushdns
end

Processes closed successfully.
Restore point was successfully created.
“HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Run \utweb” => removed successfully
HKLM\Software\Microsoft\Active Setup\Installed Components{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{7E90FE3 9-4E88-4665-B0E3-C6C40A5D4C5E}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7E90FE3 9-4E88-4665-B0E3-C6C40A5D4C5E}” => not found
“C:\WINDOWS\System32\Tasks\Update Checker” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker” => not found
C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => moved successfully
C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => moved successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Para meters\DhcpNameServer” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Para meters\Interfaces{2670b808-8c92-4106-b1e6-d42996d50301}\DhcpNameServer” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Para meters\Interfaces{a4770a48-bbb9-4051-8148-596b9b597b3c}\DhcpNameServer” => removed successfully
CHR Extension: (Safe Torrent Scanner) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnal hlkkjb [2019-07-24] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2019-07-18] => Error: No automatic fix found for this entry.
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-07-13] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2019-07-13] => Error: No automatic fix found for this entry.
VirusTotal: C:\WINDOWS\System32\drivers\usb2ser.sys => VirusTotal
VirusTotal: C:\Users\denni\AppData\Roaming\sp_data.sys => VirusTotal

========================= Folder: C:\Program Files\rempl ========================

2019-06-10 18:25 - 2019-06-10 18:25 - 000014529 ____A [69863F99A270FAD13311BC8967DA81B9] () C:\Program Files\rempl\CTAC.json
2019-06-10 18:25 - 2019-06-10 18:25 - 000092664 ____A [C8C3B8FB878CE29B75A69219ABFF4CCF] (Microsoft Corporation) C:\Program Files\rempl\disktoast.exe
2019-06-10 18:25 - 2019-06-10 18:25 - 000076984 ____A [A7851A05E83F42F741A804320C485083] (Microsoft Corporation) C:\Program Files\rempl\osrrb.exe
2019-06-11 11:40 - 2019-06-11 11:40 - 000672264 ____A [FE046F9D2BF9953D034AAE366F345780] (Microsoft Corporation) C:\Program Files\rempl\reminthndlers.dll
2019-06-10 18:25 - 2019-06-10 18:25 - 000003798 ____A [07A602072D5C4506BAF905A3BAEB7C53] () C:\Program Files\rempl\rempl.xml
2019-06-11 11:36 - 2019-06-11 11:36 - 000352056 ____A [5FD6FF1A5D473F4BD98A714A59AC4421] (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
2019-06-11 11:38 - 2019-06-11 11:38 - 001152008 ____A [66E0D6DB8D5EEFF25F728127D0C9DFE0] (Microsoft Corporation) C:\Program Files\rempl\sedplugins.dll
2019-06-11 11:37 - 2019-06-11 11:37 - 000363016 ____A [124009E4B5315846108B0B102546FA53] (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
2019-06-10 18:25 - 2019-06-10 18:25 - 000034696 ____A [CFF38DAC2D884B3A493DD74D8053E684] () C:\Program Files\rempl\ServiceStackHardening.Inf
2019-06-11 11:38 - 2019-06-11 11:38 - 000552760 ____A [DB23D5FF9D13738D13469590D8541A07] (Microsoft Corporation) C:\Program Files\rempl\strgsnsaddons.dll
2019-06-10 18:25 - 2019-06-10 18:25 - 000000570 ____A [DF28BE0DF05E1F12A22F72902F25360C] () C:\Program Files\rempl\toastlogo.png
2019-07-13 18:34 - 2019-08-01 13:52 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\rempl\Logs
2019-07-28 16:45 - 2019-08-01 13:50 - 000196608 ____A [06DF4987A0F2711AD3523691C8CF7B1F] () C:\Program Files\rempl\Logs\LauncherRemediation.002.etl
2019-07-28 16:45 - 2019-07-30 22:52 - 000131072 ____A [5C2F2954DF08D81AFC0A97ED506DCB47] () C:\Program Files\rempl\Logs\LauncherRemediation.003.etl
2019-07-28 16:45 - 2019-07-29 18:17 - 000065536 ____A [08C54DD034965B0DB8204474B0AFD8E9] () C:\Program Files\rempl\Logs\LauncherRemediation.004.etl
2019-07-28 16:45 - 2019-07-29 15:45 - 000131072 ____A [318B5752B6C841E197DAEC2B00E4D26C] () C:\Program Files\rempl\Logs\LauncherRemediation.005.etl
2019-07-28 16:45 - 2019-07-29 11:45 - 000131072 ____A [DF9A9A90C230D3CF1FDCB208470F644C] () C:\Program Files\rempl\Logs\LauncherRemediation.006.etl
2019-07-28 16:45 - 2019-07-28 23:32 - 000131072 ____A [99097FB7D75D56F196D9C87323E04BF6] () C:\Program Files\rempl\Logs\LauncherRemediation.007.etl
2019-07-28 16:45 - 2019-07-28 21:00 - 000131072 ____A [265F4001C72AC1EA57C75B0AFB12857B] () C:\Program Files\rempl\Logs\LauncherRemediation.008.etl
2019-07-28 16:45 - 2019-07-28 18:53 - 000131072 ____A [FBA89771D882F871A63555D460621D76] () C:\Program Files\rempl\Logs\LauncherRemediation.009.etl
2019-07-28 16:45 - 2019-07-28 16:45 - 000131072 ____A [262E01E0225703B74518639BAD1E956D] () C:\Program Files\rempl\Logs\LauncherRemediation.010.etl
2019-07-28 16:45 - 2019-08-01 13:50 - 001638400 ____A [4B15F7E4B0D7FF51F6776A877B31F4FF] () C:\Program Files\rempl\Logs\Remediation.002.etl
2019-07-28 16:45 - 2019-07-30 22:52 - 000851968 ____A [1AA7EFAB77D95DC773A6E8C0B0351EFE] () C:\Program Files\rempl\Logs\Remediation.003.etl
2019-07-28 16:45 - 2019-07-29 18:17 - 000917504 ____A [5BCBFFAA582439145B16DC96332A9A38] () C:\Program Files\rempl\Logs\Remediation.004.etl
2019-07-28 16:45 - 2019-07-29 15:45 - 000131072 ____A [DB65AA53EE18E0C99FF04430EB331A54] () C:\Program Files\rempl\Logs\Remediation.005.etl
2019-07-28 16:45 - 2019-07-29 11:45 - 000131072 ____A [5DE0CD6E412CDD8F4714185EEE29507D] () C:\Program Files\rempl\Logs\Remediation.006.etl
2019-07-28 16:45 - 2019-07-28 23:32 - 000131072 ____A [73A2EE0AFF75900E141F27721FF4716F] () C:\Program Files\rempl\Logs\Remediation.007.etl
2019-07-28 16:45 - 2019-07-28 21:00 - 000131072 ____A [8772B844560CCC72076F4F9ECAF9E29D] () C:\Program Files\rempl\Logs\Remediation.008.etl
2019-07-28 16:45 - 2019-07-28 18:53 - 000131072 ____A [F39A5F60815DC5F855C9AB6AAA445008] () C:\Program Files\rempl\Logs\Remediation.009.etl
2019-07-28 16:45 - 2019-07-28 16:45 - 000131072 ____A [0D422670BDC8F414DF886E81154A532C] () C:\Program Files\rempl\Logs\Remediation.010.etl
2019-07-13 18:34 - 2019-08-01 13:52 - 000131072 _____ [80E13018C7200531FF13E51A5B035E65] () C:\Program Files\rempl\Logs\ServiceRemediation.001.etl
2019-07-13 18:34 - 2019-08-01 13:50 - 000327680 ____A [F4548B39287D51D80D5941D269C51F2B] () C:\Program Files\rempl\Logs\ServiceRemediation.002.etl
2019-07-13 18:34 - 2019-07-30 22:54 - 000131072 ____A [F8175EE5110204D33A9C61D851314732] () C:\Program Files\rempl\Logs\ServiceRemediation.003.etl
2019-07-13 18:34 - 2019-07-30 22:52 - 000196608 ____A [C5CED67E20CACD8E76452840410C85DC] () C:\Program Files\rempl\Logs\ServiceRemediation.004.etl
2019-07-13 18:34 - 2019-07-22 14:24 - 000524288 ____A [8D69140206155DDA6451C604B19D3DB0] () C:\Program Files\rempl\Logs\ServiceRemediation.005.etl
2019-07-13 18:34 - 2019-07-22 14:21 - 000393216 ____A [F6685A7F7A444B91F741AADFAE577D66] () C:\Program Files\rempl\Logs\ServiceRemediation.006.etl
2019-07-13 18:34 - 2019-07-18 12:41 - 000196608 ____A [FEA7A590D2A83ABC0660B56D596A16B0] () C:\Program Files\rempl\Logs\ServiceRemediation.007.etl
2019-07-13 18:34 - 2019-07-16 18:00 - 000131072 ____A [364BE3081DF9CDC11AACA9E1611CD80B] () C:\Program Files\rempl\Logs\ServiceRemediation.008.etl
2019-07-13 18:34 - 2019-07-16 17:56 - 000327680 ____A [008EE666FE6AA55AA0501721F374E098] () C:\Program Files\rempl\Logs\ServiceRemediation.009.etl

====== End of Folder: ======

C:\WINDOWS\System32\Tasks\McAfee => moved successfully
“C:\WINDOWS\System32\Tasks\Update Checker” => not found
C:\Program Files\AVAST Software => moved successfully
“C:\Users\denni\AppData\Roaming\uTorrent Web” => not found
“HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\utweb” => removed successfully
“HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \utweb” => not found
HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => removed successfully
C:\WINDOWS\system32\drivers\etc\hosts => moved successfully
Hosts restored successfully.
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{E44394 D9-F177-4026-9175-B58BFA58771D}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{D0E972 7B-B821-423C-B878-CE1C50B2583F}” => removed successfully

========= RemoveProxy: =========

“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 7408656 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27682306 B
Java, Flash, Steam htmlcache => 22943617 B
Windows/system/drivers => 154197 B
Edge => 732628 B
Chrome => 426057016 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1752 B
LocalService => 0 B
NetworkService => 50342 B
NetworkService => 0 B
denni => 13365018 B

RecycleBin => 0 B
EmptyTemp: => 475.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:37:27 ====

**Malnutrition** · 08-01-2019, 11:52 PM

[COLOR=rgb(255, 255, 255)]Quick Diag Fix.

[COLOR=rgb(0, 0, 0)]
Right click on Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.
[COLOR=rgb(0, 0, 0)]

Code:

Reg::
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Chromium]
[HKLM\Software\McAfee]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\McAfee]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Run]|"utweb"
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"utweb"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]|"WebStorage"


File::
C:\Users\denni\AppData\Roaming\uTorrent Web
C:\Program Files\AVAST Software
C:\Program Files\mcafee
C:\Users\denni\AppData\Roaming\uTorrent
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki 
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki
C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
C:\ProgramData\McAfee
C:\Program Files\AVAST Software
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
C:\WINDOWS\System32\Tasks\McAfee
C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator
C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator 



Task:: 
<ASUS Smart Gesture Launcher>
<ASUS Splendid ACMON>
<ATK Package 36D18D69AFC3>
<ATK Package A22126881260>
<GoogleUpdateTaskMachineCore>
<GoogleUpdateTaskMachineUA>
<RtHDVBg_ListenToDevice>
<RTKCPL>
<WpsNotifyTask_Administrator>
<WpsUpdateTask_Administrator>

CMD::
rd /s /q C:\WINDOWS\Temp\*
del /f /q C:\WINDOWS\Temp\*
sc delete diagtrack
sc delete dwmappushservice
###


Clean::
Yes

[COLOR=rgb(0, 0, 0)]

================================================== =============

Download ResetBrowser To your desktop.
[ul]
[li][COLOR=rgb(0, 0, 0)]Now close all open browsers.[/li][li][COLOR=rgb(0, 0, 0)]Right click and run as administrator.[/li][li][COLOR=rgb(0, 0, 0)]Click on Reset Chrome. -- Allow completion.[/li][li][COLOR=rgb(0, 0, 0)]Now re-run speed test and see if there is an improvement.[/li][/ul]
[COLOR=rgb(0, 0, 0)]================================================== =========[/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]

**Malnutrition** · 08-04-2019, 11:31 AM

@depor99 How about an update please.

**Malnutrition** · 08-05-2019, 11:07 AM

Hello, please give us an update. If there is no reply within 48 hours, this thread will be closed.

**depor99** · 08-08-2019, 12:15 PM

Hello, I am so sorry I was abroad. The problem si solved. But I have new problem my toolbar of windows on bottom of screen is not reacting at any action lika turn off notebook etc, and I have to turn off my pc using ctrl+alt+delete and then turn off there. But it is not so big problem, rather not get that annoying ads… But could advice me how to avoid my problem what I had the first?

**Malnutrition** · 08-10-2019, 09:38 AM

Do not open any emails that you do not know where they are from. Don’t click on any ads and watch what you download you should be fine. If you do decide to download something check it at virus total before opening it on your machine.

I’d use unchecky to make sure that nothing you download comes with anything extra.
Also, Ublock Origin to enjoy ad free browsing.

Ublock origin Chrome.
Ublock Origin FireFox.
Ublock Origin Opera.

Add an extra layer of defense on your machine with this.

I’m going to mark this one as solved, as far as the other issue you will need to start a thread in the windows 10 area.

================================================== =============================================

Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.